wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-23 17:51:25 +02:00
Code Issues Projects Releases Wiki Activity
678 commits 5 branches 2 tags 10 MiB
Commit graph

237 commits

Author SHA1 Message Date
Jack Ivanov
78bd5b017c client fixes (#605) 2017-06-21 13:39:54 -04:00
Jack Ivanov
9d8e39f63d Move back to the Xenial repo (#606) 2017-06-21 13:39:29 -04:00
Jack Ivanov
f0283856ad fix revocation (#586) 2017-06-06 12:42:23 +02:00
Jack Ivanov
a8ebb16437 Enable timeouts. Fixes #581 2017-06-05 17:33:03 +02:00
Jack Ivanov
26c202ded5 Generate p12 each deployment. Generate ps1 scripts if windows supported. Define become for all the section. (#580) 2017-06-04 12:18:55 -04:00
Jack Ivanov
ba7859ba5f Revoke non-existing users fix 2017-06-04 11:30:55 +02:00
Jack Ivanov
0131505195 Enhance PS1 script (#510) 
update docs

Update README.md

update readme
 2017-05-23 11:31:53 -04:00
Jack Ivanov
e6c8f19d3c Create a VPC network for each instane (#561) 2017-05-23 11:30:57 -04:00
Jack Ivanov
ee6db37428 Change the P12 and SSH passwords only for new users (#550) 2017-05-21 22:28:18 -04:00
Jack Ivanov
40e0363b18 Add html helper for Android (#554) 
* add html helper #280

move to the new local schema

fix a typo

* Update client-android.md
 2017-05-21 22:27:53 -04:00
Ruben Jongejan
e9e6c6e383 cleaner syntax for local actions (#536) 
* refactored local actions to cleaner syntax

* openssl commands folded

* removed unnecessary local_action's
 2017-05-17 02:30:04 -04:00
Rod Vagg
75d64ac018 Make DNS blocklist URLs configurable (#548) 2017-05-15 12:39:34 +02:00
tetov
ac6db06a19 grammar edit (#540) 
* grammar edit

* Update openssl.yml
 2017-05-10 10:06:19 -04:00
Jack Ivanov
58d5a06e87 delete tasks and move to roles (#519) 2017-05-08 16:34:45 -04:00
Ruben Jongejan
07ddb5863b improved readability with native yaml (#530) 2017-05-08 16:34:24 -04:00
Jack Ivanov
97369c303a define local_dns if dns tag used (#533) 2017-05-08 16:33:30 -04:00
Jack Ivanov
0031d2809e Disable the Signature Algorithm check and add default vars. Fixes #525 2017-05-08 21:40:38 +02:00
Christopher J. Pilkington
a225bde2b8 Specify EIP domain (#521) 2017-05-06 09:16:28 -04:00
Jack Ivanov
6f170982aa move to Elastic IP (#512) 2017-05-04 08:33:31 -04:00
Jack Ivanov
9f698fdd68 Get strongswan from the Zesty repo on Xenial (#515) 2017-05-03 16:03:10 -04:00
Jack Ivanov
bd348af9c2 Implementing blocks and additional fail hints #487 (#497) 
change the troubleshooting url
 2017-04-29 10:48:25 -04:00
Jack Ivanov
2f5c050fd2 dpdaction to clear (#498) 2017-04-27 14:47:45 -04:00
Jack Ivanov
0ed68b6c30 Properly configure ICMP restrictions (#492) 2017-04-27 12:47:05 -04:00
Ryan Kasper
0cb43650cb Windows 10 -PfsGroup None --> -PfsGroup ECP256 (#493) 
* Windows 10 -PfsGroup None --> -PfsGroup ECP256

Fixes broken tunnel when rekey (CREATE_CHILD_SA request [ N(REKEY_SA) SA No TSi TSr KE ]) occurs (on my Windows 10 1703 build 15063.138 Creator's Update system this is ~every 57 minutes)

* Update Windows Client PfsGroup Commandline
 2017-04-27 12:46:50 -04:00
Jack Ivanov
540c761d3b Disable RSA in the mobileconfigs. Fixes #486 2017-04-25 23:06:51 +02:00
Jack Ivanov
451394100d Some enhances in the compat ciphers (#464) 
raise the IntegrityCheckMethod to SHA384

