Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

branch local_openssl_tasks, update-users fails #219

Closed
jackivanov opened this issue Jan 22, 2017 · 0 comments
Closed

branch local_openssl_tasks, update-users fails #219

jackivanov opened this issue Jan 22, 2017 · 0 comments

Comments

@jackivanov
Copy link
Collaborator

The issue was created by @dleonard00 in the PR #169

OS / Environment

OS X Sierra

Ansible version

ansible 2.2.0.0

Summary of the problem

Similar to Issue 183 that has been closed
Setting up initial VPN works well, but adding a user to configs.cfg and running ./algo update-users fails

Steps to reproduce the behavior

Create VPN on GCE by running ./algo and following the steps.
Add a user to configs.cfg
Run ./algo update-users

Expected behavior

Successful connection to VPN when the newly generated mobileconfig is installed on iOS device.

Actual behavior

Unable to connect iPhone (iOS 10.2) with the newly created user's mobileconfig. Disconnects immediately.

Here is the output from syslog.

Jan 21 19:10:35 n1-algo charon: 09[NET] received packet: from 107.188.141.56[500] to 10.128.0.4[500]
Jan 21 19:10:35 n1-algo charon: 09[NET] waiting for data on sockets
Jan 21 19:10:35 n1-algo charon: 14[MGR] checkout IKE_SA by message
Jan 21 19:10:35 n1-algo charon: 14[MGR] created IKE_SA (unnamed)[9]
Jan 21 19:10:35 n1-algo charon: 14[NET] received packet: from 107.188.141.56[500] to 10.128.0.4[500] (232 bytes)
Jan 21 19:10:35 n1-algo charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_
IP) N(FRAG_SUP) ]
Jan 21 19:10:35 n1-algo charon: 14[CFG] looking for an ike config for 10.128.0.4...107.188.141.56
Jan 21 19:10:35 n1-algo charon: 14[CFG]   candidate: %any...%any, prio 28
Jan 21 19:10:35 n1-algo charon: 14[CFG] found matching ike config: %any...%any with prio 28
Jan 21 19:10:35 n1-algo charon: 14[IKE] 107.188.141.56 is initiating an IKE_SA
Jan 21 19:10:35 n1-algo charon: 14[IKE] IKE_SA (unnamed)[9] state change: CREATED => CONNECTING
Jan 21 19:10:35 n1-algo charon: 14[CFG] selecting proposal:
Jan 21 19:10:35 n1-algo charon: 14[CFG]   proposal matches
Jan 21 19:10:35 n1-algo charon: 14[CFG] received proposals: IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256
Jan 21 19:10:35 n1-algo charon: 14[CFG] configured proposals: IKE:AES_GCM_16_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_25
6/ECP_256
Jan 21 19:10:35 n1-algo charon: 14[CFG] selected proposal: IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256
Jan 21 19:10:35 n1-algo charon: 14[IKE] local host is behind NAT, sending keep alives
Jan 21 19:10:35 n1-algo charon: 14[IKE] remote host is behind NAT
Jan 21 19:10:35 n1-algo charon: 14[IKE] sending cert request for "CN=146.148.48.199"
Jan 21 19:10:35 n1-algo charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERT
REQ N(FRAG_SUP) N(MULT_AUTH) ]
Jan 21 19:10:35 n1-algo charon: 14[NET] sending packet: from 10.128.0.4[500] to 107.188.141.56[500] (273 bytes)
Jan 21 19:10:35 n1-algo charon: 10[NET] sending packet: from 10.128.0.4[500] to 107.188.141.56[500]
Jan 21 19:10:35 n1-algo charon: 14[MGR] checkin IKE_SA (unnamed)[9]
Jan 21 19:10:35 n1-algo charon: 14[MGR] check-in of IKE_SA successful.
Jan 21 19:10:55 n1-algo charon: 06[MGR] checkout IKE_SA
Jan 21 19:10:55 n1-algo systemd[1]: Starting Cleanup of Temporary Directories...
Jan 21 19:10:55 n1-algo charon: 06[MGR] IKE_SA (unnamed)[9] successfully checked out
Jan 21 19:10:55 n1-algo charon: 06[IKE] sending keep alive to 107.188.141.56[500]
Jan 21 19:10:55 n1-algo charon: 06[MGR] checkin IKE_SA (unnamed)[9]
Jan 21 19:10:55 n1-algo charon: 06[MGR] check-in of IKE_SA successful.
Jan 21 19:10:55 n1-algo charon: 10[NET] sending packet: from 10.128.0.4[500] to 107.188.141.56[500]
Jan 21 19:10:55 n1-algo systemd-tmpfiles[2447]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log
", ignoring.
Jan 21 19:10:55 n1-algo systemd[1]: Started Cleanup of Temporary Directories.
Jan 21 19:11:05 n1-algo charon: 05[MGR] checkout IKE_SA
Jan 21 19:11:05 n1-algo charon: 05[MGR] IKE_SA (unnamed)[9] successfully checked out
Jan 21 19:11:05 n1-algo charon: 05[JOB] deleting half open IKE_SA after timeout
Jan 21 19:11:05 n1-algo charon: 05[MGR] checkin and destroy IKE_SA (unnamed)[9]
Jan 21 19:11:05 n1-algo charon: 05[IKE] IKE_SA (unnamed)[9] state change: CONNECTING => DESTROYING
Jan 21 19:11:05 n1-algo charon: 05[MGR] check-in and destroy of IKE_SA successful
Jan 21 19:11:15 n1-algo charon: 04[MGR] checkout IKE_SA
jackivanov added a commit that referenced this issue Jan 22, 2017
@jackivanov
Hardcoded IP. Fixes #219
599fb6e
dguido pushed a commit that referenced this issue Feb 3, 2017
@gunph1ld @dguido
Local openssl tasks (#169)
35faf4b 
* Draft

works with ECDSA

RSA support for Windows

* update-users with local_openssl_tasks

* move prompts to the algo script

* additional directory for SSH keys

* move easyrsa_p12_export_password to pre_tasks

* update-users testing

* Fix hardcoded vars

* Delete the CA key

* Hardcoded IP. Fixes #219

* Some fixes
faf0 pushed a commit to faf0/algo that referenced this issue Dec 13, 2018
@gunph1ld @dguido
Local openssl tasks (trailofbits#169)
be48ca6 
* Draft

works with ECDSA

RSA support for Windows

* update-users with local_openssl_tasks

* move prompts to the algo script

* additional directory for SSH keys

* move easyrsa_p12_export_password to pre_tasks

* update-users testing

* Fix hardcoded vars

* Delete the CA key

* Hardcoded IP. Fixes trailofbits#219

* Some fixes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jackivanov