wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-02 19:03:04 +02:00
Code Issues Projects Releases Wiki Activity
1045 commits 5 branches 2 tags 10 MiB
Commit graph

1045 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jason A. Donenfeld
951524a0ae WireGuard is included in Ubuntu by default now 
WireGuard is now in Ubuntu 20.04, 18.04, and 16.04 in their default
kernels, and all other Ubuntus are EOL'd by Canonical. [1] has details
on replacing the PPA with Canonical's builtin repos, which this commit
implements.

[1] https://lists.zx2c4.com/pipermail/wireguard/2020-August/005737.html
 2020-08-06 16:22:48 +02:00
Jack Ivanov
5fc738ba8b
Revert "Refactor cloud-init/base.sh (#1797)" (#1856) 
This reverts commit f0d0e91be0.
 2020-08-04 20:34:06 +03:00
djds
f0d0e91be0
Refactor cloud-init/base.sh (#1797) 
* Refactor cloud-init/base.sh

* Pass shellcheck
* Use variable for username
* Fix issues with umask and sudo
* Simplify until loops

* Use literal algo for filename in /etc/sudoers.d/10-algo-user
 2020-08-03 11:36:18 -04:00
skim
3fe09bd904
Update current status of Wireguard faq to stable (#1849) 2020-08-03 11:30:49 -04:00
Lance McCarthy
350800fdf7
Added Azure deployment troubleshooting solution (#1853) 
Added troubleshooting steps to a common problem when deploying to Azure (Deployment Permissions Error).
 2020-08-03 11:29:07 -04:00
Jason A. Novak
830877557f
Update troubleshooting document to address #1463 and related issues (#1835) 
Clarify instructions in troubleshooting re: removing wireguard and config files as well as add troubleshooting step re: localhost being used instead of a domain name or IP address.
 2020-07-22 16:09:43 -04:00
David Myers
f76d361c55
Move document index into README (#1815) 
Move the list of available documentation into the main README.
 2020-07-22 15:54:06 -04:00
David Myers
5efa20b79a
Update WSL doc (#1817) 
Note in the WSL doc that Algo does not work on Ubuntu 20.04 LTS under WSL.
 2020-07-22 15:53:17 -04:00
David Myers
e4753d2510
Make clients prefer IPv6 (#1822) 
Change IPv6 addresses to non-ULA addresses such that they are favored over IPv4.
 2020-07-22 15:51:19 -04:00
David Myers
47bb48b0fb
Update Linux WireGuard client doc (#1846) 
Ubuntu 18.04 LTS now includes WireGuard so the PPA is no longer needed.
 2020-07-22 15:46:48 -04:00
Eugene Pirogov
3f86ae0713
Few cosmetic change to readme (#1813) 
Several small improvements around markup for code blocks
 2020-05-30 15:57:34 +03:00
David Myers
9ac64cbf21
Document WG DNS search domain on Linux client (#1796) 2020-05-16 18:45:00 +03:00
Jack Ivanov
c14ff0d611
Ubuntu 20.04 support (#1782) 
* ubuntu 20.04 support

* purge snapd for 20.04

* strongswan-starter fix
 2020-05-10 13:48:30 +03:00
KilometerM
7695372e2b
Remove hosts-file.net/ad_servers.txt (#1791) 
hosts-file.net/ad_servers.txt now leads to a 404 page. The list is no longer published nor maintained.

More information:

https://forums.malwarebytes.com/topic/257401-inquiry-regarding-automated-processing-of-hosts-files/
https://github.com/pi-hole/pi-hole/pull/3236#issue-396455876
https://github.com/uBlockOrigin/uBlock-issues/issues/971#issue-591298291
https://www.reddit.com/r/pihole/comments/fsg11e/hostsfilenet/
 2020-05-09 11:12:41 +03:00
Jack Ivanov
6753dc919f
Update troubleshooting.md 2020-05-09 11:07:37 +03:00
Jack Ivanov
ca898d5bf2
Update troubleshooting.md 
Closes #1786
 2020-05-09 11:06:56 +03:00
David Myers
eeda23be97
Initial support for Ubuntu 20.04 (#1770) 2020-04-25 19:42:07 +03:00
Wade Winright
e29615bc05
Modified script to handle more types of blocklists (#1771) 
Added/modified script to better handle multiple types of blocklists available to drop in to the BLOCKLIST_URLS.
 2020-04-25 19:36:43 +03:00
Saravanan Palanisamy
02fe2f7dd5
use ca_password from variable(--extra-vars) - non-interactive installation using ansible playbook (#1774) 
* use ca_password from variable

* add tests to cover the changes

* update tests - PR #1774
 2020-04-25 19:32:16 +03:00
Jack Ivanov
27de76048c
ipv6 nat fix (#1775) 2020-04-25 19:31:47 +03:00
aleks
4f1b9270be
relax CA constraints for client (the client equivalent of PR #1675) (#1768) 
* relax CA constraints for client (the client equivalent of PR #1675)

* fixing incorrectly hard-coded output file path
 2020-04-18 17:03:29 +03:00
dependabot[bot]
c231cd42d6
Bump ansible from 2.8.3 to 2.8.8 (#1736) 
Bumps [ansible](https://github.com/ansible/ansible) from 2.8.3 to 2.8.8.
- [Release notes](https://github.com/ansible/ansible/releases)
- [Commits](https://github.com/ansible/ansible/compare/v2.8.3...v2.8.8)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-02-28 10:07:18 +01:00
David Myers
3f3138f555
Fix IPsec DNS when WireGuard uses port 53 (#1719) 
* Fix IPsec DNS when WireGuard uses port 53

