Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
Boris Galerkin
Dec 17, 2011

I don't understand why I can't harass people online. Seriously, somebody please explain why I shouldn't be allowed to stalk others on social media!

apropos man posted:

Cheers. I had actually installed libselinux-python the other night when I tried it. It's still in my dnf history. This is the error I continually get:

code:
TASK [Ensure the dynamic inventory exists] *************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}
However, your suggestion of using an Ubuntu VM or droplet in order to create another droplet makes sense. I think I'll try an Ubuntu VM using GNOME Boxes in Fedora and if that fails I'll use the 'droplet to create a droplet' trick.

I didn't know that the DO API keys were universal to your account, and could be used to create a new droplet. I'd just assumed that the API key was specific to your droplet, since I've only usually got one droplet on the go at any one time. So you live and learn. Cheers.

Oh I think I know what the problem is now. The algo script is trying to do everything in a virtualenv that it creates, but of course libselinux-python is not installed there nor is it available in PyPI so it can't be pip installed. Here's more info about it and apparently you can just copy some files and/or change a setting (both routes are on that page) but eh, I would just go with a Ubuntu VM instead of trying to hack around this.

Boris Galerkin fucked around with this message at 21:45 on Oct 26, 2017

Adbot
ADBOT LOVES YOU

apropos man
Sep 5, 2016

You get a hundred and forty one thousand years and you're out in eight!
I got it working by using an Ubuntu droplet to create the algo droplet.

But then I found that Strongswan crashes on my Android phone when importing a certificate, due to my use of Lineage-OS instead of the stock ROM probably. I have given up. :shrug:

THF13
Sep 26, 2007

Keep an adversary in the dark about what you're capable of, and he has to assume the worst.

Thermopyle posted:

They added that somewhat recently and I'm too networking-stupid to figure out how to configure it.

There's a Custom subnets and and an excluded subnets field and I can't seem to bungle my way through getting it to work.

I also think that maybe it's not a great solution anyway because anytime I get on wifi using the same ip range as my home network (192.168.1.x) i'm exposing requests from my phone to that network. Or maybe I just don't understand (most likely).

edit: Oh, I messed around with it more. Had to put 192.168.1.0/24 into excluded subnets and that seems to work. I'm not sure if it's a good idea though because of what I mention about being on other wifi networks with that address range...

You could change your home network to use 192.168.2.xxx or whatever other third quartet you feel like. I think I can count the times I've seen anything other than .1.xxx on one hand.

hooah
Feb 6, 2006
WTF?

THF13 posted:

I saw it had split tunneling with options for excluding specific network subnets, wouldn't that solve it?

I've heard of this (if it's the same thing as split horizon), and it sounds like it could help me use e.g. Universal Remote and browse the SMB share on my desktop while at home. If that's the case, do you have anywhere I can read up on how to make this work? Thermopyle's post about subnetting might help too.

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

hooah posted:

I've heard of this (if it's the same thing as split horizon), and it sounds like it could help me use e.g. Universal Remote and browse the SMB share on my desktop while at home. If that's the case, do you have anywhere I can read up on how to make this work? Thermopyle's post about subnetting might help too.

My post is all you need. Requests to your network bypass the vpn if you add the subnet mask to the "excluded subnets" setting for your certificate in strongswan.

Lanky Coconut Tree
Apr 7, 2011

An angry tree.

The angriest tree
Couldn't you use the OpenVPN for Android app? I think that lets you specify if you want local traffic sent over the VPN as well.

Boris Galerkin
Dec 17, 2011

I don't understand why I can't harass people online. Seriously, somebody please explain why I shouldn't be allowed to stalk others on social media!
So how exactly do I connect to my vpn server with Fedora (25)? I installed NetworkManager-strongswan and NetwrkManager-strongswan-gnome but can't figure out how to configure it properly.

lets burn
Nov 2, 2005

by FactsAreUseless
Hi I've been needing a VPN solution for a while and thought I would give algo a try. I got stuck maybe halfway through everything.

I got to the part where my algo server was running basically.

So I went to this link https://github.com/trailofbits/algo/blob/master/docs/client-windows.md

to try and set up access to it through windows. I tried to follow the installations instructions but got confused.

Steps 1-4 using Powershell had really confused me. I wasn't able to find the locations of the algo files either...

if you can offer your advice I would appreciate it, I'll be trying to work on this this afternoon.

edit: I managed to fix my issue after doing to my research into trusted certificates store. I'm happy to say algo works!\

was there a particular country I should have set my IP address as if I wanted to P2P file share? )

lets burn fucked around with this message at 23:04 on Oct 29, 2017

Boris Galerkin
Dec 17, 2011

I don't understand why I can't harass people online. Seriously, somebody please explain why I shouldn't be allowed to stalk others on social media!
Algo is for making your internet connections on public WiFi safer, not for :filez:. Digital Ocean, Amazon, Microsoft, etc, are all going to throw you under the bus for pirating because their primary business comes from enterprise users and companies, not people paying $5/month.

(I’m assuming this is what you mean by “p2p file sharing” because if it was 100% legal than why would you care what country? You’d just pick a data center physically close to you for the reduced bandwidth.)

lets burn
Nov 2, 2005

by FactsAreUseless

Boris Galerkin posted:

(I’m assuming this is what you mean by “p2p file sharing” because if it was 100% legal than why would you care what country? You’d just pick a data center physically close to you for the reduced bandwidth.)

Well thanks for letting me know. I guess there's no secure way to share files anymore? I just don't like having these giant ISPs monitoring me.

anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum

lets burn posted:

Well thanks for letting me know. I guess there's no secure way to share files anymore? I just don't like having these giant ISPs monitoring me.
Have you considered using USB drives

Boris Galerkin
Dec 17, 2011

I don't understand why I can't harass people online. Seriously, somebody please explain why I shouldn't be allowed to stalk others on social media!
Or encrypt it and then you don’t need a VPN?

Bohemian Cowabunga
Mar 24, 2008

lets burn posted:

Well thanks for letting me know. I guess there's no secure way to share files anymore? I just don't like having these giant ISPs monitoring me.

Tor over VPN or VPN over Tor?

Bohemian Cowabunga fucked around with this message at 15:26 on Oct 30, 2017

maduin
Mar 4, 2003
or any number of VPNs that market themselves specifically for that purpose? (i.e. Mullvad, AirVPN, ProtonVPN)

Edit: I've been using Algo for months, and it's really fantastic. I do a lot of work out of coffee shops, and it's good to know I'm using a VPN that I control, not just funneling everything I do into someone else's black hole.

For those that are looking to circumvent censorship (something Algo specifically notes that it's not designed for), an alternative self-controlled option is Streisand. It's not as clean as Algo (it sets up a ton of poo poo besides just a VPN like a Tor relay, etc.), but it does include/do a bunch of stuff Algo doesn't.

maduin fucked around with this message at 17:10 on Oct 30, 2017

Alarbus
Mar 31, 2010
Is anyone on the Android 8.1 Developer Preview running Algo via Strongswan (not that you have other choices)? It works fine on my 7.1.1 N6, and my N9 (whatever 7.1 stock it's running), but trying to get it running on 8.1 keeps failing to load the private key.

Also, I can't get my OpenVPN profile to load in that app. I dug it out when the Algo bit didn't work, and I can't get OpenVPN to connect either. Anyone else having VPN issues? I guess I could reset and go back to 8.0 and try that.

I was suspicious that my config from June might be the issue, so I redownloaded the Algo scripts and spun up a new droplet, it didn't behave any differently than the initial one.

Thoughts?

Alarbus
Mar 31, 2010

Alarbus posted:

Is anyone on the Android 8.1 Developer Preview running Algo via Strongswan (not that you have other choices)? It works fine on my 7.1.1 N6, and my N9 (whatever 7.1 stock it's running), but trying to get it running on 8.1 keeps failing to load the private key.

Also, I can't get my OpenVPN profile to load in that app. I dug it out when the Algo bit didn't work, and I can't get OpenVPN to connect either. Anyone else having VPN issues? I guess I could reset and go back to 8.0 and try that.

I was suspicious that my config from June might be the issue, so I redownloaded the Algo scripts and spun up a new droplet, it didn't behave any differently than the initial one.

Thoughts?

Yeah, I unenrolled from the beta (wiping my phone), and on 8.0 Strongswan connects perfectly fine. Going to go with there's a VPN problem on the 8.1 preview. Good to know!

Skarsnik
Oct 21, 2008

I...AM...RUUUDE!




I've been meaning to do this for a while now but with my own home server instead of the :yayclod:, finally got round to it today

Installed strongswan on my centos 7 box manually instead of actually using algo, but the result is the same

My home network is piholed, so the adblocking side of things comes with the network

It's a nice replacement for adguard on my phone now, as well as the other benefits of a vpn :hellyeah:

Blue Footed Booby
Oct 4, 2006

got those happy feet

apropos man posted:

I got it working by using an Ubuntu droplet to create the algo droplet.
...

I did this too. StrongSwan worked perfectly and my phone is online and ad-free.

The problem is I'm network dumb, linux dumb, and regular dumb, so I have no idea what else I need to do, if anything, to make sure that a) it doesn't get hacked, and b) I notice if it does. Lol I can't even SSH into the droplet my original droplet created ("Permission denied (publickey)") so I'm gonna walk away from this and re-read the documentation in a few hours to see the step(s) I no doubt missed or screwed up.

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell

Blue Footed Booby posted:

I did this too. StrongSwan worked perfectly and my phone is online and ad-free.

The problem is I'm network dumb, linux dumb, and regular dumb, so I have no idea what else I need to do, if anything, to make sure that a) it doesn't get hacked, and b) I notice if it does. Lol I can't even SSH into the droplet my original droplet created ("Permission denied (publickey)") so I'm gonna walk away from this and re-read the documentation in a few hours to see the step(s) I no doubt missed or screwed up.

Just delete the droplet you used to create the algo droplet.

The whole point of algo is that it sets up a secure droplet for you, so now that you've done it you're done. You basically don't need to think about it again.

Adbot
ADBOT LOVES YOU

Blue Footed Booby
Oct 4, 2006

got those happy feet

Thermopyle posted:

Just delete the droplet you used to create the algo droplet.

The whole point of algo is that it sets up a secure droplet for you, so now that you've done it you're done. You basically don't need to think about it again.

Thanks, friend. :buddy:

  • Locked thread