From 5b1801ed13dc33ef709585f1591bb6aeb2afb8ad Mon Sep 17 00:00:00 2001 From: Anton Patsev Date: Sun, 25 Feb 2024 22:29:11 +0600 Subject: [PATCH] Add missing commas, correction of spelling errors --- docs/client-apple-ipsec.md | 4 ++-- docs/client-linux-ipsec.md | 2 +- docs/client-linux-wireguard.md | 2 +- docs/client-openwrt-router-wireguard.md | 8 ++++---- docs/cloud-alternative-ingress-ip.md | 2 +- docs/cloud-amazon-ec2.md | 12 ++++++------ docs/cloud-azure.md | 2 +- docs/cloud-do.md | 2 +- docs/cloud-linode.md | 2 +- docs/deploy-from-ansible.md | 6 +++--- docs/deploy-from-cloudshell.md | 2 +- docs/deploy-from-docker.md | 4 ++-- docs/deploy-from-macos.md | 8 ++++---- .../deploy-from-script-or-cloud-init-to-localhost.md | 6 +++--- docs/deploy-from-windows.md | 4 ++-- 15 files changed, 33 insertions(+), 33 deletions(-) diff --git a/docs/client-apple-ipsec.md b/docs/client-apple-ipsec.md index e740b2311..26ea2987d 100644 --- a/docs/client-apple-ipsec.md +++ b/docs/client-apple-ipsec.md @@ -6,10 +6,10 @@ Find the corresponding `mobileconfig` (Apple Profile) for each user and send it ## Enable the VPN -On iOS, connect to the VPN by opening **Settings** and clicking the toggle next to "VPN" near the top of the list. If using WireGuard you can also enable the VPN from the WireGuard app. On macOS, connect to the VPN by opening **System Preferences** -> **Network**, finding the Algo VPN in the left column, and clicking "Connect." Check "Show VPN status in menu bar" to easily connect and disconnect from the menu bar. +On iOS, connect to the VPN by opening **Settings** and clicking the toggle next to "VPN" near the top of the list. If using WireGuard, you can also enable the VPN from the WireGuard app. On macOS, connect to the VPN by opening **System Preferences** -> **Network**, finding the Algo VPN in the left column, and clicking "Connect." Check "Show VPN status in menu bar" to easily connect and disconnect from the menu bar. ## Managing "Connect On Demand" -If you enabled "Connect On Demand" the VPN will connect automatically whenever it is able. Most Apple users will want to enable "Connect On Demand", but if you do then simply disabling the VPN will not cause it to stay disabled; it will just "Connect On Demand" again. To disable the VPN you'll need to disable "Connect On Demand". +If you enable "Connect On Demand", the VPN will connect automatically whenever it is able. Most Apple users will want to enable "Connect On Demand", but if you do then simply disabling the VPN will not cause it to stay disabled; it will just "Connect On Demand" again. To disable the VPN you'll need to disable "Connect On Demand". On iOS, you can turn off "Connect On Demand" in **Settings** by clicking the (i) next to the entry for your Algo VPN and toggling off "Connect On Demand." On macOS, you can turn off "Connect On Demand" by opening **System Preferences** -> **Network**, finding the Algo VPN in the left column, unchecking the box for "Connect on demand", and clicking Apply. \ No newline at end of file diff --git a/docs/client-linux-ipsec.md b/docs/client-linux-ipsec.md index e9ecadb76..12ce1c9ea 100644 --- a/docs/client-linux-ipsec.md +++ b/docs/client-linux-ipsec.md @@ -27,7 +27,7 @@ To configure the connection to come up at boot time replace `auto=add` with `aut ## Notes on SELinux -If you use a system with SELinux enabled you might need to set appropriate file contexts: +If you use a system with SELinux enabled, you might need to set appropriate file contexts: ```` semanage fcontext -a -t ipsec_key_file_t "$(pwd)(/.