Archives/algo
2
0
Fork 0
mirror of https://github.com/trailofbits/algo synced 2024-11-10 01:11:07 +00:00
Code Issues Projects Releases Wiki Activity
fc27b439b5
algo/docs/client-linux.md
Bill Nottingham 4064bc281a Update the Fedora related docs. (#1470) 
* Update the Fedora related docs.

- update for new generated config file locations
- remove reference to no-longer-needed copr
- update package names for further py2 changes in Fedora

* switch back to the default ciphers
2019-06-06 17:58:31 +02:00

2.5 KiB
Raw Blame History

Linux client setup

Provision client config

After you deploy a server, you can use an included Ansible script to provision Linux clients too! Debian, Ubuntu, CentOS, and Fedora are supported. The playbook is deploy_client.yml.

Required variables

  • client_ip - The IP address of your client machine (You can use localhost in order to deploy locally)
  • vpn_user - The username. (Ensure that you have valid certificates and keys in the configs/SERVER_ip/pki/ directory)
  • ssh_user - The username that we need to use in order to connect to the client machine via SSH (ignore if you are deploying locally)
  • server_ip - The vpn server ip address

Example

ansible-playbook deploy_client.yml -e 'client_ip=client.com vpn_user=jack server_ip=vpn-server.com ssh_user=root'

Additional options

If the user requires sudo password use the following argument: --ask-become-pass.

OS Specific instructions

Some Linux clients may require more specific and details instructions to configure a connection to the deployed Algo VPN, these are documented here.

Fedora Workstation

(Gnome) Network Manager install

First, install the required plugins.

dnf install NetworkManager-strongswan NetworkManager-strongswan-gnome

(Gnome) Network Manager configuration

In this example we'll assume the IP of our Algo VPN server is 1.2.3.4 and the user we created is user-name.

  • Go to Settings > Network
  • Add a new Network (+ bottom left of the window)
  • Select IPsec/IKEv2 (strongswan)
  • Fill out the options:
    • Name: your choice, e.g.: ikev2-1.2.3.4
    • Gateway:
      • Address: IP of the Algo VPN server, e.g: 1.2.3.4
      • Certificate: cacert.pem found at /path/to/algo/configs/1.2.3.4/ipsec/.pki/cacert.pem
    • Client:
      • Authentication: Certificate/Private key
      • Certificate: user-name.crt found at /path/to/algo/configs/1.2.3.4/ipsec/.pki/certs/user-name.crt
      • Private key: user-name.key found at /path/to/algo/configs/1.2.3.4/ipsec/.pki/private/user-name.key
    • Options:
      • Check Request an inner IP address, connection will fail without this option
      • Optionally check Enforce UDP encapsulation
      • Optionally check Use IP compression
      • For the later 2 options, hover to option in the settings to see a description
    • Cipher proposal:
      • Check Enable custom proposals
      • IKE: aes256gcm16-prfsha512-ecp384
      • ESP: aes256gcm16-ecp384
  • Apply and turn the connection on, you should now be connected