You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Similar to Issue 183 that has been closed
Setting up initial VPN works well, but adding a user to configs.cfg and running ./algo update-users fails
Steps to reproduce the behavior
Create VPN on GCE by running ./algo and following the steps.
Add a user to configs.cfg
Run ./algo update-users
Expected behavior
Successful connection to VPN when the newly generated mobileconfig is installed on iOS device.
Actual behavior
Unable to connect iPhone (iOS 10.2) with the newly created user's mobileconfig. Disconnects immediately.
Here is the output from syslog.
Jan 21 19:10:35 n1-algo charon: 09[NET] received packet: from 107.188.141.56[500] to 10.128.0.4[500]
Jan 21 19:10:35 n1-algo charon: 09[NET] waiting for data on sockets
Jan 21 19:10:35 n1-algo charon: 14[MGR] checkout IKE_SA by message
Jan 21 19:10:35 n1-algo charon: 14[MGR] created IKE_SA (unnamed)[9]
Jan 21 19:10:35 n1-algo charon: 14[NET] received packet: from 107.188.141.56[500] to 10.128.0.4[500] (232 bytes)
Jan 21 19:10:35 n1-algo charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_
IP) N(FRAG_SUP) ]
Jan 21 19:10:35 n1-algo charon: 14[CFG] looking for an ike config for 10.128.0.4...107.188.141.56
Jan 21 19:10:35 n1-algo charon: 14[CFG] candidate: %any...%any, prio 28
Jan 21 19:10:35 n1-algo charon: 14[CFG] found matching ike config: %any...%any with prio 28
Jan 21 19:10:35 n1-algo charon: 14[IKE] 107.188.141.56 is initiating an IKE_SA
Jan 21 19:10:35 n1-algo charon: 14[IKE] IKE_SA (unnamed)[9] state change: CREATED => CONNECTING
Jan 21 19:10:35 n1-algo charon: 14[CFG] selecting proposal:
Jan 21 19:10:35 n1-algo charon: 14[CFG] proposal matches
Jan 21 19:10:35 n1-algo charon: 14[CFG] received proposals: IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256
Jan 21 19:10:35 n1-algo charon: 14[CFG] configured proposals: IKE:AES_GCM_16_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_25
6/ECP_256
Jan 21 19:10:35 n1-algo charon: 14[CFG] selected proposal: IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256
Jan 21 19:10:35 n1-algo charon: 14[IKE] local host is behind NAT, sending keep alives
Jan 21 19:10:35 n1-algo charon: 14[IKE] remote host is behind NAT
Jan 21 19:10:35 n1-algo charon: 14[IKE] sending cert request for "CN=146.148.48.199"
Jan 21 19:10:35 n1-algo charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERT
REQ N(FRAG_SUP) N(MULT_AUTH) ]
Jan 21 19:10:35 n1-algo charon: 14[NET] sending packet: from 10.128.0.4[500] to 107.188.141.56[500] (273 bytes)
Jan 21 19:10:35 n1-algo charon: 10[NET] sending packet: from 10.128.0.4[500] to 107.188.141.56[500]
Jan 21 19:10:35 n1-algo charon: 14[MGR] checkin IKE_SA (unnamed)[9]
Jan 21 19:10:35 n1-algo charon: 14[MGR] check-in of IKE_SA successful.
Jan 21 19:10:55 n1-algo charon: 06[MGR] checkout IKE_SA
Jan 21 19:10:55 n1-algo systemd[1]: Starting Cleanup of Temporary Directories...
Jan 21 19:10:55 n1-algo charon: 06[MGR] IKE_SA (unnamed)[9] successfully checked out
Jan 21 19:10:55 n1-algo charon: 06[IKE] sending keep alive to 107.188.141.56[500]
Jan 21 19:10:55 n1-algo charon: 06[MGR] checkin IKE_SA (unnamed)[9]
Jan 21 19:10:55 n1-algo charon: 06[MGR] check-in of IKE_SA successful.
Jan 21 19:10:55 n1-algo charon: 10[NET] sending packet: from 10.128.0.4[500] to 107.188.141.56[500]
Jan 21 19:10:55 n1-algo systemd-tmpfiles[2447]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log
", ignoring.
Jan 21 19:10:55 n1-algo systemd[1]: Started Cleanup of Temporary Directories.
Jan 21 19:11:05 n1-algo charon: 05[MGR] checkout IKE_SA
Jan 21 19:11:05 n1-algo charon: 05[MGR] IKE_SA (unnamed)[9] successfully checked out
Jan 21 19:11:05 n1-algo charon: 05[JOB] deleting half open IKE_SA after timeout
Jan 21 19:11:05 n1-algo charon: 05[MGR] checkin and destroy IKE_SA (unnamed)[9]
Jan 21 19:11:05 n1-algo charon: 05[IKE] IKE_SA (unnamed)[9] state change: CONNECTING => DESTROYING
Jan 21 19:11:05 n1-algo charon: 05[MGR] check-in and destroy of IKE_SA successful
Jan 21 19:11:15 n1-algo charon: 04[MGR] checkout IKE_SA
The text was updated successfully, but these errors were encountered:
* Draft
works with ECDSA
RSA support for Windows
* update-users with local_openssl_tasks
* move prompts to the algo script
* additional directory for SSH keys
* move easyrsa_p12_export_password to pre_tasks
* update-users testing
* Fix hardcoded vars
* Delete the CA key
* Hardcoded IP. Fixes#219
* Some fixes
faf0
pushed a commit
to faf0/algo
that referenced
this issue
Dec 13, 2018
* Draft
works with ECDSA
RSA support for Windows
* update-users with local_openssl_tasks
* move prompts to the algo script
* additional directory for SSH keys
* move easyrsa_p12_export_password to pre_tasks
* update-users testing
* Fix hardcoded vars
* Delete the CA key
* Hardcoded IP. Fixestrailofbits#219
* Some fixes
The issue was created by @dleonard00 in the PR #169
OS / Environment
OS X Sierra
Ansible version
ansible 2.2.0.0
Summary of the problem
Similar to Issue 183 that has been closed
Setting up initial VPN works well, but adding a user to configs.cfg and running ./algo update-users fails
Steps to reproduce the behavior
Create VPN on GCE by running ./algo and following the steps.
Add a user to configs.cfg
Run ./algo update-users
Expected behavior
Successful connection to VPN when the newly generated mobileconfig is installed on iOS device.
Actual behavior
Unable to connect iPhone (iOS 10.2) with the newly created user's mobileconfig. Disconnects immediately.
Here is the output from syslog.
The text was updated successfully, but these errors were encountered: