trailofbits / algo-ng Goto Github PK

View Code? Open in Web Editor NEW

70.0 42.0 18.0 13.94 MB

Experimental version of Algo built on Terraform

License: GNU Affero General Public License v3.0

Shell 13.23% HCL 76.64% PowerShell 10.13%

vpn terraform ipsec

algo-ng's People

Stargazers

Watchers

Forkers

hkolvenbach npaulhus warexify 2xl tunnelhero iknownothing codergolem autonomic-ai fussajt lab49 aa6my jackivanov stjordanis asmtal ecogit-stage larktechnologies cruckdaniel dmdv

algo-ng's Issues

Setup option mistake

$ ./algo apply

    What provider would you like to use?
      1. DigitalOcean
      2. Amazon EC2
      3. Google Compute Engine

    Enter the number of your desired provider
    : 3


    Name the vpn server:
    [algo-local]: 

    Enter your azure secret id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md)
    You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
    [pasted values will not be displayed]
    [...]:

the script algo

  case "$ALGO_PROVIDER" in
    1|digitalocean) ALGO_PROVIDER=digitalocean; digitalocean; ;;
    2|ec2) ALGO_PROVIDER=ec2; ec2; ;;
    3|azure) ALGO_PROVIDER=azure; azure; ;;
    3|gce) ALGO_PROVIDER=gce; gce; ;;
    # 5|non_cloud) ALGO_PROVIDER=non_cloud; non_cloud; ;;
    *) exit 1 ;;
  esac

duplicated entry

3-> azure
3-> gce
gce never reach.

Is this project still active?

I'm curious what the status is for this project... Are you still planning to re-write algo in terraform? Or is this idea abandoned now?

Port new features from Algo classic

Master readme doc link brokens

This md doc not exists

- Deploy from [Windows](docs/deploy-from-windows.md)

After, looking at source code, there is NO .md in the docs folder, except one.

blacklist.txt is missing, prevents dnscrypt-proxy from loading

Clean install on DigitalOcean. I have the following settings:

export WORKSPACE="default"
export ALGO_PROVIDER=1
export DIGITALOCEAN_TOKEN=<< MY TOKEN >> 
export ALGO_REGION=sfo2
export ALGO_SERVER_NAME=algo

./algo apply

After connecting to the server, my machine can not resolve DNS. Was debugging the server and found this:

# service dnscrypt-proxy status

● dnscrypt-proxy.service - DNSCrypt-proxy client
   Loaded: loaded (/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/dnscrypt-proxy.service.d
           └─99-capabilities.conf
   Active: failed (Result: exit-code) since Tue 2019-12-10 06:16:57 UTC; 2s ago
     Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
  Process: 1443 ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml (code=exited, status=255/E
 Main PID: 1443 (code=exited, status=255/EXCEPTION)

Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: config option `refused_code_in_responses` is deprecated, use `blocked_
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: dnscrypt-proxy 2.0.33
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: Network connectivity detected
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: /etc/dnscrypt-proxy/public-resolvers.md: open sf-y7etj5gtjqfxxjmy.tmp:
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: Source [public-resolvers] loaded
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: Firefox workaround initialized
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: Loading the set of blocking rules from [blacklist.txt]

# ------> issue bellow:
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: open blacklist.txt: no such file or directory
Dec 10 06:16:57 solar-1575956637 systemd[1]: dnscrypt-proxy.service: Main process exited, code=exited, status=255/EXCEPTION
Dec 10 06:16:57 solar-1575956637 systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.

to resolve the issue:

# ssh into algo machine

# cp example file
cp /etc/dnscrypt-proxy/example-blacklist.txt /etc/dnscrypt-proxy/blacklist.txt

# restart dnscrypt
service dnscrypt-proxy restart

a different solution would be set a terraform provisioner to cp example-blacklist.txt to blacklist.txt or setting the blacklist file to be example-blacklist.txt.

Would create a PR but can not validate this on other services (specifically GCE & Azure). Thank you for this project, please let me know if there is other way I could help.

Current problems

Certificates provisioning happens on the server. I would prefer to avoid the CA key leaking from the client's machine. Terraform doesn't allow to setup the password for private keys yet. Otherwise we may use any secure storage to keep the CA private with terraform.
How to get terraform binary? The better way is to build a gitlab page which detects user's OS and proposes the link to download terraform. This can simplify the installation. But bash wrapper would work as well
Documentations. Need to build a few more pages to describe the modules and how advanced users can use them separately in automated builds.
More then 1 command to deploy Algo without the wrapper. Not a problem actually, but would be good to simplify this.

Upgrade to terraform 0.12

DigitalOcean
EC2
GCE
Azure

Revise WireGuard keys configuration

waiting for ed25519 supported in go and tls-provider

trailofbits / algo-ng Goto Github PK

algo-ng's People

Stargazers

Watchers

Forkers

algo-ng's Issues

Setup option mistake

Is this project still active?

Port new features from Algo classic

Master readme doc link brokens

blacklist.txt is missing, prevents dnscrypt-proxy from loading

Current problems

Upgrade to terraform 0.12

Revise WireGuard keys configuration

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent