algo icon indicating copy to clipboard operation
algo copied to clipboard
verified publisher icon trailofbits

Webapp that builds Algo VPNs

Open dguido opened this issue 9 years ago • 13 comments

Form fields for all the info we need, click create, it spits out the configs at you and downloads and tells you the server info.

Like this: https://www.tinfoilsecurity.com/vpn/new

dguido avatar Dec 31 '16 01:12 dguido

Hi Dan, I have been thinking about implementing something similar and discussed with you at EH. I would like to do DO and AWS implementations, as have been doing lots of AWS InfAsCode work lately.

Ill start working on this now, you assign this issue to me?

MiWCryptAnalytics avatar Apr 13 '17 02:04 MiWCryptAnalytics

Sure! Here's a good template to start from for a UI: https://www.tinfoilsecurity.com/vpn/new

dguido avatar Apr 13 '17 02:04 dguido

My plan is to use two separate repos, one for the flask app container and another for the Infrastructure as Code scripts that the flask application will use to provision with DO and AWS. Having both repos open source will hopefully increase trust in the app not to do nefarious things with other peoples tokens.

The app will pull from this repo and run the build operations for each VPN setup in an ephemeral container. Need to do something about trust and/or liability with handling others API tokens also.

In spirit of Tinfoil security launching their service for the Rio Olympics, on 13 April 2017, Australia's mandatory data retention scheme kicked in: https://iapp.org/news/a/australias-mandatory-data-retention-scheme-takes-effect-april-13/

Thanks for collab invite.

MiWCryptAnalytics avatar Apr 13 '17 04:04 MiWCryptAnalytics

Sounds fine. Let's start with the Flask app. Then somehow can just start it locally to get a GUI of sorts for the script. That will be an easy improvement.

dguido avatar Apr 13 '17 04:04 dguido

Yo dan, Ive made a start on this, im working on it out of here. https://github.com/MiWCryptAnalytics/algo-flask/

It doesn't do much yet and is pretty basic, but it does automatically generate the forms from the script via regex. Is this crazy? Interested in your opinion before i do too much more with that

https://github.com/MiWCryptAnalytics/algo-flask/blob/master/generate.py

Ill make it look nicer in the next few days

MiWCryptAnalytics avatar Apr 22 '17 00:04 MiWCryptAnalytics

Nice! You should submit a WIP PR. Putting it in an app directory sounds appropriate?

dguido avatar Apr 22 '17 00:04 dguido

I think a better approach might be to have the webapp re-implement what is currently in the bash script. I don't think you need to do any fancy parsing of the shell script to generate the forms. We only ask about 5 or so questions. It's easy enough to hardcore a few toggles for each one.

dguido avatar Apr 22 '17 21:04 dguido

Your right, its too crazy.

Ill use it as a starting point to reformat the questions. I was thinking it would make it easier for major feature changes, but at this point the project is mature enough that most of the changes are happening at the ansible layer anyway.

So its not much yet, but i wanted to demonstrate some progress. thanks for the feedback :-)

MiWCryptAnalytics avatar Apr 23 '17 21:04 MiWCryptAnalytics

Hi Dan,

An update! I have completed an MVP for this: https://algovpngen.herokuapp.com All the code is here. https://github.com/MiWCryptAnalytics/AlgoVPNGen and will CD into heroku. Only has DO support for now, will be adding more soon. If you want to see a simulated run, visit: https://algovpngen.herokuapp.com/emoji

This is currently running from a free heroku account. Circleci builds the web (/app) and worker (/worker) [the container that runs algo] and uploads them to heroku container registry. The web container uses the heroku cli tool to run the worker container on user request, and pipes the stdout to the web client via a websocket. The ANSI from ansible is converted to certain colored emoji. All execution occurs within Heroku container infrastructure.

Finally, the configs dir is zipped and base64ed and sent to the browser via the websocket. Instructions to the user are provided, and a link to the configuration guide.

There are a number of enhancements that can be made, including js zip reconstruction, username customization, and UI work. Ignore the bad ui things please. 😄 Stack used is: flask, flask-socketio, gunicorn, Docker, nginx, heroku

Hope you like it, peace

MiWCryptAnalytics avatar Nov 24 '17 04:11 MiWCryptAnalytics

Your Digital Ocean API token will stored temporarily a server side session.

Can it work on the front-end only? Without going to the server?

MDJCM avatar Sep 19 '18 18:09 MDJCM

https://github.com/dan-v/dosxvpn

dguido avatar Feb 18 '19 00:02 dguido

Hi, I was wondering if something like this exist. I would love to help out with this, is there anything I can look into?

kamyar avatar Oct 13 '19 02:10 kamyar

@dguido could you please address open questions from my PR?

  • I don't see clear way to keep only one source of truth for prompts. It is possible to sync web forms for existing setup, but will require further maintenance for new prompts. Is it OK with you? If yes, does my code style look maintainable for core team?
  • I wanted to keep as little dependencies as possible (preferably no extra deps), but I also think websocket for interactive console and pyyaml for parsing config files are nice things to have. Again, is it OK?
  • Am I correct that that form intended be used for hosted setup as well? That will require additional things to consider for me.

summerisgone avatar Oct 15 '19 05:10 summerisgone