Jack Ivanov
d7d976784c
Fixes #207
8 years ago
Jack Ivanov
8eb208c5b7
enable ipv6 if the default gateway is defined. Fixes #244
8 years ago
Craig
43c2f5c31a
Installs the recommended packages with strongswan, because we need the OpenSSL ( #260 )
...
plugin from libstrongswan-standard-plugins for ECDH to work.
8 years ago
Jack Ivanov
b8f3d43eee
enable some additional debug info
8 years ago
Jack Ivanov
2a7dd88a3c
Changed to ECDSA #102
8 years ago
Jack Ivanov
e31f10da6d
Fixes #255
8 years ago
Jack Ivanov
aca036142f
AndroidVPNClientProfiles #240
8 years ago
Jacob Wilder
7b468fae79
Fixed the azure role for situations where the user does not use a ~/.azure/credentials file ( #242 )
8 years ago
Jack Ivanov
20ebd7a595
rename connection
8 years ago
akirilov
05ab1f5feb
Modified certificate generation to address issues #234 and #228 ( #235 )
...
* Modified certificate generation to address issues #234 and #228
I have made the following modifications to comply with the IKEv2 client certificate requirements:
- Changed client certificate CN to {{ IP_subject_alt_name }}_{{ item }} from {{ item }}
- Changed client certificate SAN to {{IP_subject_alt_name }} from {{ item }}
- Added clientAuth to client certificate EKU
I have made the following changes to address a mismatch in the windows deployment script and file names:
- Changed the client certificate (.p12) filename in config/{{ IP_subject_alt_name }} to {{ IP_subject_alt_name}}_{{ item }}.p12 from {{ item }}.p12 to match the ps1 script
Testing:
I have tested the changes on Windows 10 client, Ubuntu 16.04.1 server (DigitalOcean) - the config described in Issue #234
I apologize for not being able to test on other configurations. I hope that someone else can verify my changes
* fixed iOS issues
* fixed accidentall user change
* simplified changes
* Final iteration. I think that's all I can do to minimize the changes
8 years ago
Jack Ivanov
35faf4bca7
Local openssl tasks ( #169 )
...
* Draft
works with ECDSA
RSA support for Windows
* update-users with local_openssl_tasks
* move prompts to the algo script
* additional directory for SSH keys
* move easyrsa_p12_export_password to pre_tasks
* update-users testing
* Fix hardcoded vars
* Delete the CA key
* Hardcoded IP. Fixes #219
* Some fixes
8 years ago
Jack Ivanov
257be0f395
make the fail message more understandable. Fixes #217
8 years ago
Jack Ivanov
2798f84d3f
ensure that apparmor is supported by the kernel #215
8 years ago
Jack Ivanov
3e852caf04
disable compression #146
8 years ago
Jack Ivanov
cbf59addb3
additional tags
8 years ago
Jack Ivanov
a50a396b94
addtiional fixes
8 years ago
Defunct
b0f9ab94b1
ec2_ami_copy boto3 module, KMS, tagging, AMI caching (Encrypted support)
8 years ago
Defunct
0eb048383a
refactored ec2 encryption
8 years ago
Jack Ivanov
1a81372192
EC2 Encryption Implemented #133
8 years ago
Jack Ivanov
f246165298
Fix a typo
8 years ago
Glenn Rempe
9a46b671f7
Fixes #198 , replace typo ECXLUDE with EXCLUDE
8 years ago
Damian Gerow
b444398fab
Drop the MSS for GCE instances
8 years ago
Defunct
a9dd0af3fe
resolves #176 + other ec2 env issues
8 years ago
Dan Guido
75194675eb
closes #175
8 years ago
kennwhite
d2aa52f4e9
UX hint on profile name
...
Add explicit label for Algo-generated VPNs. If the user has multiple (non-Algo) VPNs for home/office, there is typically a label other than an IP address and "IKEv2". This can be seen, for example, on OSX on the top menu bar for networks.
8 years ago
Jack Ivanov
33b3af540a
Fix SSH keys for DigitalOcean
8 years ago
Jack Ivanov
2c9c3ccb09
Fixed #146
8 years ago
Jack Ivanov
cd5b096ab7
DO fix
8 years ago
Jack Ivanov
90cc5fa1f7
some fixes
8 years ago
Jack Ivanov
1d07200c74
generating ssh-keys #152 #151 #112
8 years ago
Jack Ivanov
abf94989fc
the password for the CA private key #75
8 years ago
Jack Ivanov
8b0fe4d8f3
Block client-to-client traffic. Fixed #166
8 years ago
Jack Ivanov
ecb6b498b9
unnecessarry to use such way Fixed #162
8 years ago
Jack Ivanov
f1715c4e0b
random password for the p12 certificates #135
8 years ago
Jack Ivanov
03c805cb87
reorganize the wait_for functions #159
8 years ago
Jack Ivanov
275663264a
ipv6 option is available in ansible 2.2; Fixed #158
8 years ago
Jack Ivanov
37ec574d8d
IP_subject_alt_name is not declared for localhost. Fixed #149
8 years ago
Jack Ivanov
517366f194
EC2 fix
8 years ago
Jack Ivanov
50e9dbfce0
draft EC2 #150 #157
8 years ago
Jack Ivanov
981809998c
Merge branch 'master' of github.com:trailofbits/algo
8 years ago
kennwhite
016a8c7708
Change default instance to free tier (t2.micro)
...
I know this is a bit goofy, but the t2.nano is not in the free tier for AWS even though it is smaller than the t2.micro instance. See: https://aws.amazon.com/blogs/aws/ec2-update-t2-nano-instances-now-available/ (the "PS" at the bottom), confirmed on pricing page. The difference is $4.30 per mo vs. free/$8.76 per mo. Maybe add this to config questions, but at least one reviewer has noted this as an issue for his just-setup AWS free account.