* Change ACCEPT to RETURN
 2020-02-25 07:43:25 +01:00
Jack Ivanov
28d95eace2
Update main.yml (#1727) 2020-02-18 16:20:27 +01:00
Jack Ivanov
1e8a9c5cf1
Generate mobileconfigs for WireGuard (#1698) 
* Generate mobileconfigs for WireGuard

* add xmllint to wireguard profiles

* Enable onDemand prompts for WireGuard

* linting
 2020-02-12 08:31:44 +01:00
Dan Hughes
512b5660e1
Use user-defined hostname for SSH hostname (#1715) 
* Use user-defined hostname for SSH hostname

* Update readme to use hostname in ssh commands
 2020-02-12 08:14:13 +01:00
Dan Hughes
5c09d6dd02
Use absolute path for identityfile in ssh config (#1718) 
* Use absolute path for identityfile in ssh config

* Update readme with ssh config include
 2020-02-12 07:58:20 +01:00
Jack Ivanov
dcfed41ae8 Apply netplan for digitalocean only (#1723) 2020-02-10 11:01:20 +01:00
Austin Dworaczyk Wiltshire
027b1b8497
Update dnscrypt-proxy cache settings for improved performance and privacy. (#1714) 
These values match those recommended by the author of DNSCrypt-proxy

See:
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Caching#dns-cache
https://00f.net/2019/11/03/stop-using-low-dns-ttls/
 2020-02-04 07:08:11 +01:00
Jack Ivanov
3720c5eb1f
Update CHANGELOG.md 2020-01-31 11:26:44 +01:00
Jack Ivanov
2abbf22196
Alternative Ingress IP (#1605) 
* Separate ingress IP draft

* task name fix

* placeholder
 2020-01-31 11:24:29 +01:00
David Myers
78cc708435 Clarify SSH port changed for cloud only (#1706) 2020-01-28 21:21:27 +01:00
Jack Ivanov
0efa4eaf91 Ca certificate name constraints (#1675) 
* X.509 Name Constraints

* nameConstraints to a random generated uuid

* Second level domain

* nameConstraints fixes

* critical in nameConstraints lost after last refactoring
 2020-01-25 20:08:55 +07:00
Jack Ivanov
0e57da8237
Move to Ubuntu 19.10 (#1702) 
* 19.04 is dead, long live 19.10

* Remove 19.04 from tests

* Update docs

* Set proper Azure name
 2020-01-23 17:24:41 +01:00
David Myers
6ac2e2d1a4 Document using Google Cloud Shell (#1699) 2020-01-22 11:39:36 +01:00
David Myers
df57e21194 DO documentation update (#1696) 2020-01-21 12:09:43 +01:00
David Myers
2d94bbd278 Documentation updates (#1694) 2020-01-21 12:09:09 +01:00
Jack Ivanov
62d00901e6
Update main.yml 2020-01-16 13:37:37 +01:00
Jack Ivanov
d8c48ec505
Update pre-deploy.sh 2020-01-16 13:24:23 +01:00
Jack Ivanov
98f43c5cbd
Github Actions fix for PRs (#1687) 2020-01-16 13:06:11 +01:00
Jack Ivanov
24574a3205
apt locking fixes (#1685) 2020-01-15 21:27:29 +01:00
Jack Ivanov
0629aa5ca5
Update badge 2020-01-13 17:26:05 +01:00
Jack Ivanov
cc72728c6d
Update badge 2020-01-13 17:23:42 +01:00
Jack Ivanov
53dfc570eb
Github Actions (#1681) 2020-01-13 17:20:40 +01:00
Jack Ivanov
eb40ade096
scaleway region fix (#1678) 2020-01-08 11:11:41 +01:00
Jack Ivanov
625f634163
Update CHANGELOG.md 2020-01-07 14:33:46 +01:00
Jack Ivanov
d635c76b50
Change default SSH port and introduce cloud-init support (#1636) 
* Change default SSH port

* Iptables to ansible_ssh_port

* Add Scaleway

* permissions and groups fixes

* update firewall docs

* SSH fixes

* add missing cloudinit to cloud-azure

* remove ansible_ssh_user from the tests

* congrats message fix
 2020-01-07 14:28:19 +01:00
Jack Ivanov
b66c9f59aa
Update CHANGELOG.md 2019-12-13 10:35:44 +01:00
TC1977
45aa0065cd Documentation updates (#1607) 
* update variable name to store_pki

* Document BetweenClients_DROP

* Update README.md

* Update faq.md

* VPN On Demand is for Apple IPSEC clients only

* How to update users from cloud-init

* How to monitor user activity

* Fix typo

* Update FAQ about WireGuard, fix typos

* Correct locations of install log and user configs

* Update-users from cloud-init

* Update features list

* More "IPsec" and "WireGuard" changes

* fixed broken link/absent link in FAQ

* Python version README fix for #1622

* road warrior instructions

* Update index.md

* Reorganize config.cfg

As per @davidemyers suggestions

* Further config changes

As per feedback, also better explanation of keys_clean_all

* Add road warrior instructions to FAQ

* Remove specific ports from RW instructions
 2019-12-10 19:23:18 +01:00
David Myers
221568cd25 Remove some commas from input.yml (#1652) 
* Remove some commas from input.yml

* Update input.yml
 2019-12-08 13:16:48 +01:00