Move Windows to ECDSA

Increase IntegrityCheckMethod
 2017-04-23 16:00:37 -04:00
Dan Guido
aac052da46 this option is deprecated (#477) 2017-04-23 09:04:30 -04:00
Jack Ivanov
c3fcfe5d0d Let users choose the distro version #449 (#466) 
Make dpdaction great again

add 1704 to travis

Make EC2 image name more convenient

modify apparmor profile
 2017-04-22 17:06:10 -04:00
Andy Boutte
76cdc69548 CF tested and working for EC2 deployment (#431) 
* AWS CloudFormation #132

* IPv6 EC2 draft

* CF tested and working for EC2 deployment

* IPv6 Implementation, EC2, Cloudformation

* Fixed ipv6 networking

* adding ip6tables rule for DHCP on AWS
 2017-04-20 18:04:57 -04:00
Jack Ivanov
a7b06058cb remove the proxy role #440 (#457) 
* remove the proxy role #440

* Separate facts. Make roles more independent from each other

move openssl to local tasks

move unneeded tasks
 2017-04-20 18:00:17 -04:00
Dan Guido
0b05ea19bc Windows needs SHA2-256. Closes #453. (#456) 2017-04-20 07:26:46 -04:00
Dan Guido
8173b84ff8 Change uniqueids back to never (#448) 
We need this to allow multiple connections with the same id/certificate
 2017-04-19 09:53:30 +02:00
Dan Guido
b29772f146 prefer ed25519 2017-04-18 02:20:44 -04:00
Dan Guido
f9f7be7b0d Fix a typo from #439 2017-04-18 01:15:07 -04:00
Dan Guido
1778cb1f45 disable dpd #430 (#437) 
Closes #430
 2017-04-18 01:12:21 -04:00
Dan Guido
8e5e6d5088 remove extraneous integrity algos from AEAD ciphers (#439) 
In reference to
https://github.com/trailofbits/algo/issues/9#issuecomment-294370560
 2017-04-18 01:11:56 -04:00
Jauder Ho
5b2e13d18f Only enable ChaCha cipher (#412) 
* Only enable ChaCha cipher

* Add back a few ciphers for compatability
 2017-04-17 23:17:40 -04:00
Jack Ivanov
fa5a956193 Add URLStringProbe (#428) 
* Add URLStringProbe

* switch to Apple's hotspot-detect.html
 2017-04-17 23:16:05 -04:00
Jack Ivanov
ea5976f49b write logs to file if BSD only 2017-04-17 18:12:38 +02:00
Jack Ivanov
9c12272c8c Python False-y values should be accepted. #417 (#426) 2017-04-16 16:40:24 -04:00
Jack Ivanov
16329fe088 Instance size (#404) 
* Escaping Special Characters #388

* Make instance sizes more flexible to edit #355
 2017-04-16 10:19:47 -04:00
Jack Ivanov
bf75a1bb03 move generating of the known_hosts file to local_action (#425) 2017-04-16 10:18:54 -04:00
MiWCryptAnalytics
04b61ca3d2 Increase CA key entropy to 128bit (#415) 
Changes the default CA key size from 48 bit to 128bit with OpenSSL usermode CSPRNG with hex encoding
 2017-04-15 16:23:15 -04:00
Jack Ivanov
02f363d825 change the order of ciphers 2017-04-15 16:36:39 +02:00
mathew19
ae43ed6f81 Update client_ipsec.secrets.j2 (#414) 
Fix filename in client ipsec_user.secrets
 2017-04-15 14:57:22 +02:00
mathew19
5e56996f5c Fix name (#411) 2017-04-15 14:57:07 +02:00
Jack Ivanov
c61a07fb60 Escaping Special Characters #388 (#403) 2017-04-14 14:57:27 -04:00
Jack Ivanov
56a72e5af2 New ciphers implementing #247 (#352) 
Switches to SHA2_512_256 HMAC integrity algorithm and adds cipher compatibility for other platforms.
 2017-04-11 16:08:03 -04:00
Jack Ivanov
70738ed8be Enable IP forwarding GCE #369 2017-04-09 20:52:54 +02:00
Jack Ivanov
95e0134f21 1. Disable SSH key deploying if installation on existing server 
2. Move to the ed25519 algorithm
3. Delete unneeded option RSAAuthentication
Fixes #272
 2017-04-09 20:41:45 +02:00