*)?" diff --git a/docs/client-linux-wireguard.md b/docs/client-linux-wireguard.md index cd47db2df..ce1154988 100644 --- a/docs/client-linux-wireguard.md +++ b/docs/client-linux-wireguard.md @@ -50,7 +50,7 @@ If your Linux distribution does not use `systemd` you can bring up WireGuard wit ## Using a DNS Search Domain -As of the `v1.0.20200510` release of `wireguard-tools` WireGuard supports setting a DNS search domain. In your `wg0.conf` file a non-numeric entry on the `DNS` line will be used as a search domain. For example this: +As of the `v1.0.20200510` release of `wireguard-tools` WireGuard supports setting a DNS search domain. In your `wg0.conf` file a non-numeric entry on the `DNS` line will be used as a search domain. For example, this: ``` DNS = 172.27.153.31, fd00::b:991f, mydomain.com ``` diff --git a/docs/client-openwrt-router-wireguard.md b/docs/client-openwrt-router-wireguard.md index e3c0e70ee..2abdf58cc 100644 --- a/docs/client-openwrt-router-wireguard.md +++ b/docs/client-openwrt-router-wireguard.md @@ -5,7 +5,7 @@ This is a tested, working scenario with following environment: - algo installed ubuntu at digitalocean - client side router "TP-Link TL-WR1043ND" with openwrt ver. 21.02.1. [Openwrt Install instructions](https://openwrt.org/toh/tp-link/tl-wr1043nd) - or client side router "TP-Link Archer C20i AC750" with openwrt ver. 21.02.1. [Openwrt install instructions](https://openwrt.org/toh/tp-link/archer_c20i) -see compatible device list at https://openwrt.org/toh/start . Theoretically any of the device on list should work +see compatible device list at https://openwrt.org/toh/start . Theoretically, any of the device on list should work @@ -13,16 +13,16 @@ see compatible device list at https://openwrt.org/toh/start . Theoretically any Make sure that you have - router with openwrt installed, - router is connected to internet, -- router and device in front of router does not have same ip . By default openwrt have 192.168.1.1 if so change it to something like 192.168.2.1 +- router and device in front of router do not have same ip. By default, openwrt have 192.168.1.1 if so change it to something like 192.168.2.1 ### Install required packages(WebUI) -- Open router web UI (mostly http://192.168.1.1 ) +- Open router web UI (mostly http://192.168.1.1) - Login. (by default username: root, password: - System -> Software, click "Update lists" - Install following packages wireguard-tools, kmod-wireguard, luci-app-wireguard, wireguard, kmod-crypto-sha256, kmod-crypto-sha1, kmod-crypto-md5 - restart router ### Alternative Install required packages(ssh) -- Open router web UI (mostly http://192.168.1.1 ) +- Open router web UI (mostly http://192.168.1.1) - ssh root@192.168.1.1 - opkg update - opkg install wireguard-tools, kmod-wireguard, luci-app-wireguard, wireguard, kmod-crypto-sha256, kmod-crypto-sha1, kmod-crypto-md5 diff --git a/docs/cloud-alternative-ingress-ip.md b/docs/cloud-alternative-ingress-ip.md index 5c123e91e..bd01839ca 100644 --- a/docs/cloud-alternative-ingress-ip.md +++ b/docs/cloud-alternative-ingress-ip.md @@ -13,7 +13,7 @@ Additional info might be found in [this issue](https://github.com/trailofbits/al ##### Extra charges -- DigitalOcean: Floating IPs are free when assigned to a Droplet, but after manually deleting a Droplet you need to also delete the Floating IP or you'll get charged for it. +- DigitalOcean: Floating IPs are free when assigned to a Droplet, but after manually deleting a Droplet, you need to also delete the Floating IP or you'll get charged for it. ##### IPv6 diff --git a/docs/cloud-amazon-ec2.md b/docs/cloud-amazon-ec2.md index c6a0d44de..90026dc53 100644 --- a/docs/cloud-amazon-ec2.md +++ b/docs/cloud-amazon-ec2.md @@ -10,7 +10,7 @@ The cheapest EC2 plan you can choose is the "Free Plan" a.k.a. the "AWS Free Tie *Note*: Your Algo instance will not stop working when you hit the bandwidth limit, you will just start accumulating service charges on your AWS account. -As of the time of this writing (July 2018), the Free Tier limits include "750 hours of Amazon EC2 Linux t2.micro instance usage" per month, 15 GB of bandwidth (outbound) per month, and 30 GB of cloud storage. Algo will not even use 1% of the storage limit, but you may have to monitor your bandwidth usage or keep an eye out for the email from Amazon when you are about to exceed the Free Tier limits. +As of the time of this writing (July 2018), the Free Tier limits include "750 hours of Amazon EC2 Linux t2.micro instance usage" per month, 15 GB of bandwidth (outbound) per month, and 30 GB of cloud storage. Algo will not even use 1% of the storage limit, but you may have to monitor your bandwidth usage or keep an eye out for the email from Amazon when