New features, fixes, updates

* Refactor into separate packages
* New subcommand based CLI (deploy, ls, rm)
* Add generation of Android strongSwan configuration file
* Generate mobile config locally
* Download all VPN configuration files and store in ~/.dosxvpn
* Make OSX app prompt for auth at launch
* Add VPN delete functionality to web app
* Update README

Author: dan-v

Gopkg.lock

@@ -23,7 +23,11 @@
 
 [[constraint]]
   name = "github.com/digitalocean/godo"
-  version = "1.0.0"
+  version = "1.1.1"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/spf13/cobra"
 
 [[constraint]]
   branch = "master"

Gopkg.toml

@@ -1,7 +1,7 @@
 all: osx
 
 osx:
-	GOOS=darwin GOARCH=amd64 go build -o ./build/osx/x86-64/dosxvpn ./cmd/dosxvpn
+	GOOS=darwin GOARCH=amd64 go build -o ./build/osx/x86-64/dosxvpn .
 	cd platypus && ./build.sh
 	cd build/osx/x86-64 && zip -r ./dosxvpn.zip ./dosxvpn.app
 

Makefile

@@ -1,46 +1,88 @@
-One click personal VPN server on [DigitalOcean](https://digitalocean.com) with automated OSX setup and DNS adblocking. The deployed VPN server includes automated updates of both the OS and software, so you don't need to worry about managing a server.
+<h1 align="center">dosxvpn</h1>
 
-![](/static/overview.gif?raw=true)
+<h4 align="center">Easily deploy your own personal VPN server with DNS adblocking running on <a href="https://digitalocean.com)" target="_blank">DigitalOcean</a>.</h4>
 
-## Features
-* Personal IPSec VPN ([strongSwan](https://www.strongswan.org/)) deployed on DigitalOcean.
-* Adblocking DNS ([Pi-hole](https://pi-hole.net/)) setup by default.
-* Web based deployment with automated OSX VPN setup.
-* No additional software required - uses native OSX VPN.
-* Automated OS and software updates.
-* Downloadable mobileconfig file for sharing access to this VPN with other computers and devices.
+---
 
-## Usage
-1. Download the latest pre-built binary from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page. This is a packaged OSX app.
-2. Open the app and run through the web based installation wizard to setup the VPN.
-3. Visit http://pi.hole/admin/ (password=dosxvpn) in your browser to modify DNS adblocking settings.
+![](/static/images/overview.gif?raw=true)
 
-## How it works
-A web server is started on application launch and directs you to your web browser. It uses client OAuth authentication to request access to your DigitalOcean account (this permission is revoked after deployment). Once authenticated, a 512MB droplet is deployed running CoreOS that is configured to auto update on new releases. The OS is configured to launch a container ([dosxvpn/strongswan](https://hub.docker.com/r/dosxvpn/strongswan/)) on boot running [strongSwan](https://www.strongswan.org/). 
+## Key Features
+* Personal IPsec-based VPN ([strongSwan](https://strongswan.org/)).
+* Ad blocking DNS setup by default ([Pi-hole](https://pi-hole.net/)).
+* Generates profiles for sharing VPN with OSX/iPhone and Android.
+* No additional software required for OSX/iPhone - uses native VPN client.
+* Simple Web or CLI installation methods.
+* Automated OS and VPN software updates.
+
+## Web Installer (OSX) 
+1. Download the latest pre-built app from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page.
+2. Open the app and run through the web based installation wizard to setup a new VPN.
+
+## CLI Usage (OSX)
+1. Download the latest pre-built cli from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page.
+2. Make the binary executable
+  ```sh
+  chmod +x dosxvpn
+  ```
+3. Create an API token (https://cloud.digitalocean.com/settings/api/tokens) and export it
+  ```sh
+  export DIGITALOCEAN_ACCESS_TOKEN=<token>
+  ```
+4. See help for all options
+  ```sh
+  ./dosxvpn -h
+  ```
+
+### CLI Examples
+* Deploy a new VPN and configure for immediate use
+  ```sh
+  ./dosxvpn deploy --region sfo2 --auto-configure
+  ```
+* List dosxvpn VPN instances
+  ```sh
+  ./dosxvpn ls
+  ```
+* Remove dosxvpn VPN instance
+  ```sh
+  ./dosxvpn rm --name <name>
+  ```
 
 ## FAQ
 1. <b>Should I use dosxvpn?</b> That's up to you. Use at your own risk.
-2. <b>Are you going to support other VPS providers?</b> Possibly.
-3. <b>Will this make me completely anonymous?</b> No, absolutely not. All of your traffic is going through a VPS which could be traced back to your account. You can also be tracked still with [browser fingerprinting](https://panopticlick.eff.org/), etc. Your [IP address may still leak](https://ipleak.net/) due to WebRTC, Flash, etc.
-4. <b>How much does this cost?</b> This spins up a 512MB DigitalOcean droplet that costs $5 a month.
-5. <b>How do I uninstall this thing?</b> Go to System Preferences->Network, click on dosxvpn-* and click the '-' button in the bottom left to delete the VPN. Don't forget to also remove the droplet that is deployed in your DigitalOcean account.
+2. <b>Why is this better than using public VPN provider XYZ?</b> While most VPN providers will provide a secure connection to their endpoints, you may not be interested in putting blind faith in their claims that they will not log or track your activity online.
+3. <b>How is this different than [algo](https://github.com/trailofbits/algo)?</b> 1) Installallation - is simple and has no additional system dependencies. 2) Updates: dosxvpn handles updates of both the OS and VPN. This means any critical security updates or bug fixes will automatically be applied for you.
+4. <b>How much does this cost?</b> This launches a 512MB DigitalOcean droplet that costs $5/month currently.
+5. <b>What is the bandwidth limit?</b> The 512MB DigitalOcean droplet has a 1TB bandwidth limit. This does not appear to be strictly enforced.
+6. <b>Where does dosxvpn store VPN configuration files?</b> You can find all deployed VPN configuration files in your ~/.dosxvpn directory.
+7. <b>Are you going to support other VPS providers?</b> Not right now.
+8. <b>Will this make me completely anonymous?</b> No, absolutely not. All of your traffic is going through a VPS which could be traced back to your account. You can also be tracked still with [browser fingerprinting](https://panopticlick.eff.org/), etc. Your [IP address may still leak](https://ipleak.net/) due to WebRTC, Flash, etc.
+9. <b>How do I uninstall this thing on OSX?</b> You can uninstall through the Web interface, which will also remove the running droplet in your DigitalOcean account. Alternatively go to System Preferences->Network, click on dosxvpn-* and click the '-' button in the bottom left to delete the VPN. Don't forget to also remove the droplet that is deployed in your DigitalOcean account.
 
-# Powered by
-* [Golang](https://golang.org/)
-* [jbowens/dochaincore](https://github.com/jbowens/dochaincore) - Deployment code was borrowed from this project
-* [vimagick/strongswan](https://github.com/vimagick/dockerfiles/tree/master/strongswan) - Using forked version of this docker image for VPN
-* [platypus](http://www.sveinbjorn.org/platypus) - Used to generate OSX app 
+# Powered By
+* [strongSwan](https://strongswan.org/) - IPsec-based VPN software
+* [CoreOS](https://coreos.com/) - used for running containers and automatic OS updates capabilities
+* [Pi-hole](https://pi-hole.net/) - used for DNS adblocking
+* [Platypus](http://www.sveinbjorn.org/platypus) - used to build the native OSX app 
+* [godo](https://github.com/digitalocean/godo) - DigitalOcean Go API client
 
-### Building yourself
-1. Fetch the project with `go get`:
+# Acknowledgements
+* [trailofbits/algo](https://github.com/trailofbits/algo) - strongSwan configuration is borrowed from this project
+* [jbowens/dochaincore](https://github.com/jbowens/dochaincore) - Deployment code is borrowed from this project
+* [vimagick/strongswan](https://github.com/vimagick/dockerfiles/tree/master/strongswan) - Using a forked version of this docker image for VPN server
 
+# Building Source
+1. Install dependency [platypus cli](http://www.sveinbjorn.org/platypus)
+  ```sh
+  brew install platypus
+  ```
+  
+2. Fetch the project with `go get`:
   ```sh
   go get github.com/dan-v/dosxvpn
   cd $GOPATH/src/github.com/dan-v/dosxvpn
   ```
 
-2. Run make to build (will need to install [platypus cli](http://www.sveinbjorn.org/platypus)). CLI and OSX app can then be found under build/osx/x86-64.
-
+2. Run make to build
   ```sh
   make
-  ```
+  ```

README.md

@@ -0,0 +1,42 @@
+package cmd
+
+import (
+	"log"
+
+	"github.com/dan-v/dosxvpn/deploy"
+	"github.com/spf13/cobra"
+)
+
+var region string
+var autoConfigure bool
+
+var deployCmd = &cobra.Command{
+	Use:   "deploy",
+	Short: "Deploy dosxvpn VPN server",
+	Args: func(cmd *cobra.Command, args []string) error {
+		if region == "" {
+			return errorMissingRegion
+		}
+		if !digitalOceanTokenEnvSet() {
+			return errorMissingToken
+		}
+		return nil
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		deployment, err := deploy.New(getCliToken(), region, autoConfigure)
+		if err != nil {
+			log.Fatal("Deployment failed:", err)
+		}
+		err = deployment.Run()
+		if err != nil {
+			log.Fatal("Deployment failed:", err)
+		}
+	},
+}
+
+func init() {
+	RootCmd.AddCommand(deployCmd)
+
+	deployCmd.Flags().StringVar(&region, "region", "", "Region to deploy droplet (e.g. ams2,ams3,nyc1,nyc2,nyc3,sfo1,sfo2).")
+	deployCmd.Flags().BoolVar(&autoConfigure, "auto-configure", false, "Auto configure VPN (only for OSX).")
+}

cmd/deploy.go

@@ -0,0 +1,9 @@
+package cmd
+
+import "errors"
+
+var (
+	errorMissingToken  = errors.New("need to have environment variable DIGITALOCEAN_ACCESS_TOKEN set")
+	errorMissingRegion = errors.New("need to specify region")
+	errorMissingName   = errors.New("need to specify name")
+)