Feature/documentation pages

.github/workflows/build-release-doc-pages.yml

@@ -0,0 +1,32 @@
+name: Generate github pages
+
+on:
+  push: 
+    branches: [ feature/documentation-pages, main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: feature/documentation-pages
+
+      - name: Setup JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: "11"
+          distribution: "temurin"
+
+      - name: Generate HTML files and resources
+        run: cd docs && mvn
+
+      - name: Deploy to GitHub Pages
+        uses: crazy-max/ghaction-github-pages@v2
+        with:
+          target_branch: doc-pages-uat
+          build_dir: docs/target/generated-docs
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

docs/antora.yml

@@ -0,0 +1,7 @@
+name: playio-vpn-docs
+title: PlayIO VPN Docs
+version: 1.0
+nav:
+  - modules/ROOT/nav.adoc
+  - modules/guide_dev/nav.adoc
+  - modules/guide_user/nav.adoc

docs/modules/ROOT/nav.adoc

@@ -0,0 +1,2 @@
+* xref:index.adoc[VPN Infrastructure]
+* xref:OVERVIEW.adoc[How it set up]

docs/modules/ROOT/pages/OVERVIEW.adoc

@@ -0,0 +1,77 @@
+= PlayiO VPN connection design
+
+== External connection
+
+VPN infrastructure provide private tunnel via Internet connection to our servers.
+
+[NOTE]
+
+Our client will run on beagleboard device, which is running Debian on `armv7`, testing client scripts may need a real device.
+
+=== Server security setup
+
+This is collection of script to bootstrap, manage, setup softether-vpn server.
+
+* VPN connection uses `SoftEther VPN protocol` over `HTTPS`, backed by `reverse proxy`, `SSL` is provided by link:https://letsencrypt.org/[`Letsencrypt`]
+* VPN secure connection with link:https://www.softether.org/4-docs/1-manual/4._SoftEther_VPN_Client_Manual/4.4_Making_Connection_to_VPN_Server#4.4.5_Server-Certificate_Verification[Certificate Verification].
+VPN server certificate is generated by our owned link:https://en.wikipedia.org/wiki/Root_certificate#targetText=In%20cryptography%20and%20computer%20security,public%20key%20infrastructure%20(PKI).[`Root CA`]
+ ** Use `TLS 1.2`
+ ** link:https://en.wikipedia.org/wiki/Cipher_suite[Cipher suite]: `ECDHE-RSA-AES256-GCM-SHA384`
+
+== Internal communication
+
+* VPN connection type: link:https://www.softether.org/4-docs/1-manual/1._SoftEther_VPN_Overview/1.4_VPN_Processing_Principle_and_Communication_Method#1.4.7_Remote_Access_VPN[Remote Access VPN]
+* Separate customers to `Virtual Hubs`.
+* `Virtual Hubs` are isolated to each other.
+
+=== Virtual Hub setup
+
+==== IP network
+
+Enable `secureNAT`
+
+* DHCP IP scope (NAT subnet): `10/8 subnet`
+* Hub virtual IP (virtual NAT gateway): `10.0.0.1`
+* IP configuration push to client:
+ ** `Corporate DNS`: IP of Corp's DNS servers
+ ** Optional Public Google DNS `8.8.8.8`
+ ** Static routes:
++
+|===
+| Internal resource | Destination network | Net mask | Gateway
+
+| Corporate DNS server
+| <DNS Server IP>
+| 255.255.255.255
+| 10.0.0.1
+
+| Corporate VPN subnet
+| 192.168.0.0
+| 255.255.255.0
+| 10.0.0.1
+|===
++
+[IMPORTANT]
+*And all necessary routes to `internal resource subnets` are defined for a customer separately.
+
+==== User authentication
+
+* Define groups and users for each customer
+* Authentication method
+ ** Edge device: link:https://www.softether.org/4-docs/1-manual/2._SoftEther_VPN_Essential_Architecture/2.2_User_Authentication#2.2.6_Signed_Certificate_Authentication[`Signed certificate`] that is signed by our <<External connection,Root CA>>
+  *** Each device has one dedicated user
+  *** Each device has each `VPN certificate` key
+  *** Each device has each `ssh` public/private key
+ ** (Optional) Interactive user: `basic password`
+
+==== Virtual Hub security policy
+
+Status: `WIP`
+
+[%interactive]
+
+* [ ] Define hub admin security policy
+
+* [ ] Define security policy and apply to group
+
+* [ ] Define hub extended options

