Init repo

README-ru.md

@@ -0,0 +1,42 @@
+[**English**](README.md) | [**Русский**](README-ru.md)
+
+## Файлы конфигурации 
+**iOS:**
+- [**Server1 mobile**](/client-conf/vpnclient1.mobileconfig)
+- [**Server2 mobile**](/client-conf/vpnclient2.mobileconfig)
+- [**Server3 mobile**](/client-conf/vpnclient3.mobileconfig)
+
+**Android:**
+- [**Server1 swan**](/client-conf/vpnclient1.sswan)
+- [**Server2 swan**](/client-conf/vpnclient2.sswan)
+- [**Server3 swan**](/client-conf/vpnclient3.sswan)
+
+## Установка
+
+* [**Windows 7, 8, 10 and 11**](#windows-7-8-10-and-11)
+* [**OS X (macOS)**](#os-x-macos)
+* [**iOS (iPhone/iPad)**](#ios-iphoneipad)
+* [**Android**](#android)
+* [**Linux**](#linux)
+
+### Windows 7, 8, 10 and 11
+- В работе 
+
+### OS X (macOS)
+- В работе 
+
+### iOS (iPhone/iPad)
+1. Сохраните файл **``vpnclient.mobileconfig``** на ваше устройство.
+2. Переместите файл в папку **``iPhone``**.
+3. Зайдите в **``настройки``** и **``установите``** профиль.
+4. Зайдите в **``Настройки``** > **``VPN``** и подключайтесь. 
+
+### Android
+1. Загрузите [**strongSwan VPN Client**](https://play.google.com/store/apps/details?id=org.strongswan.android) из **Google Play**.
+2. Сохраните файл **``vpnclient.sswan``** на ваше устройство.
+3. Нажмите на кнопку в верхнем-правом углу > **``Import VPN profile``** > **``Выберите файл``**.
+4. Выберите **``сертификат VPN``**. 
+5. Подключайтесь к **``VPN``**.
+
+### Linux
+- В работе 

README.md

@@ -0,0 +1,42 @@
+[**English**](README.md) | [**Русский**](README-ru.md)
+
+## Client Configuration Files 
+**iOS:**
+- [**Server1 mobile**](/client-conf/vpnclient1.mobileconfig)
+- [**Server2 mobile**](/client-conf/vpnclient2.mobileconfig)
+- [**Server3 mobile**](/client-conf/vpnclient3.mobileconfig)
+
+**Android:**
+- [**Server1 swan**](/client-conf/vpnclient1.sswan)
+- [**Server2 swan**](/client-conf/vpnclient2.sswan)
+- [**Server3 swan**](/client-conf/vpnclient3.sswan)
+
+## Installation
+
+* [**Windows 7, 8, 10 and 11**](#windows-7-8-10-and-11)
+* [**OS X (macOS)**](#os-x-macos)
+* [**iOS (iPhone/iPad)**](#ios-iphoneipad)
+* [**Android**](#android)
+* [**Linux**](#linux)
+
+### Windows 7, 8, 10 and 11
+- In progress
+
+### OS X (macOS)
+- In progress 
+
+### iOS (iPhone/iPad)
+1. Download the **``vpnclient.mobileconfig``** file to your device.
+2. Move the file to the "On my iPhone" folder.
+3. Open **``Settings``** and **install** the profile.
+4. Go to **``Settings``** > **``VPN``** and connect.
+
+### Android
+1. Download [**strongSwan VPN Client**](https://play.google.com/store/apps/details?id=org.strongswan.android) from Google Play.
+2. Download **``vpnclient.sswan``** file to your device.
+3. Press the button in the top right corner > **``Import VPN profile``** > **``Choose the file``**.
+4. Choose the **``VPN certificate``**. 
+5. Connect to the **``VPN``**.
+
+### Linux
+- In progress 

autovpn/README.md

@@ -0,0 +1,6 @@
+Based on https://github.com/hwdsl2/setup-ipsec-vpn
+
+The motivation of this project is to provide integration with Azure AD through FreeRADIUS 
+
+Also, to split install and configuration parts for preparing an image with installed packages and configure it after running w/o spending time for package installing.
+

autovpn/conf/freeradius/clients.conf.template

@@ -0,0 +1,11 @@
+client localhost {
+	ipaddr = 127.0.0.1
+	proto = *
+	secret = #RADIUS_CLIENT_SECRET#
+	require_message_authenticator = no
+	limit {
+		max_connections = 16
+		lifetime = 0
+		idle_timeout = 30
+	}
+}

autovpn/conf/freeradius/mods-enabled/ldap.template

@@ -0,0 +1,93 @@
+ldap {
+	server = '#LDAP_URI#'
+	port = #LDAP_PORT#
+	identity = '#LDAP_IDENTITY#'    #'cn=admin,dc=example,dc=org'
+	password = '#LDAP_PASSWORD#'
+	base_dn = '#LDAP_BASE_DN#'
+	sasl {
+	}
+	update {
+		control:Password-With-Header	+= 'userPassword'
+		control:			+= 'radiusControlAttribute'
+		request:			+= 'radiusRequestAttribute'
+		reply:				+= 'radiusReplyAttribute'
+	}
+	user {
+                base_dn = "#USER_BASE_DN#"
+				filter = "(userPrincipalName=%{%{Stripped-User-Name}:-%{User-Name}})"
+                #filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
+		sasl {
+		}
+		scope = 'one'
+	}
+	group {
+		base_dn = "#GROUP_BASE_DN#"
+		filter = '(cn=#GROUP_CN#)'
+		scope = 'one'
+		name_attribute = cn
+		membership_filter = "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
+		membership_attribute = 'memberOf'
+	}
+	profile {
+	}
+	client {
+		base_dn = "${..base_dn}"
+		filter = '(objectClass=radiusClient)'
+		template {
+		}
+		attribute {
+			ipaddr				= 'radiusClientIdentifier'
+			secret				= 'radiusClientSecret'
+		}
+	}
+	accounting {
+		reference = "%{tolower:type.%{Acct-Status-Type}}"
+		type {
+			start {
+				update {
+					description := "Online at %S"
+				}
+			}
+			interim-update {
+				update {
+					description := "Last seen at %S"
+				}
+			}
+			stop {
+				update {
+					description := "Offline at %S"
+				}
+			}
+		}
+	}
+	post-auth {
+		update {
+			description := "Authenticated at %S"
+		}
+	}
+	options {
+		dereference = 'always'
+		chase_referrals = yes
+		rebind = yes
+		res_timeout = 10
+		srv_timelimit = 3
+		net_timeout = 1
+		idle = 60
+		probes = 3
+		interval = 3
+		ldap_debug = 0x0028
+	}
+	tls {
+		require_cert	= 'allow'
+	}
+	pool {
+		start = ${thread[pool].start_servers}
+		min = ${thread[pool].min_spare_servers}
+		max = ${thread[pool].max_servers}
+		spare = ${thread[pool].max_spare_servers}
+		uses = 0
+		retry_delay = 30
+		lifetime = 0
+		idle_timeout = 60
+	}
+}