you are about to exceed the Free Tier limits. Additional configurations are documented in the [EC2 section of the deploy from ansible guide](https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md#amazon-ec2) @@ -50,9 +50,9 @@ On the final screen, click the Download CSV button. This file includes the AWS a ## Using EC2 during Algo setup -After you have downloaded Algo and installed its dependencies, the next step is running Algo to provision the VPN server on your AWS account. +After you have downloaded Algo and installed its dependencies, the next step is running Algo to provision the VPN server on your AWS account. -First you will be asked which server type to setup. You would want to enter "3" to use Amazon EC2. +First, you will be asked which server type to setup. You would want to enter "3" to use Amazon EC2. ``` $ ./algo @@ -75,7 +75,7 @@ Enter the number of your desired provider : 3 ``` -Next you will be asked for the AWS Access Key (Access Key ID) and AWS Secret Key (Secret Access Key) that you received in the CSV file when you setup the account (don't worry if you don't see your text entered in the console; the key input is hidden here by Algo). +Next, you will be asked for the AWS Access Key (Access Key ID) and AWS Secret Key (Secret Access Key) that you received in the CSV file when you setup the account (don't worry if you don't see your text entered in the console; the key input is hidden here by Algo). ``` Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) @@ -88,14 +88,14 @@ Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing [ABCD...]: ``` -You will be prompted for the server name to enter. Feel free to leave this as the default ("algo") if you are not certain how this will affect your setup. Here we chose to call it "algovpn". +You will be prompted for the server name to enter. Feel free to leave this as the default ("algo") if you are not certain how this will affect your setup. Here we chose to call it "algovpn". ``` Name the vpn server: [algo]: algovpn ``` -After entering the server name, the script ask which region you wish to setup your new Algo instance in. Enter the number next to name of the region. +After entering the server name, the script ask which region you wish to setup your new Algo instance in. Enter the number next to name of the region. ``` What region should the server be located in? diff --git a/docs/cloud-azure.md b/docs/cloud-azure.md index 22239d6b9..3c85b4ce1 100644 --- a/docs/cloud-azure.md +++ b/docs/cloud-azure.md @@ -38,7 +38,7 @@ Here you can find some information from [the official doc](https://docs.microsof - Windows ([link](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest)): For Windows the Azure CLI is installed via an MSI, which gives you access to the CLI through the Windows Command Prompt (CMD) or PowerShell. When installing for Windows Subsystem for Linux (WSL), packages are available for your Linux distribution. [Download the MSI installer](https://aka.ms/installazurecliwindows) -If your OS is missing or to get more information see [the official doc](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) +If your OS is missing or to get more information, see [the official doc](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) ## Sign in diff --git a/docs/cloud-do.md b/docs/cloud-do.md index 88ec8e91c..42ac3764c 100644 --- a/docs/cloud-do.md +++ b/docs/cloud-do.md @@ -67,7 +67,7 @@ Enter your API token. The token must have read and write permissions (https://cl (output is hidden): ``` -Finally you will be asked the region in which you wish to setup your new Algo server. This list is dynamic and can change based on availability of resources. Enter the number next to name of the region: +Finally, you will be asked the region in which you wish to setup your new Algo server. This list is dynamic and can change based on availability of resources. Enter the number next to name of the region: ``` What region should the server be located in? diff --git a/docs/cloud-linode.md b/docs/cloud-linode.md index 3bbb6b558..36c34e8ff 100644 --- a/docs/cloud-linode.md +++ b/docs/cloud-linode.md @@ -1,6 +1,6 @@ ## API Token -Sign into the Linode Manager and go to the +Sign in to the Linode Manager and go to the [tokens management page](https://cloud.linode.com/profile/tokens). Click `Add a Personal Access Token`. Label your new token and select *at least* the diff --git a/docs/deploy-from-ansible.md b/docs/deploy-from-ansible.md index f7d6b96b4..4ab51a5f0 100644 --- a/docs/deploy-from-ansible.md +++ b/docs/deploy-from-ansible.md @@ -67,7 +67,7 @@ Server roles: - Adds a restricted `algo` group with no shell access and limited SSH forwarding options - Creates one limited, local account and an SSH public key for each user - role: wireguard - - Installs a [Wireguard](https://www.wireguard.com/) server, with a startup script, and automatic checks for upgrades + - Install a [Wireguard](https://www.wireguard.com/) server, with a startup script, and automatic checks for upgrades - Creates wireguard.conf files for Linux clients as well as QR codes for Apple/Android clients Note: The `strongswan` role generates Apple profiles with On-Demand Wifi and Cellular if you pass the following variables: @@ -80,7 +80,7 @@ Note: The `strongswan` role generates Apple profiles with On-Demand Wifi and Cel - role: local, provider: local -This role is intended to be run for local install onto an Ubuntu server, or onto an unsupported cloud provider's Ubuntu instance. Required variables: +This role is intended to be run for local installation onto an Ubuntu server, or onto an unsupported cloud provider's Ubuntu instance. Required variables: - server - IP address of your server (or "localhost" if deploying to the local machine) - endpoint - public IP address of the server you're installing on @@ -112,7 +112,7 @@ Additional variables: - [encrypted](https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/) - Encrypted EBS boot volume. Boolean (Default: true) - [size](https://aws.amazon.com/ec2/instance-types/) - EC2 instance type. String (Default: t2.micro) -- [image](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-images.html) - AMI `describe-images` search parameters to find the OS for the hosted image. Each OS and architecture has a unique AMI-ID. The OS owner, for example [Ubuntu](https://cloud-images.ubuntu.com/locator/ec2/), updates these images often. If parameters below result in multiple results, the most recent AMI-ID is chosen +- [image](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-images.html) - AMI `describe-images` search parameters to find the OS for the hosted image. Each OS and architecture has a unique AMI-ID. The OS owner, for example, [Ubuntu](https://cloud-images.ubuntu.com/locator/ec2/), updates these images often. If parameters below result in multiple results, the most recent AMI-ID is chosen ``` # Example of equivalent cli command diff --git a/docs/deploy-from-cloudshell.md b/docs/deploy-from-cloudshell.md index 2e75e910e..369824765 100644 --- a/docs/deploy-from-cloudshell.md +++ b/docs/deploy-from-cloudshell.md @@ -1,7 +1,7 @@ # Deploy from Google Cloud Shell **IMPORTANT NOTE: As of 2021-12-14 Algo requires Python 3.8, but Google Cloud Shell only provides Python 3.7.3. The instructions below will not work until Google updates Cloud Shell to have at least Python 3.8.** -If you want to try Algo but don't wish to install the software on your own system you can use the **free** [Google Cloud Shell](https://cloud.google.com/shell/) to deploy a VPN to any supported cloud provider. Note that you cannot choose `Install to existing Ubuntu server` to turn Google Cloud Shell into your VPN server. +If you want to try Algo but don't wish to install the software on your own system, you can use the **free** [Google Cloud Shell](https://cloud.google.com/shell/) to deploy a VPN to any supported cloud provider. Note that you cannot choose `Install to existing Ubuntu server` to turn Google Cloud Shell into your VPN server. 1. See the [Cloud Shell documentation](https://cloud.google.com/shell/docs/) to start an instance of Cloud Shell in your browser. diff --git a/docs/deploy-from-docker.md b/docs/deploy-from-docker.md index 523ab9f6c..d05d721f6 100644 --- a/docs/deploy-from-docker.md +++ b/docs/deploy-from-docker.md @@ -9,7 +9,7 @@ While it is not possible to run your Algo server from within a Docker container, ## Deploying an Algo Server with Docker -1. Install [Docker](https://www.docker.com/community-edition#/download) -- setup and configuration is not covered here +1. Install [Docker](https://www.docker.com/community-edition#/download) -- setup and configuration is not covered here 2. Create a local directory to hold your VPN configs (e.g. `C:\Users\trailofbits\Documents\VPNs\`) 3. Create a local copy of [config.cfg](https://github.com/trailofbits/algo/blob/master/config.cfg), with required modifications (e.g. `C:\Users\trailofbits\Documents\VPNs\config.cfg`) 4. Run the Docker container, mounting your configurations appropriately (assuming the container is named `trailofbits/algo` with a tag `latest`): @@ -97,7 +97,7 @@ Docker themselves provide a concept of [Content Trust](https://docs.docker.com/e 1. Even though we're taking care to drop all capabilities to minimize the impact of running as root, we can probably include not only a `seccomp` profile, but also AppArmor and/or SELinux profiles as well. 2. The Docker image doesn't natively support [advanced](deploy-from-ansible.md) Algo deployments, which is useful for scripting. This can be done by launching an interactive shell and running the commands yourself. -3. The way configuration is passed into and out of the container is a bit kludgy. Hopefully future improvements in Docker volumes will make this a bit easier to handle. +3. The way configuration is passed into and out of the container is a bit kludgy. Hopefully, future improvements in Docker volumes will make this a bit easier to handle. ## Advanced Usage diff --git a/docs/deploy-from-macos.md b/docs/deploy-from-macos.md index ba2855ba7..1205316d6 100644 --- a/docs/deploy-from-macos.md +++ b/docs/deploy-from-macos.md @@ -8,7 +8,7 @@ Algo uses [Ansible](https://www.ansible.com) which requires Python 3. macOS incl Catalina comes with Python 3 installed as `/usr/bin/python3`. This file, and certain others like `/usr/bin/git`, start out as stub files that prompt you to install the Command Line Developer Tools package the first time you run them. This is the easiest way to install Python 3 on Catalina. -Note that Python 3 from Command Line Developer Tools prior to the release for Xcode 11.5 on 2020-05-20 might not work with Algo. If Software Update does not offer to update an older version of the tools you can download a newer version from [here](https://developer.apple.com/download/more/) (Apple ID login required). +Note that Python 3 from Command Line Developer Tools prior to the release for Xcode 11.5 on 2020-05-20 might not work with Algo. If Software Update does not offer to update an older version of the tools, you can download a newer version from [here](https://developer.apple.com/download/more/) (Apple ID login required). ## macOS prior to 10.15 Catalina @@ -45,19 +45,19 @@ brew uninstall python3 #### Option 2: Install the package from Python.org -If you don't want to install a package manager you can download the Python package for macOS from [python.org](https://www.python.org/downloads/mac-osx/). +If you don't want to install a package manager, you can download the Python package for macOS from [python.org](https://www.python.org/downloads/mac-osx/). ##### Installation Download the most recent version of Python and install it like any other macOS package. Then initialize the CA certificate store from Finder by double-clicking on the file `Install Certificates.command` found in the `/Applications/Python 3.8` folder. -When you double-click on `Install Certificates.command` a new Terminal window will open. If the window remains blank then the command has not run correctly. This can happen if you've changed the default shell in Terminal Preferences. Try changing it back to the default and run `Install Certificates.command` again. +When you double-click on `Install Certificates.command` a new Terminal window will open. If the window remains blank, then the command has not run correctly. This can happen if you've changed the default shell in Terminal Preferences. Try changing it back to the default and run `Install Certificates.command` again. After installation open a new tab or window in Terminal and verify that the command `which python3` returns either `/usr/local/bin/python3` or `/Library/Frameworks/Python.framework/Versions/3.8/bin/python3`. ##### Removal -Unfortunately the python.org package does not include an uninstaller and removing it requires several steps: +Unfortunately, the python.org package does not include an uninstaller and removing it requires several steps: 1. In Finder, delete the package folder found in `/Applications`. 