docs/modules/ROOT/pages/index.adoc

@@ -0,0 +1,114 @@
+= PlayIO VPN
+
+*Play-IO* IIoT VPN solution
+
+== Overview
+
+[#img-vpnserver]
+image::vpnserver.png[softether,width=75%]
+
+== Server Infrastructure
+
+Play-IO VPN solution provides secured connection to Corporate infrastructure as well as centralized user, iot device and credential management
+
+=== VPN Server
+
+Server configuration is described xref:OVERVIEW.adoc[here]
+
+=== VPN DDNS
+
+image:https://img.shields.io/docker/v/playio/vpnddns?sort=semver[Docker Image Version (latest semver),link=https://hub.docker.com/r/playio/vpnddns/tags?page=1&ordering=last_updated] image:https://img.shields.io/docker/image-size/playio/vpnddns?sort=semver[Docker Image Size (latest semver),link=https://hub.docker.com/r/playio/vpnddns/tags?page=1&ordering=last_updated]
+
+The `CLI` application syncs every 2 minutes VPN client IP addresses to private Google Cloud DNS:
+
+* DNS zone name for each customer: `device.<customer-code>`
+* Device DNS name: `<device-hostname>.device.<customer-code>`
+
+== Client Infrastructure
+
+=== Client Tool (VPNC)
+
+==== Supported Operating system
+
+
+|===
+| Distro | Release | Architecture | Status
+
+| Raspbian
+| Stretch/Buster
+| `ARMv7`/`ARM64`
+| &#10004;
+
+| BeagleBoard
+| Stretch/Buster
+| `ARMv7`/`ARM64`
+| &#10004;
+
+| OpenWRT
+| 18.x/19.x
+| `ARMv7`/`ARM64`/`Mips`
+| &#10004;
+
+| Ubuntu
+| 16.x/18.x/20.x
+| `ARMv7`/`ARM64`/`x86_64`
+| &#10004;
+
+| Debian
+| 9/10
+| `ARMv7`/`ARM64`/`x86_64`
+| &#10004;
+
+| Fedora
+| 31/32/33
+| `ARMv7`/`ARM64`/`x86_64`
+| icon:exclamation-triangle[] https://github.com/play-iot/iot-vpn/issues/10[SELinux]
+
+| CentOS
+| 6/7/8
+| `ARMv7`/`ARM64`/`x86_64`
+| icon:exclamation-triangle[] https://github.com/play-iot/iot-vpn/issues/10[SELinux]
+
+| RHEL
+| 7.x/8.x
+| `ARMv7`/`ARM64`/`x86_64`
+| icon:exclamation-triangle[] https://github.com/play-iot/iot-vpn/issues/10[SELinux]
+
+| Windows
+| 8/10
+| `x86_64`
+| icon:exclamation-triangle[] https://www.softether.org/[SoftetherVPN]
+
+| MacOS
+| 7.x/8.x
+| `x86_64`
+| icon:square[]
+
+| Android
+| 7.x/8.x
+| `x86_64`
+| icon:square[]
+|===
+
+==== Supported DNS resolvers
+
+* +++<input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked">++++++</input>+++`NetworkManager`
+* +++<input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked">++++++</input>+++`systemd-resolver`
+* +++<input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked">++++++</input>+++`resolvconf`
+* +++<input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked">++++++</input>+++`openresolv`
+* +++<input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked">++++++</input>+++`connman` https://github.com/play-iot/iot-vpn/issues/91[icon:exclamation-triangle[] Manual step]
+
+==== How to use
+
+* xref:guide_user:VPNC_README.adoc[VPNC Client tool]
+* xref:guide_user:cmd.adoc[Secret Utilities]
+
+=== Client Deployer (VPNC Deployer)
+
+image:https://img.shields.io/docker/v/playio/vpnc-deployer?sort=semver[Docker Image Version (latest semver),link=https://hub.docker.com/r/playio/vpnc-deployer/tags?page=1&ordering=last_updated] image:https://img.shields.io/docker/image-size/playio/vpnc-deployer?sort=semver[Docker Image Size (latest semver),link=https://hub.docker.com/r/playio/vpnc-deployer/tags?page=1&ordering=last_updated]
+
+The `CLI` tool based on `ansible` and `docker` to mass deploy VPN client on one or many devices/computers.
+
+== How to contribute
+
+Please read xref:guide_dev:SETUP.adoc[Development Setup Guide] to setup your environment.

docs/modules/guide_dev/nav.adoc

@@ -0,0 +1,3 @@
+* Developer Guide
+** xref:SETUP.adoc[]
+*** xref:DEV.adoc[Developing VPN tools]