* Modified certificate generation to address issues #234 and #228
I have made the following modifications to comply with the IKEv2 client certificate requirements:
- Changed client certificate CN to {{ IP_subject_alt_name }}_{{ item }} from {{ item }}
- Changed client certificate SAN to {{IP_subject_alt_name }} from {{ item }}
- Added clientAuth to client certificate EKU
I have made the following changes to address a mismatch in the windows deployment script and file names:
- Changed the client certificate (.p12) filename in config/{{ IP_subject_alt_name }} to {{ IP_subject_alt_name}}_{{ item }}.p12 from {{ item }}.p12 to match the ps1 script
Testing:
I have tested the changes on Windows 10 client, Ubuntu 16.04.1 server (DigitalOcean) - the config described in Issue #234
I apologize for not being able to test on other configurations. I hope that someone else can verify my changes
* fixed iOS issues
* fixed accidentall user change
* simplified changes
* Final iteration. I think that's all I can do to minimize the changes
* Draft
works with ECDSA
RSA support for Windows
* update-users with local_openssl_tasks
* move prompts to the algo script
* additional directory for SSH keys
* move easyrsa_p12_export_password to pre_tasks
* update-users testing
* Fix hardcoded vars
* Delete the CA key
* Hardcoded IP. Fixes#219
* Some fixes
Add explicit label for Algo-generated VPNs. If the user has multiple (non-Algo) VPNs for home/office, there is typically a label other than an IP address and "IKEv2". This can be seen, for example, on OSX on the top menu bar for networks.
I know this is a bit goofy, but the t2.nano is not in the free tier for AWS even though it is smaller than the t2.micro instance. See: https://aws.amazon.com/blogs/aws/ec2-update-t2-nano-instances-now-available/ (the "PS" at the bottom), confirmed on pricing page. The difference is $4.30 per mo vs. free/$8.76 per mo. Maybe add this to config questions, but at least one reviewer has noted this as an issue for his just-setup AWS free account.
