Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
fix/14704
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
algo/docs/client-linux.md

2.5 KiB
Raw Permalink Blame History

Linux client setup

Provision client config

After you deploy a server, you can use an included Ansible script to provision Linux clients too! Debian, Ubuntu, CentOS, and Fedora are supported. The playbook is deploy_client.yml.

Required variables

  • client_ip - The IP address of your client machine (You can use localhost in order to deploy locally)
  • vpn_user - The username. (Ensure that you have valid certificates and keys in the configs/SERVER_ip/pki/ directory)
  • ssh_user - The username that we need to use in order to connect to the client machine via SSH (ignore if you are deploying locally)
  • server_ip - The vpn server ip address

Example

ansible-playbook deploy_client.yml -e 'client_ip=client.com vpn_user=jack server_ip=vpn-server.com ssh_user=root'

Additional options

If the user requires sudo password use the following argument: --ask-become-pass.

OS Specific instructions

Some Linux clients may require more specific and details instructions to configure a connection to the deployed Algo VPN, these are documented here.

Fedora Workstation

(Gnome) Network Manager install

First, install the required plugins.

dnf install NetworkManager-strongswan NetworkManager-strongswan-gnome

(Gnome) Network Manager configuration

In this example we'll assume the IP of our Algo VPN server is 1.2.3.4 and the user we created is user-name.

  • Go to Settings > Network
  • Add a new Network (+ bottom left of the window)
  • Select IPsec/IKEv2 (strongswan)
  • Fill out the options:
    • Name: your choice, e.g.: ikev2-1.2.3.4
    • Gateway:
      • Address: IP of the Algo VPN server, e.g: 1.2.3.4
      • Certificate: cacert.pem found at /path/to/algo/configs/1.2.3.4/ipsec/.pki/cacert.pem
    • Client:
      • Authentication: Certificate/Private key
      • Certificate: user-name.crt found at /path/to/algo/configs/1.2.3.4/ipsec/.pki/certs/user-name.crt
      • Private key: user-name.key found at /path/to/algo/configs/1.2.3.4/ipsec/.pki/private/user-name.key
    • Options:
      • Check Request an inner IP address, connection will fail without this option
      • Optionally check Enforce UDP encapsulation
      • Optionally check Use IP compression
      • For the later 2 options, hover to option in the settings to see a description
    • Cipher proposal:
      • Check Enable custom proposals
      • IKE: aes256gcm16-prfsha512-ecp384
      • ESP: aes256gcm16-ecp384
  • Apply and turn the connection on, you should now be connected