Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

So, this comes up semi-regularly in the IYG Android Thread and it's not exactly in-scope for that thread so here is where I'll describe algo.

Algo automates the deployment of a cloud server at Digital Ocean, Azure, Amazon, or Google. It then configures that server to serve as an IPSEC VPN for securing internet connections for your devices.

quote:

Algo automatically deploys an on-demand VPN service in the cloud that is not shared with other users, relies on only modern protocols and ciphers, and includes only the minimal software you need.

You can read more about the inspiration and reasons for algo to exist here.

Algo can also be configured to block ads.

A typical usage scenario for an Apple device might go like this:

1. Download and unzip algo.
2. Set up an account at Digital Ocean.
3. In your account settings at Digital Ocean generate an API key.
4. Run through the algo install.
5. Send the automatically generated apple profile to your iPhone.
6. Turn on the VPN in the settings.

Android doesn't support the IKEv2 protocol natively, so you have to use the strongSwan app.

You can also use it on Windows or Linux clients.

Ehh, I'm sure people will need more help so I'll update this OP as needed.

I'd appreciate any infosec people chiming in on what they think about algo.

Adbot
ADBOT LOVES YOU

hooah
Feb 6, 2006
WTF?
Do you use your algo-created VPN on a desktop? I recently set mine up again and now one of the games I play (Warframe) will no longer work with the VPN connection active. Any ideas?

Rexxed
May 1, 2010

Dis is amazing!
I gotta try dis!

hooah posted:

Do you use your algo-created VPN on a desktop? I recently set mine up again and now one of the games I play (Warframe) will no longer work with the VPN connection active. Any ideas?

Some services don't like to get incoming connections from "data centers." I've only seen it with the get-paid-to earning sites (who don't want you buying VMs and getting their advertisers angry), but it's possible game companies block some in case of abuse (ban avoidance or hacking attempts perhaps). I don't know for certain but that'd be my guess.

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

hooah posted:

Do you use your algo-created VPN on a desktop? I recently set mine up again and now one of the games I play (Warframe) will no longer work with the VPN connection active. Any ideas?

I do sometimes, but I don't when I game just because I MUST HAVE LESS PINGS.

But I think Rexxed is right, I've come across a couple of things that note that I'm surfing from a data center and they say "NO".

Grey Area
Sep 9, 2000
Battle Without Honor or Humanity
Do Netflix and other streaming services work through these VPS providers? It seems like something they would target as part of their attempts to prevent people from evading geoblocking, but maybe they're smart enough to only block users whose billing addresses are in a different country from the data center.

Khablam
Mar 29, 2012
RIGHT OR WRONG, I CAN’T HELP BUT EXPRESS MYSELF LIKE A BRATTY CHILD. DON’T LISTEN TO ME.

Grey Area posted:

Do Netflix and other streaming services work through these VPS providers? It seems like something they would target as part of their attempts to prevent people from evading geoblocking, but maybe they're smart enough to only block users whose billing addresses are in a different country from the data center.

Rolling your own VPN is just about the best way to prevent geo-blocking; services who geo-block are in 99% of cases just blocking VPN ranges by IP (literally blocking the IPs company-x owns).

hifi
Jul 25, 2012

I tried this a while back and there was some cipher mismatch that dropped my connection every 15 minutes on windows 10. It seemed easy to set up and it looks like they might have fixed it, but good luck if you run into any issues because it seems like they don't believe that anyone reads and follows through with their documentation

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

That's a pretty reasonable thing to believe.

FWIW, I've had the opposite experience with the one thing I wanted help with.

FWIW, part deux, I've had windows 10 connected for days straight, so I guess you're right about then fixing it.

hooah
Feb 6, 2006
WTF?
I had weird connection stability things on my laptop, but not on my desktop. Haven't had the newer setup long enough tell with either yet.

Grassy Knowles
Apr 4, 2003

"The original Terminator was a gritty fucking AMAZING piece of sci-fi. Gritty fucking rock-hard MURDER!"

Grey Area posted:

Do Netflix and other streaming services work through these VPS providers? It seems like something they would target as part of their attempts to prevent people from evading geoblocking, but maybe they're smart enough to only block users whose billing addresses are in a different country from the data center.

I can tell you that Netflix blocks (at least some) Digital Ocean address ranges.

So does pizzahut.com lol

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

A nice thing about algo is that its almost zero effort to spin up another VPN server on another cloud server...as long as you have your accounts set up at each of them.

So, if you have trouble with something blocking some IP range or something, its easy to try another.


(FWIW, I don't recall having a problem with blocking anywhere with my DO-hosted VPN server)

Grassy Knowles
Apr 4, 2003

"The original Terminator was a gritty fucking AMAZING piece of sci-fi. Gritty fucking rock-hard MURDER!"

Thermopyle posted:

A nice thing about algo is that its almost zero effort to spin up another VPN server on another cloud server...as long as you have your accounts set up at each of them.

So, if you have trouble with something blocking some IP range or something, its easy to try another.


(FWIW, I don't recall having a problem with blocking anywhere with my DO-hosted VPN server)

This is also true—I just don't care, so I let it be until I have another reason to switch like an upcoming outage.

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

Grassy Knowles posted:

This is also true—I just don't care, so I let it be until I have another reason to switch like an upcoming outage.

How could you not care about pizzahut.com??!?!

THF13
Sep 26, 2007

Keep an adversary in the dark about what you're capable of, and he has to assume the worst.
Can I forward a port with this? I run a few services on my home network that I access remotely, but this means I need to keep 443 open on my home router which isn't great. I'd like to be able to instead keep 443 open on a digital ocean droplet and have the traffic go through a VPN to my home network.

I know it's possible to set that up with OpenVPN but :effort:.

Paul MaudDib
May 3, 2006

TEAM NVIDIA:
FORUM POLICE
AWS billing can get pretty expensive (particularly egress data). What are you getting in terms of actual costs here, and for how much data?

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

I don't use AWS, I use DO, and it cost me 5/month.

El Generico
Feb 3, 2009

Nobody outrules the Marquise de Cat!

Thermopyle posted:

I don't use AWS, I use DO, and it cost me 5/month.

This is definitely the way to go. I've got this running now.

EconOutlines
Jul 3, 2004

What are we talking about in terms of security vs OpenVPN?

I've always viewed them as the gold standard, so I've turned away from different protocols.

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

EconOutlines posted:

What are we talking about in terms of security vs OpenVPN?

I've always viewed them as the gold standard, so I've turned away from different protocols.

quote:

OpenVPN’s lack of out-of-the-box client support on any major desktop or mobile operating system introduces unnecessary complexity. The user experience suffers.

Speaking of users, they’re required to update and maintain this software too. That is a recipe for disaster.

Worst of all, OpenVPN depends on the security of TLS, both the protocol and its implementations. Between that, and past security incidents, we simply trust it less.

That's what the developers of algo have to say about OpenVPN.

disaster pastor
May 1, 2007


I'm probably wrong, but this seems worse for privacy than typical VPNing. Instead of tracking your IP to a VPN service that doesn't keep specific logs, it's tracked to a cloud service that can happily hand over your exact details as the only user who could possibly have been at that IP at that time. Am I an idiot?

Zorak of Michigan
Jun 10, 2006

It's clearly marketed as a way to secure your traffic when using a suspect connection like public WiFi, and much less for anonymizing your Internet access.

disaster pastor
May 1, 2007


Ah, that makes way more sense now. Thank you!

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

tzirean posted:

I'm probably wrong, but this seems worse for privacy than typical VPNing. Instead of tracking your IP to a VPN service that doesn't keep specific logs, it's tracked to a cloud service that can happily hand over your exact details as the only user who could possibly have been at that IP at that time. Am I an idiot?

"Not keeping logs" is a bullshit thing for a VPN provider to claim anyway.


quote:

Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,

Khorne
May 1, 2002
That's literal metadata that is available without the VPN provider keeping it, and the only examples of this happening with a VPN provider is with one based in China and another based in the UK. DO self-hosted VPNs will get you nailed in the same way.

VPNs won't protect you from illegal activity that isn't one-off. As soon as you connect to a vpn, connect to a site multiple times it can be pinned to you whether the VPN provider keeps logs or not.

Even one-off activity can get you boned, like the idiot who emailed in a bomb threat to his college from Tor from his campus internet connection. They checked the logs and he was the only person on the campus connected through tor with no obfuscation at the time the bomb threat was mailed in. They didn't need any damning traffic or knowledge of what he was doing.

Khorne fucked around with this message at 22:04 on Oct 10, 2017

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

Khorne posted:

That's literal metadata that is available without the VPN provider keeping it, and the only examples of this happening with a VPN provider is with one based in China and another based in the UK. DO self-hosted VPNs will get you nailed in the same way.

VPNs won't protect you from illegal activity that isn't one-off. As soon as you connect to a vpn, connect to a site multiple times it can be pinned to you whether the VPN provider keeps logs or not.

Even one-off activity can get you boned, like the idiot who emailed in a bomb threat to his college from Tor from his campus internet connection. They checked the logs and he was the only person on the campus connected through tor with no obfuscation at the time the bomb threat was mailed in. They didn't need any damning traffic or knowledge of what he was doing.

I'm not sure if you're agreeing or disagreeing with me.

My point was that you are just taking their word for it WRT to log-keeping and other anonymizing strategies and that it doesn't really matter much anyway since as you point out there's other things that can be done other than just looking at logs. I wasn't claiming that self-hosted VPNs were better or worse, only that if you're that concerned with log keeping you need to be aware that you're just taking it on faith.

Thermopyle fucked around with this message at 01:02 on Oct 11, 2017

anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum
I was going to ask if you could install Algo on the Windows 10 bash subsystem, but it looks like that's exactly the instructions for installing on Windows.

hooah
Feb 6, 2006
WTF?
Beware: I couldn't get that to work. I can't remember anymore what the errors were, but they went away when I ran the scripts right in Linux.

anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum

hooah posted:

Beware: I couldn't get that to work. I can't remember anymore what the errors were, but they went away when I ran the scripts right in Linux.
When it asks what provider you'd like to use, there's five options, and one of those is a Ubuntu 16.04 server. Since Bash on Windows is most like Ubuntu, and the others ask for things like what region I'd like to deploy to, I chose that one.

I got this error message first
code:
RUNNING HANDLER [common : restart loopback] ************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": "ifdown lo:100 && ifup lo:100", "delta": "0:00:00.055333", "end": "2017-10-18 14:38:56.000902", "failed": true, "rc": 1, "start": "2017-10-18 14:38:55.945569", "stderr": "ifdown: interface lo:100 not configured\nCannot find device \"lo:100\"", "stdout": "Failed to bring up lo:100.", "stdout_lines": ["Failed to bring up lo:100."], "warnings": []}
so I told it not to be a DNS resolver, and then I got this message
code:
TASK [common : Sysctl tuning] **************************************************
changed: [localhost] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
failed: [localhost] (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1}) => {"failed": true, "item": {"item": "net.ipv4.conf.all.forwarding", "value": 1}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nsysctl: setting key \"net.ipv4.ip_forward\": Invalid argument\nsysctl: cannot stat /proc/sys/net/ipv4/conf/all/forwarding: No such file or directory\n"}
failed: [localhost] (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1}) => {"failed": true, "item": {"item": "net.ipv6.conf.all.forwarding", "value": 1}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nsysctl: setting key \"net.ipv4.ip_forward\": Invalid argument\nsysctl: cannot stat /proc/sys/net/ipv4/conf/all/forwarding: No such file or directory\nsysctl: cannot stat /proc/sys/net/ipv6/conf/all/forwarding: No such file or directory\n"}
I think it's weird that it does the net.ipv4.ip_forward fine, but fails on net.ipv4.conf.all.forwarding and net.ipv6.conf.all.forwarding, which do not exist, and then terminates. I don't know if those last two are necessary (probably not) and I don't know if those exist in Ubuntu 16.04. I think symlinks would be the easiest workaround, but I want to do some more checking.

Boris Galerkin
Dec 17, 2011

I don't understand why I can't harass people online. Seriously, somebody please explain why I shouldn't be allowed to stalk others on social media!
This is all interesting and I want to set this up. My first thought was to put it on my Edge Router Lite but some threads I’ve read stated it was probably too slow and not enough RAM to push more than a few mbps which isn’t sufficient for me as I’d like to be able to stream say Netflix in 1080p. My next thought was a Raspberry Pi but that’s probably too slow too.

Is there anything out there that would be less than say $50 or so that is sufficient?

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

It depends on your internet speed.

Not directly relevant to your question, but algo is mostly focused on cloud servers and you can get a DO server for 5/month.

Boris Galerkin
Dec 17, 2011

I don't understand why I can't harass people online. Seriously, somebody please explain why I shouldn't be allowed to stalk others on social media!
I just wanted to do it on my router cause I thought I wanted to own the entire stack down to hardware, but then I thought about what the point of this was (securing my public WiFi) and didn’t care anymore. Gave it a shot with DO since I already had an account there and since I’m staying at hotels right now and it works great. Will look more in depth into the options later cause I don’t need it to generate any android anythings for me.

As an aside I had no idea iOS had a feature to auto join VPN connections when on WiFi (with whitelisting) which is really cool.

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

Boris Galerkin posted:

I just wanted to do it on my router cause I thought I wanted to own the entire stack down to hardware, but then I thought about what the point of this was (securing my public WiFi) and didn’t care anymore. Gave it a shot with DO since I already had an account there and since I’m staying at hotels right now and it works great. Will look more in depth into the options later cause I don’t need it to generate any android anythings for me.

As an aside I had no idea iOS had a feature to auto join VPN connections when on WiFi (with whitelisting) which is really cool.

They also support deploying to your own Ubuntu server so you might look in to that.

There was [url=http://w4t.pw/2p]work done on supporting it on Ubiquiti EdgeMax devices and there's a config and instructions to do that. However, it's not the easiest system and after some discussion I think people are holding off on going further with it and official support until algo gets its plugin system implemented.

apropos man
Sep 5, 2016

You get a hundred and forty one thousand years and you're out in eight!
I tried algo the other day and the script returned an error pertaining to a missing selinux python dependency.

I was using a DigitalOcean Ubuntu droplet and running the script from my Fedora machine.

Any ideas?'

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

apropos man posted:

I tried algo the other day and the script returned an error pertaining to a missing selinux python dependency.

I was using a DigitalOcean Ubuntu droplet and running the script from my Fedora machine.

Any ideas?'

Check out the issues and submit a new one if you can't find someone with the same problem.

https://github.com/trailofbits/algo/issues

THF13
Sep 26, 2007

Keep an adversary in the dark about what you're capable of, and he has to assume the worst.

apropos man posted:

I tried algo the other day and the script returned an error pertaining to a missing selinux python dependency.

I was using a DigitalOcean Ubuntu droplet and running the script from my Fedora machine.

Any ideas?'

Covering the stupid questions first, did you CD into the algo-master directory where you unzipped Algo before running any of the commands from the deployment guide?

I've used it for a day or two now and not sure if I'll keep using it. I wish it worked natively in Android. The strongswan app has to keep a persistent notification going to keep from being booted out of memory. I've also had a couple of instances where it disconnects and seems to get stuck trying to reconnect. Using it with a new phone so not sure if it's a problem with the app, some battery saving feature or a problem with the terrible connection I have at work.

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

THF13 posted:

Covering the stupid questions first, did you CD into the algo-master directory where you unzipped Algo before running any of the commands from the deployment guide?

I've used it for a day or two now and not sure if I'll keep using it. I wish it worked natively in Android. The strongswan app has to keep a persistent notification going to keep from being booted out of memory. I've also had a couple of instances where it disconnects and seems to get stuck trying to reconnect. Using it with a new phone so not sure if it's a problem with the app, some battery saving feature or a problem with the terrible connection I have at work.

FWIW, I had those problems long ago with strongswan, but for a long time now strongswan basically never disconnects or gets stuck. Right now it's been running for 4 days on my phone.

I do hate how I have to disconnect to use some smarthome devices and chromecasts as they expect you to be on the same network.

THF13
Sep 26, 2007

Keep an adversary in the dark about what you're capable of, and he has to assume the worst.

Thermopyle posted:

FWIW, I had those problems long ago with strongswan, but for a long time now strongswan basically never disconnects or gets stuck. Right now it's been running for 4 days on my phone.

I do hate how I have to disconnect to use some smarthome devices and chromecasts as they expect you to be on the same network.

I saw it had split tunneling with options for excluding specific network subnets, wouldn't that solve it?

Boris Galerkin
Dec 17, 2011

I don't understand why I can't harass people online. Seriously, somebody please explain why I shouldn't be allowed to stalk others on social media!

apropos man posted:

I tried algo the other day and the script returned an error pertaining to a missing selinux python dependency.

I was using a DigitalOcean Ubuntu droplet and running the script from my Fedora machine.

Any ideas?'

The deployment script automatically spins up a new DO Droplet for you, so whatever Droplet(s) you already have doesn't matter.

Try doing this on your Fedora machine:

code:
sudo dnf install -y libselinux-python
And then run the algo script again.

... or do what I did (I also deployed this from a Fedora laptop last night) and just create a Ubuntu docker container to do the deployment. If that lat part doesn't make sense to you then just ignore it and hope that my first suggestion works :v:

You might also want to take a look at deploy from redhat/centos6. Instead of yum you'd want to use dnf

I think the relevant parts you'd want to copy and paste are:

code:
sudo dnf install -y epel-release
You might have to reboot at this point. Then,

code:
sudo dnf install -y openssl-devel libffi-devel automake gcc gcc-c++ kernel-devel wget unzip ansible nano

# Upgrade pip itself
sudo pip -q install --upgrade pip
# python-devel needed to prevent setup.py crash
sudo pip -q install pycrypto       
# pycrypto 2.7.1 needed for latest security patch
sudo pip -q install setuptools --upgrade
# virtualenv to make installing dependencies easier
sudo pip -q install virtualenv

wget -q [url]https://github.com/trailofbits/algo/archive/master.zip[/url]
unzip master.zip
cd algo-master || echo "No Algo directory found"

# Set up a virtualenv and install the local Algo dependencies (must be run from algo-master)
virtualenv env && source env/bin/activate
pip -q install -r requirements.txt

# Edit the userlist and any other settings you desire
nano config.cfg
# Now you can run the Algo installer!
./algo
e: Even more alternatively, just spin up a DO Droplet with Ubuntu to deploy to another DO Droplet :v:. In that case, just create a Ubuntu (Xenial) Droplet or use an existing one, then ssh into it, and then follow all the standard instructions. You might have to

code:
sudo apt-get install openssh-client
On a fresh Ubuntu image. After algo is deployed you can just delete the droplet you used to deploy from (same goes for the docker route in that you can just delete the container).

Boris Galerkin fucked around with this message at 18:15 on Oct 26, 2017

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

THF13 posted:

I saw it had split tunneling with options for excluding specific network subnets, wouldn't that solve it?

They added that somewhat recently and I'm too networking-stupid to figure out how to configure it.

There's a Custom subnets and and an excluded subnets field and I can't seem to bungle my way through getting it to work.

I also think that maybe it's not a great solution anyway because anytime I get on wifi using the same ip range as my home network (192.168.1.x) i'm exposing requests from my phone to that network. Or maybe I just don't understand (most likely).

edit: Oh, I messed around with it more. Had to put 192.168.1.0/24 into excluded subnets and that seems to work. I'm not sure if it's a good idea though because of what I mention about being on other wifi networks with that address range...

Thermopyle fucked around with this message at 19:58 on Oct 26, 2017

Adbot
ADBOT LOVES YOU

apropos man
Sep 5, 2016

You get a hundred and forty one thousand years and you're out in eight!

Boris Galerkin posted:

The deployment script automatically spins up a new DO Droplet for you, so whatever Droplet(s) you already have doesn't matter.

Try doing this on your Fedora machine:

code:
sudo dnf install -y libselinux-python
And then run the algo script again.

... or do what I did (I also deployed this from a Fedora laptop last night) and just create a Ubuntu docker container to do the deployment. If that lat part doesn't make sense to you then just ignore it and hope that my first suggestion works :v:

You might also want to take a look at deploy from redhat/centos6. Instead of yum you'd want to use dnf

I think the relevant parts you'd want to copy and paste are:

code:
sudo dnf install -y epel-release
You might have to reboot at this point. Then,

code:
sudo dnf install -y openssl-devel libffi-devel automake gcc gcc-c++ kernel-devel wget unzip ansible nano

# Upgrade pip itself
sudo pip -q install --upgrade pip
# python-devel needed to prevent setup.py crash
sudo pip -q install pycrypto       
# pycrypto 2.7.1 needed for latest security patch
sudo pip -q install setuptools --upgrade
# virtualenv to make installing dependencies easier
sudo pip -q install virtualenv

wget -q [url]https://github.com/trailofbits/algo/archive/master.zip[/url]
unzip master.zip
cd algo-master || echo "No Algo directory found"

# Set up a virtualenv and install the local Algo dependencies (must be run from algo-master)
virtualenv env && source env/bin/activate
pip -q install -r requirements.txt

# Edit the userlist and any other settings you desire
nano config.cfg
# Now you can run the Algo installer!
./algo
e: Even more alternatively, just spin up a DO Droplet with Ubuntu to deploy to another DO Droplet :v:. In that case, just create a Ubuntu (Xenial) Droplet or use an existing one, then ssh into it, and then follow all the standard instructions. You might have to

code:
sudo apt-get install openssh-client
On a fresh Ubuntu image. After algo is deployed you can just delete the droplet you used to deploy from (same goes for the docker route in that you can just delete the container).

Cheers. I had actually installed libselinux-python the other night when I tried it. It's still in my dnf history. This is the error I continually get:

code:
TASK [Ensure the dynamic inventory exists] *************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}
However, your suggestion of using an Ubuntu VM or droplet in order to create another droplet makes sense. I think I'll try an Ubuntu VM using GNOME Boxes in Fedora and if that fails I'll use the 'droplet to create a droplet' trick.

I didn't know that the DO API keys were universal to your account, and could be used to create a new droplet. I'd just assumed that the API key was specific to your droplet, since I've only usually got one droplet on the go at any one time. So you live and learn. Cheers.

  • Locked thread