wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-06 12:03:38 +02:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
J 2017-04-15 15:42:54 -07:00
commit a419d8dac6
6 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
algo
View file

@ -2,6 +2,15 @@
set -e set -e
ACTIVATE_SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/env/bin/activate"
if [ -f "$ACTIVATE_SCRIPT" ]
then
source $ACTIVATE_SCRIPT
else
echo "$ACTIVATE_SCRIPT not found. Did you follow documentation to install dependencies?"
exit 1
fi
SKIP_TAGS="_null encrypted" SKIP_TAGS="_null encrypted"
ADDITIONAL_PROMPT="[pasted values will not be displayed]" ADDITIONAL_PROMPT="[pasted values will not be displayed]"
@ -252,10 +261,10 @@ Name the vpn server:
11. eu-west-1 EU (Ireland) 11. eu-west-1 EU (Ireland)
12. eu-west-2 EU (London) 12. eu-west-2 EU (London)
13. ca-central-1 Canada (Central) 13. ca-central-1 Canada (Central)
14. sa-east-1 São Paulo
Enter the number of your desired region: Enter the number of your desired region:
[1]: " -r aws_region [1]: " -r aws_region
aws_region=${aws_region:-1} aws_region=${aws_region:-1}
# sa-east-1 region does not support the size instance we use.
case "$aws_region" in case "$aws_region" in
1) region="us-east-1" ;; 1) region="us-east-1" ;;
@ -271,6 +280,7 @@ Enter the number of your desired region:
11) region="eu-west-1" ;; 11) region="eu-west-1" ;;
12) region="eu-west-2";; 12) region="eu-west-2";;
13) region="ca-central-1" ;; 13) region="ca-central-1" ;;
14) region="sa-east-1" ;;
esac esac
ROLES="ec2 vpn cloud" ROLES="ec2 vpn cloud"

4
roles/vpn/defaults/main.yml
View file

@ -25,5 +25,5 @@ ciphers:
ike: aes128gcm16-sha2_512-prfsha512-ecp256! ike: aes128gcm16-sha2_512-prfsha512-ecp256!
esp: aes128gcm16-sha2_512-ecp256! esp: aes128gcm16-sha2_512-ecp256!
compat: compat:
ike: aes128-sha2_512-prfsha512-ecp256,aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048! ike: aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048!
esp: aes128-sha2_512-ecp256,aes128gcm16-sha2_512-ecp256,aes128-sha2_256-modp2048! esp: aes128gcm16-sha2_512-ecp256,aes128-sha2_512-ecp256,aes128-sha2_256-modp2048!

2
roles/vpn/tasks/main.yml
View file

@ -8,7 +8,7 @@
- name: Generate password for the CA key - name: Generate password for the CA key
shell: > shell: >
openssl rand -hex 6 openssl rand -hex 16
register: CA_password register: CA_password
- set_fact: - set_fact:

2
roles/vpn/templates/client_ipsec.conf.j2
View file

@ -21,7 +21,7 @@ conn ikev2-{{ IP_subject_alt_name }}
leftsourceip=%config leftsourceip=%config
leftauth=pubkey leftauth=pubkey
leftcert={{ IP_subject_alt_name }}_{{ item }}.crt leftcert={{ item }}.crt
leftfirewall=yes leftfirewall=yes
left=%defaultroute left=%defaultroute

4
roles/vpn/templates/client_ipsec.secrets.j2
View file

@ -1,5 +1,5 @@
{% if Win10_Enabled is defined and Win10_Enabled == "Y" %} {% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
{{ IP_subject_alt_name }} : RSA {{ IP_subject_alt_name }}_{{ item }}.key {{ IP_subject_alt_name }} : RSA {{ item }}.key
{% else %} {% else %}
{{ IP_subject_alt_name }} : ECDSA {{ IP_subject_alt_name }}_{{ item }}.key {{ IP_subject_alt_name }} : ECDSA {{ item }}.key
{% endif %} {% endif %}

1
users.yml
View file

@ -34,6 +34,7 @@
become: true become: true
vars_files: vars_files:
- config.cfg - config.cfg
- roles/vpn/defaults/main.yml
pre_tasks: pre_tasks:
- name: Common pre-tasks - name: Common pre-tasks