8 years ago
Jack Ivanov
0269cafff7
DNS fix
8 years ago
Jack Ivanov
29ef4d45df
Merge pull request #144 from trailofbits/ami_latest_image
...
Sort by latest AMI - resolves #140
8 years ago
Jack Ivanov
c552602724
Azure support #26
8 years ago
Defunct
27e5a4feca
Sort by latest AMI - resolves #140
8 years ago
Jack Ivanov
3d53dde6ca
Fixed. #137
8 years ago
Jack Ivanov
790bcb2efc
Merge branch 'win10_support' #9
8 years ago
Jack Ivanov
8a0c5ab971
Windows support implemented
8 years ago
Jack Ivanov
f6166ccde4
modify ciphers #9
8 years ago
Jack Ivanov
195697a1f0
Merge pull request #131 from trailofbits/ec2updates
...
EC2 Updates and fixes
8 years ago
Jack Ivanov
ad162f55a2
here were no credentials #127
8 years ago
defunct
e40545cce5
opens #126
...
This commit reverts changes in 437d659
to avoid breaking changes.
8 years ago
Jack Ivanov
e90b58802d
fix in the mobileconfig template
8 years ago
Jack Ivanov
2cb98b4516
Windows RSA support #9
8 years ago
Jack Ivanov
ede452fad4
Merge branch 'master' of github.com:trailofbits/algo
8 years ago
Jack Ivanov
c5860cbc5d
Merge pull request #125 from cernekee/tag-fix. Fix #128
...
Add missing playbook tags
8 years ago
Jack Ivanov
ee95846445
mobileconfig fix
8 years ago
Defunct
d54ba6c7ce
Merge branch 'master' into ec2updates
8 years ago
fkt
27ea98e7a8
Show congrats message at the end - #115
8 years ago
Defunct
437d659eb6
resolves #126 - incorrect private key usage w/o ssh-agent
8 years ago
Defunct
1dc6e1a0fa
resolves #118 - AWS env keys
8 years ago
Jack Ivanov
047f68df2f
Change the site in the congrats handler to whoer.net in order to clarify the message at the end of the install about testing VPN. Fix #110
8 years ago
Kevin Cernekee
433389c0ab
Use /var/run/reboot-required to determine if a restart is needed
...
The current check only looks to see if a new kernel was installed.
8 years ago
Kevin Cernekee
09bbc4058c
Add missing tags in common playbook
...
If the common playbook is invoked with the "cloud" tag, non-cloud
tasks will be skipped. On GCE this causes "Install tools" to be skipped,
apparmor-utils is not installed, and then the "Enforcing ipsec with
apparmor" step fails.
8 years ago
Jack Ivanov
29de003b2d
inplemented #109
8 years ago
Jack Ivanov
5383c71499
Fixed #108
8 years ago
Jack Ivanov
d052cb8e77
skip-tags added. Fixed #121
8 years ago
Jack Ivanov
76ea7f67ae
extra vars added to use local DNS #110
8 years ago
Jack Ivanov
289807ead4
fix dependencies
8 years ago
Jack Ivanov
d50bd43988
Fix SSH keys permissions
8 years ago
Jack Ivanov
44bc3ead48
set AllowTcpForwarding to local
8 years ago
Dan Guido
c52350030d
Merge branch 'master' into docs
8 years ago
Jack Ivanov
d93b7c200f
EC2 | Add VPC group #98 and counts #59
8 years ago
Jack Ivanov
0e613f2ff7
fix a typo. #96 closed
8 years ago
Jack Ivanov
8c284a16e3
Done. #96
8 years ago
Jack Ivanov
062426e0ec
client configuration templates #43
8 years ago
Dan Guido
1a3a14943c
pull in changes from master
8 years ago
Jack Ivanov
fcf29534ba
the proxixy filter rules disabled #93
8 years ago
Jack Ivanov
bf5d5e53ac
ip6tables fixes
8 years ago
Jack Ivanov
c43ccc3898
iptables moved to the vpn role #61
8 years ago
Dan Guido
bff7c414b2
Initial commit of reorg'd docs
8 years ago
Jack Ivanov
4db428a86e
Disable unneeded plugins in StrongSwan #84
8 years ago
Jack Ivanov
2cca45c967
additional tags
8 years ago
Jack Ivanov
ad9d7d6ddb
disable dpdtimeout #90
8 years ago
Jack Ivanov
8e0cca6b66
some fixes
8 years ago
Jack Ivanov
dbeb7a13e8
Merge branch 'tags' #80
8 years ago
Jack Ivanov
4d731580b7
linting
8 years ago
Jack Ivanov
fc162728d3
role for local installation
8 years ago
Jack Ivanov
d9441b236a
move to tags #80
8 years ago
Jack Ivanov
aa4dcc31d4
gce role to tags
8 years ago
Jack Ivanov
cf5a0f41d3
ec2 role to tags
8 years ago
Jack Ivanov
97ea00056d
DO roles to tags
8 years ago
Jack Ivanov
6685642f0b
#85 fixed
8 years ago
Jack Ivanov
91688324ce
additional functions
8 years ago
Jack Ivanov
ddcee8db18
logging fixes
8 years ago
Jack Ivanov
97a00699b7
new tags
8 years ago
Jack Ivanov
05df4f0c04
unattended-upgrades moved to the security role
8 years ago
Evgeniy Ivanov
4284dd63aa
rsyslog moved to the logging role
8 years ago
Jack Ivanov
0cd4084aa4
ssh fixes
8 years ago
Jack Ivanov
00e4bcc1ec
security role and SSH fixes #77
8 years ago