From 5e56996f5ca5e741f8e4896308675da591aced5e Mon Sep 17 00:00:00 2001
From: mathew19 <mathw.samuel@gmail.com>
Date: Sat, 15 Apr 2017 08:57:07 -0400
Subject: [PATCH 1/6] Fix name (#411)

---
 roles/vpn/templates/client_ipsec.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/vpn/templates/client_ipsec.conf.j2 b/roles/vpn/templates/client_ipsec.conf.j2
index 8a12d7de..7fde04ab 100644
--- a/roles/vpn/templates/client_ipsec.conf.j2
+++ b/roles/vpn/templates/client_ipsec.conf.j2
@@ -21,7 +21,7 @@ conn ikev2-{{ IP_subject_alt_name }}
 
     leftsourceip=%config
     leftauth=pubkey
-    leftcert={{ IP_subject_alt_name }}_{{ item }}.crt
+    leftcert={{ item }}.crt
     leftfirewall=yes
     left=%defaultroute
 

From ae43ed6f81abeecd1d9ff1fcb8ffa34fe2fac9f0 Mon Sep 17 00:00:00 2001
From: mathew19 <mathw.samuel@gmail.com>
Date: Sat, 15 Apr 2017 08:57:22 -0400
Subject: [PATCH 2/6] Update client_ipsec.secrets.j2 (#414)

Fix filename in client ipsec_user.secrets
---
 roles/vpn/templates/client_ipsec.secrets.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/vpn/templates/client_ipsec.secrets.j2 b/roles/vpn/templates/client_ipsec.secrets.j2
index 61603129..0d8356ee 100644
--- a/roles/vpn/templates/client_ipsec.secrets.j2
+++ b/roles/vpn/templates/client_ipsec.secrets.j2
@@ -1,5 +1,5 @@
 {% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
-{{ IP_subject_alt_name }} : RSA {{ IP_subject_alt_name }}_{{ item }}.key
+{{ IP_subject_alt_name }} : RSA {{ item }}.key
 {% else %}
-{{ IP_subject_alt_name }} : ECDSA {{ IP_subject_alt_name }}_{{ item }}.key
+{{ IP_subject_alt_name }} : ECDSA {{ item }}.key
 {% endif %}

From 57b9cf3db1706301dda3bd84d29236c9317e7072 Mon Sep 17 00:00:00 2001
From: Andy Boutte <andyboutte@mac.com>
Date: Sat, 15 Apr 2017 06:01:07 -0700
Subject: [PATCH 3/6] adding sa-east-1 region and auto sourcing
 env/bin/activate (#402)

---
 algo | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/algo b/algo
index 4b088f7e..a9d4914c 100755
--- a/algo
+++ b/algo
@@ -2,6 +2,15 @@
 
 set -e
 
+ACTIVATE_SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/env/bin/activate"
+if [ -f "$ACTIVATE_SCRIPT" ]
+then
+	source $ACTIVATE_SCRIPT
+else
+	echo "$ACTIVATE_SCRIPT not found.  Did you follow documentation to install dependencies?"
+	exit 1
+fi
+
 SKIP_TAGS="_null encrypted"
 ADDITIONAL_PROMPT="[pasted values will not be displayed]"
 
@@ -252,10 +261,10 @@ Name the vpn server:
     11.  eu-west-1           EU (Ireland)
     12.  eu-west-2           EU (London)
     13.  ca-central-1        Canada (Central)
+    14.  sa-east-1           São Paulo
 Enter the number of your desired region:
 [1]: " -r aws_region
   aws_region=${aws_region:-1}
-  # sa-east-1 region does not support the size instance we use.
 
   case "$aws_region" in
     1) region="us-east-1" ;;
@@ -271,6 +280,7 @@ Enter the number of your desired region:
     11) region="eu-west-1" ;;
     12) region="eu-west-2";;
     13) region="ca-central-1" ;;
+    14) region="sa-east-1" ;;
   esac
 
   ROLES="ec2 vpn cloud"

From f300fdb60b048d775e7836ebbe8b7c874a9b28b3 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Sat, 15 Apr 2017 16:33:22 +0200
Subject: [PATCH 4/6] Fixes #410

---
 users.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/users.yml b/users.yml
index 421c5814..b4cdf742 100644
--- a/users.yml
+++ b/users.yml
@@ -34,6 +34,7 @@
   become: true
   vars_files:
     - config.cfg
+    - roles/vpn/defaults/main.yml
 
   pre_tasks:
     - name: Common pre-tasks

From 02f363d8255841a982f311211da9821f69ec36b7 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Sat, 15 Apr 2017 16:36:39 +0200
Subject: [PATCH 5/6] change the order of ciphers

---
 roles/vpn/defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/vpn/defaults/main.yml b/roles/vpn/defaults/main.yml
index db312818..934c34f3 100644
--- a/roles/vpn/defaults/main.yml
+++ b/roles/vpn/defaults/main.yml
@@ -25,5 +25,5 @@ ciphers:
     ike: aes128gcm16-sha2_512-prfsha512-ecp256!
     esp: aes128gcm16-sha2_512-ecp256!
   compat:
-    ike: aes128-sha2_512-prfsha512-ecp256,aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048!
-    esp: aes128-sha2_512-ecp256,aes128gcm16-sha2_512-ecp256,aes128-sha2_256-modp2048!
+    ike: aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048!
+    esp: aes128gcm16-sha2_512-ecp256,aes128-sha2_512-ecp256,aes128-sha2_256-modp2048!

From 04b61ca3d2f4745a15a4f138232e5eda4ee23a05 Mon Sep 17 00:00:00 2001
From: MiWCryptAnalytics <MiWCryptAnalytics@gmail.com>
Date: Sat, 15 Apr 2017 16:23:15 -0400
Subject: [PATCH 6/6] Increase CA key entropy to 128bit (#415)

Changes the default CA key size from 48 bit to 128bit with OpenSSL usermode CSPRNG with hex encoding
---
 roles/vpn/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 5ec7f3db..006479d7 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -8,7 +8,7 @@
 
 - name: Generate password for the CA key
   shell: >
-    openssl rand -hex 6
+    openssl rand -hex 16
   register: CA_password
 
 - set_fact: