bls
Posts: 291
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA

pistrong CA/Cert manager for strongSwan VPN service

Tue Oct 23, 2018 5:31 pm

pistrong greatly simplifies installing and configuring strongSwan, and managing the strongSwan Certificate Authority (CA) and Certificates for user devices for the roadwarrior use case.

pistrong includes complete installation, configuration, and management support for Raspbian/Debian distros. There is partial install/config support for openSuSE, Ubuntu, Debian, and Centos. pistrong is distro-independent, so can be used on any distro once strongSwan is properly installed and configured.

pistrong consists of two components:

* pistrong - Provides day-to-day CA and roadwarrior user Key/Cert management

* InstallPiStrong - Installs and configures strongSwan for the roadwarrior use case

The easiest way to install pistrong on your system is to use the bash command as root:

Code: Select all

 curl -L https://raw.githubusercontent.com/gitbls/pistrong/master/EZPiStrongInstaller | bash

This will download pistrong and InstallPiStrong to /usr/local/bin, and then start InstallPiStrong all to fully install and configure strongSwan.

For complete documentation see https://github.com/gitbls/pistrong

Of course your feedback (+/-) and questions are welcome!

bls
Posts: 291
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA

Re: pistrong CA/Cert manager for strongSwan VPN service

Tue Oct 23, 2018 6:48 pm

Here's an example of creating a CA and adding a user Cert after the installation completes.

# pistrong makeca
# pistrong start
# pistrong add bls --device iPhone --random --mail [email protected] --webdir /var/www/html/vpn --weburl http://mypi/vpn
% Added bls-iPhone
#

The first command creates the CA. The second command creates a Cert/Key for user bls, device iPhone. The device name is only for the manager's tracking use (if not specified, 'dev' is used). pistrong will copy the user's Cert to /var/www/html/vpn and send email to [email protected] (this assumes that email has been properly set up). The email will contain URL links to the user's Cert and CA Cert (needed for iOS). A second email will contain the Cert password only needed for Cert installation).

More examples in the documentation, including full documentation for installing the Certs on iOS and Windows 10. I'd like to add documentation for MacOS and Android. If anyone is interested in collaborating with me on this, I'd appreciate the help!

Return to “Networking and servers”