Add support for custom domain names

[notDavid]

OS / Environment

macOS 10.13.2

Ansible version

ansible 2.2.0.0
config file = /Users/me/Desktop/algo/ansible.cfg
configured module search path = Default w/o overrides

Version of components from requirements.txt

Summary of the problem

If i set IP_subject_alt_name: "my.domain.com" (instead of the default which is the public IP address) in config.cfg i get this error:

TASK [vpn : Build the server pair] *********************************************
fatal: [18.196.7.194 -> localhost]: FAILED! => {"changed": true, "cmd": "openssl req -utf8 -new -newkey ec:ecparams/prime256v1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=DNS:my.domain.com,IP:my.domain.com\")) -keyout private/my.domain.com.key -out reqs/my.domain.com.req -nodes -passin pass:\"12cee2d8bfacaa8d11e6f13d3e6ff893\" -subj \"/CN=my.domain.com\" -batch && openssl ca -utf8 -in reqs/my.domain.com.req -out certs/my.domain.com.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=DNS:my.domain.com,IP:my.domain.com\")) -days 3650 -batch -passin pass:\"12cee2d8bfacaa8d11e6f13d3e6ff893\" -subj \"/CN=my.domain.com\" && touch certs/my.domain.com_crt_generated", "delta": "0:00:00.072963", "end": "2017-12-21 18:00:48.053894", "failed": true, "rc": 1, "start": "2017-12-21 18:00:47.980931", "stderr": "Generating a 256 bit EC private key\nwriting new private key to 'private/my.domain.com.key'\n-----\nUsing configuration from /dev/fd/63\nError Loading extension section basic_exts\n140736090465160:error:0E06D06C:configuration file routines:NCONF_get_string:no value:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/conf/conf_lib.c:323:group=(null) name=unique_subject\n140736090465160:error:0E06D06C:configuration file routines:NCONF_get_string:no value:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/conf/conf_lib.c:323:group=CA_default name=email_in_dn\n140736090465160:error:220A4076:X509 V3 routines:A2I_GENERAL_NAME:bad ip address:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/x509v3/v3_alt.c:532:value=my.domain.com\n140736090465160:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/x509v3/v3_conf.c:97:name=subjectAltName, value=DNS:my.domain.com,IP:my.domain.com", "stdout": "", "stdout_lines": [], "warnings": []}

Steps to reproduce the behavior

Set IP_subject_alt_name: "my.domain.com" in config.cfg and deploy algo to Amazon ec2

Expected behavior

Hi, just reporting this as an fyi, no idea if you want to fix this. I solved it by modifying this line and remove this item: ,IP:{{ IP_subject_alt_name }}

After this modification i can use "my.domain.com" instead of an IP, and everything seems to work as expected (i only tested the .mobileconfig clients.)

[willyyr]

Can confirm the above mod works. Thanks, how about you create a pull request?

[Mrdindon]

Good day,

I did the installation at my home (option 5 - Ubuntu server) and I was able to connect from the profile generated for IOS. Still, during the installation, the scripts require a public IP address. I tried to put my ddns dns entry instead but that didn't work... I also tried to replace the ip fields in the .mobileconfig generated but that didn't work either. Could someone give me some hints on how I could achieve this ?

The main goal in my case isn't to hide my traffic but to find a secure way to connect to my house network with ios on demand profiles.

Thanks for your help, great job :)

[vocalico]

@notDavid any idea on how to do the same now? the file changed enough to make impossible me doing the same modifications

[hduarte]

@vocalico here change the line:

subjectAltName_IP: "IP:{{ IP_subject_alt_name }}

to

subjectAltName_IP: "DNS:{{ IP_subject_alt_name }}

After this change start the ./algo setup as usual and use a domain name instead of an IP address

[vocalico]

@hduarte thanks! Finally working. Awesome!

[ghost]

Is it planned to have native support for domain names? I can't get this to work with neither ansible nor ./algo. I would like to be able to change the IP of the DNS without updating e.g. the IOS profiles.

[dguido]

This is not currently a priority for AlgoVPN! We have other features we want to build, and this is not a roadblock for what we want to do with it.

However, I'm open to contributions that support this feature.

[conorsch]

Having DNS support would be great, especially for roaming or otherwise geographically distributed users, so they're able to connect automatically to the closest suitable server. Happy to take a crack at supporting DNS options as part of the config flow.

[okgolove]

Any progress here?
It's a really necessary thing.