Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactoring #1334

Merged
merged 2 commits into from
Mar 10, 2019
Merged

Refactoring #1334

merged 2 commits into from
Mar 10, 2019

Conversation

jackivanov
Copy link
Collaborator

@jackivanov jackivanov commented Feb 20, 2019
edited
Loading

Description

Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes #1330 and closes #1162
Configures Ansible to use python3 on the server side. Closes #1024
Removes unneeded playbooks, reorganises a lot of variables
Reorganises the config folder. Closes #1330

Here is how the config directory looks like now 

configs/X.X.X.X/
|-- ipsec
|   |-- apple
|   |   |-- desktop.mobileconfig
|   |   |-- laptop.mobileconfig
|   |   `-- phone.mobileconfig
|   |-- manual
|   |   |-- cacert.pem
|   |   |-- desktop.p12
|   |   |-- desktop.ssh.pem
|   |   |-- ipsec_desktop.conf
|   |   |-- ipsec_desktop.secrets
|   |   |-- ipsec_laptop.conf
|   |   |-- ipsec_laptop.secrets
|   |   |-- ipsec_phone.conf
|   |   |-- ipsec_phone.secrets
|   |   |-- laptop.p12
|   |   |-- laptop.ssh.pem
|   |   |-- phone.p12
|   |   `-- phone.ssh.pem
|   `-- windows
|       |-- desktop.ps1
|       |-- laptop.ps1
|       `-- phone.ps1
|-- ssh-tunnel
|   |-- desktop.pem
|   |-- desktop.pub
|   |-- laptop.pem
|   |-- laptop.pub
|   |-- phone.pem
|   |-- phone.pub
|   `-- ssh_config
`-- wireguard
    |-- desktop.conf
    |-- desktop.png
    |-- laptop.conf
    |-- laptop.png
    |-- phone.conf
    `-- phone.png

finder

Motivation and Context

This refactoring is focused to aim to the 1.0 release

How Has This Been Tested?

Deployed to several cloud providers with various options enabled and disabled

Types of changes

  • Refactoring

Checklist:

  • I have read the CONTRIBUTING document.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • All new and existing tests passed.

@jackivanov jackivanov mentioned this pull request Feb 20, 2019
Closed
6 tasks
@davidemyers
Copy link
Contributor

I've run the following tests on DigitalOcean with an iOS client and all have passed:

Deploy with IPsec + WG + SSH (OK)
Add a user with update-users (OK)
Connect with new user via IPsec (OK)
Connect with new user via WG (OK)

Deploy with WG only (OK)
Connect via WG (OK)
Add a user with update-users (OK)
Connect with new user via WG (OK)

The only issue I noticed is that update-users on the WG-only instance prompted for the CA key even though there was none.

Also I think the dumping of the invocation environment in playbooks/cloud-pre.yml should now include ipsec_enabled.

@jackivanov jackivanov changed the title refactoring WIP: refactoring Feb 21, 2019
@akerl

This comment has been minimized.

Sign in to view
@jackivanov jackivanov changed the title WIP: refactoring Refactoring Feb 23, 2019
@shapiro125 shapiro125 mentioned this pull request Feb 24, 2019
Open
@TC1977

This comment has been minimized.

Sign in to view
@jackivanov jackivanov force-pushed the refactoring-2019 branch 2 times, most recently from 98a1867 to e79d280 Compare February 25, 2019 17:10
@ismail

This comment has been minimized.

Sign in to view
@dguido dguido merged commit 273c766 into master Mar 10, 2019
@dguido dguido deleted the refactoring-2019 branch March 10, 2019 17:16
andreimc added a commit to tunnelhero/algo that referenced this pull request Mar 12, 2019
@andreimc
Merge remote-tracking branch 'upstream/master'
66e4bda 
* upstream/master:
  Fix typo in doctl command (trailofbits#1350)
  skip generation of SSH keypair when deploying locally (trailofbits#1348)
  Refactoring (trailofbits#1334)
  Update cloud-pre.yml
TC1977 pushed a commit to TC1977/algo that referenced this pull request Mar 26, 2019
@jackivanov @dguido
Refactoring (trailofbits#1334)
9b6da91 
<!--- Provide a general summary of your changes in the Title above -->

## Description
Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes trailofbits#1330 and closes trailofbits#1162
Configures Ansible to use python3 on the server side. Closes trailofbits#1024 
Removes unneeded playbooks, reorganises a lot of variables
Reorganises the `config` folder. Closes trailofbits#1330
<details><summary>Here is how the config directory looks like now</summary>
<p>

```
configs/X.X.X.X/
|-- ipsec
|   |-- apple
|   |   |-- desktop.mobileconfig
|   |   |-- laptop.mobileconfig
|   |   `-- phone.mobileconfig
|   |-- manual
|   |   |-- cacert.pem
|   |   |-- desktop.p12
|   |   |-- desktop.ssh.pem
|   |   |-- ipsec_desktop.conf
|   |   |-- ipsec_desktop.secrets
|   |   |-- ipsec_laptop.conf
|   |   |-- ipsec_laptop.secrets
|   |   |-- ipsec_phone.conf
|   |   |-- ipsec_phone.secrets
|   |   |-- laptop.p12
|   |   |-- laptop.ssh.pem
|   |   |-- phone.p12
|   |   `-- phone.ssh.pem
|   `-- windows
|       |-- desktop.ps1
|       |-- laptop.ps1
|       `-- phone.ps1
|-- ssh-tunnel
|   |-- desktop.pem
|   |-- desktop.pub
|   |-- laptop.pem
|   |-- laptop.pub
|   |-- phone.pem
|   |-- phone.pub
|   `-- ssh_config
`-- wireguard
    |-- desktop.conf
    |-- desktop.png
    |-- laptop.conf
    |-- laptop.png
    |-- phone.conf
    `-- phone.png
```

![finder](https://i.imgur.com/FtOmKO0.png)

</p>
</details>

## Motivation and Context
This refactoring is focused to aim to the 1.0 release

## How Has This Been Tested?
Deployed to several cloud providers with various options enabled and disabled

## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [x] Refactoring

## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] I have read the **CONTRIBUTING** document.
- [x] My code follows the code style of this project.
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [x] All new and existing tests passed.
@Bow0628 Bow0628 mentioned this pull request Jul 2, 2021
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ready_to_merge
Projects
None yet
Milestone
No milestone
6 participants
@jackivanov @davidemyers @akerl @TC1977 @ismail @dguido