Update the Fedora related docs. (#1470)

* Update the Fedora related docs.

- update for new generated config file locations
- remove reference to no-longer-needed copr
- update package names for further py2 changes in Fedora

* switch back to the default ciphers

docs/client-linux.md

@@ -29,27 +29,12 @@ Some Linux clients may require more specific and details instructions to configu
 
 #### (Gnome) Network Manager install
 
-We'll use the [rsclarke/NetworkManager-strongswan](https://copr.fedorainfracloud.org/coprs/rsclarke/NetworkManager-strongswan/) Copr repo (see [this comment](https://github.com/trailofbits/algo/issues/263#issuecomment-327820191)), this will make the `IKE` and `ESP` fields available in the Gnome Network Manager. Note that at time of writing the non-Copr repo will result in connection failures. Also note that the Copr repo *instructions are not filled in by author. Author knows what to do. Everybody else should avoid this repo*. So unless you are comfortable with using this repo, you'll want to hold out untill the patches applied in the Copr repo make it into stable.
-
-First remove the stable `NetworkManager-strongswan` package, ensure you have backups in place and / or take note of config backups taken during the removal of the package.
+First, install the required plugins.
 
 ````
-dnf remove NetworkManager-strongswan
-````
-
-Next, enable the Copr repo and install it along with the `NetworkManager-strongswan-gnome` package:
-
-````
-dnf copr enable -y rsclarke/NetworkManager-strongswan
 dnf install NetworkManager-strongswan NetworkManager-strongswan-gnome
 ````
 
-Reboot your machine:
-
-````
-reboot now
-````
-
 #### (Gnome) Network Manager configuration
 
 In this example we'll assume the IP of our Algo VPN server is `1.2.3.4` and the user we created is `user-name`.
@@ -61,11 +46,11 @@ In this example we'll assume the IP of our Algo VPN server is `1.2.3.4` and the
   * Name: your choice, e.g.: *ikev2-1.2.3.4*
   * Gateway:
     * Address: IP of the Algo VPN server, e.g: `1.2.3.4`
-    * Certificate: `cacert.pem` found at `/path/to/algo/configs/1.2.3.4/cacert.pem`
+    * Certificate: `cacert.pem` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/cacert.pem`
   * Client:
     * Authentication: *Certificate/Private key*
-    * Certificate: `user-name.crt` found at `/path/to/algo/configs/1.2.3.4/pki/certs/user-name.crt`
-    * Private key: `user-name.key` found at `/path/to/algo/configs/1.2.3.4/pki/private/user-name.key`
+    * Certificate: `user-name.crt` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/certs/user-name.crt`
+    * Private key: `user-name.key` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/private/user-name.key`
   * Options:
     * Check *Request an inner IP address*, connection will fail without this option
     * Optionally check *Enforce UDP encapsulation*
@@ -73,6 +58,6 @@ In this example we'll assume the IP of our Algo VPN server is `1.2.3.4` and the
     * For the later 2 options, hover to option in the settings to see a description
   * Cipher proposal:
     * Check *Enable custom proposals*
-    * IKE: `aes256gcm16-prfsha512-ecp384,aes256-sha2_512-prfsha512-ecp384,aes256-sha2_384-prfsha384-ecp384`
-    * ESP: `aes256gcm16-ecp384,aes256-sha2_512-prfsha512-ecp384`
+    * IKE: `aes256gcm16-prfsha512-ecp384`
+    * ESP: `aes256gcm16-ecp384`
 * Apply and turn the connection on, you should now be connected

docs/deploy-from-fedora-workstation.md

@@ -1,6 +1,6 @@
 # Deploy from Fedora Workstation
 
-These docs were written based on experience on Fedora Workstation 26.
+These docs were written based on experience on Fedora Workstation 30.
 
 ## Prerequisites
 
@@ -14,7 +14,7 @@ Using `python2-*` in favour of `python3-*` as per [declared dependency](https://
 | `build-essential` | `make automake gcc gcc-c++ kernel-devel` |
 | `libssl-dev` | `openssl-devel` |
 | `libffi-dev` | `libffi-devel` |
-| `python-dev` | `python-devel` |  
+| `python-dev` | `python2-devel` |
 | `python-pip` | `python2-pip` |
 | `python-setuptools` | `python2-setuptools` |
 | `python-virtualenv` | `python2-virtualenv` |
@@ -39,10 +39,14 @@ dnf install -y \
   openssl-devel \
   libffi-devel \
   libselinux-python \
-  python-devel \
+  python2-devel \
   python2-pip \
   python2-setuptools \
   python2-virtualenv \
+  python2-crypto \
+  python2-pyyaml \
+  python2-pyOpenSSL \
+  python2-libselinux \
   make
 ````
 
@@ -70,29 +74,15 @@ Run `pip -v` and check the python version it is using:
  
 ````
 $ pip -V
-pip 9.0.1 from /usr/lib/python2.7/site-packages (python 2.7)
+pip 19.0.3 from /usr/lib/python2.7/site-packages (python 2.7)
 ````
 
 `python 2.7` is what we're looking for.
 
-### `pip` upgrade and installs
-
-````
-# Upgrade pip itself
-pip -q install --upgrade pip
-# python-devel needed to prevent setup.py crash
-pip -q install pycrypto       
-# pycrypto 2.7.1 needed for latest security patch
-# This may need to run with sudo to complete without permission violations
-pip -q install setuptools --upgrade
-# virtualenv to make installing dependencies easier
-pip -q install virtualenv
-````
-
 ### Setup virtualenv and install requirements
 
 ````
-virtualenv --system-site-packages env
+python2 -m virtualenv --system-site-packages env
 source env/bin/activate
 pip -q install --user -r requirements.txt
 ````
@@ -110,7 +100,7 @@ We can now deploy our server by running:
 ````
 
 Ensure to allow Windows / Linux clients when going through the config options.
-Note the IP and password of the newly created Alfo VPN server and store it safely.
+Note the IP and password of the newly created Algo VPN server and store it safely.
 
 If you want to setup client config on your Fedora Workstation, refer to [the Linux Client docs](client-linux.md).