2. In Finder, delete the *rest* of the package found under ` /Library/Frameworks/Python.framework/Versions`. diff --git a/docs/deploy-from-script-or-cloud-init-to-localhost.md b/docs/deploy-from-script-or-cloud-init-to-localhost.md index 3207f5fc8..e71024da3 100644 --- a/docs/deploy-from-script-or-cloud-init-to-localhost.md +++ b/docs/deploy-from-script-or-cloud-init-to-localhost.md @@ -13,11 +13,11 @@ For now this has only been successfully tested on [DigitalOcean](https://www.dig #!/bin/bash curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x ``` -The command will prepare the environment and install AlgoVPN with the default parameters below. If you want to modify the behavior you may define additional variables. +The command will prepare the environment and install AlgoVPN with the default parameters below. If you want to modify the behavior, you may define additional variables. ## Variables -- `METHOD`: which method of the deployment to use. Possible values are local and cloud. Default: cloud. The cloud method is intended to use in cloud-init deployments only. If you are not using cloud-init to deploy the server you have to use the local method. +- `METHOD`: which method of the deployment to use. Possible values are local and cloud. Default: cloud. The cloud method is intended to use in cloud-init deployments only. If you are not using cloud-init to deploy the server, you have to use the local method. - `ONDEMAND_CELLULAR`: "Connect On Demand" when connected to cellular networks. Boolean. Default: false. @@ -31,7 +31,7 @@ The command will prepare the environment and install AlgoVPN with the default pa - `SSH_TUNNELING`: Enable SSH tunneling for each user. Default: false. -- `ENDPOINT`: The public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate). It will be gathered automatically for DigitalOcean, AWS, GCE, Azure or Vultr if the `METHOD` is cloud. Otherwise you need to define this variable according to your public IP address. +- `ENDPOINT`: The public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate). It will be gathered automatically for DigitalOcean, AWS, GCE, Azure or Vultr if the `METHOD` is cloud. Otherwise, you need to define this variable according to your public IP address. - `USERS`: list of VPN users. Comma-separated list. Default: user1. diff --git a/docs/deploy-from-windows.md b/docs/deploy-from-windows.md index ac6ba49b3..dd881b920 100644 --- a/docs/deploy-from-windows.md +++ b/docs/deploy-from-windows.md @@ -45,7 +45,7 @@ These steps should be only if you clone the Algo repository to the host machine ### Allow git to change files metadata -By default git cannot change files metadata (using chmod for example) for files stored at host machine disks (https://docs.microsoft.com/en-us/windows/wsl/wsl-config#set-wsl-launch-settings). Allow it: +By default, git cannot change files metadata (using chmod for example) for files stored at host machine disks (https://docs.microsoft.com/en-us/windows/wsl/wsl-config#set-wsl-launch-settings). Allow it: 1. Start Ubuntu Terminal. 2. Edit /etc/wsl.conf (create it if it doesn't exist). Add the following: @@ -57,7 +57,7 @@ options = "metadata" 4. Run powershell. 5. Run `wsl --shutdown` in powershell. -### Allow run Ansible in a world writable directory +### Allow run Ansible in a world writable directory Ansible threat host machine directories as world writable directory and do not load .cfg from it by default (https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir). For fix run inside `algo` directory: