Cannot connect on two devices simultaneously #727
Comments
|
I see you mentioned my name above. In my case the problem was caused by the default settings of my router (pfSense). See #520. |
|
David, thanks much for your suggestion. Per your comments in #520, I checked my router's settings. My router (a Cisco RV180) was set with IPSec VPN Passthrough enabled. I disabled it and rebooted the router. I'll never know whether that would work in some alternative universe because I was then unable to connect to Algo on any device. I then re-enabled IPSec VPN Passthrough and rebooted again. I'm back where I was before, able to connect one device at a time to Algo. While I'll wait for an Algo team member, you or another user to weigh in, I'll note a few options to check out.
|
|
Seeing that Thermi had commented on #520 reminded me that Dan Guido had cited strongSwan's strong user community (and Thermi in particular) as a reason for picking strongSwan for the Algo project. So I decided to take a look at what the folks over at strongSwan might have said about my issue. As it happens, this is strongSwan's issue #1161 (Second client from same network can't connect to the server). While I don't have the technical chops to assess this myself, I see that Tobias Brunner says this "[s]ounds like a router issue." Given that Tobias is one of strongSwan's three Main Developers, I'm inclined to trust his judgment. In his comment, Tobias offers three suggestions: (1) try "disabling IPsec passthrough" and see if that helps (I did and while it worked for some other users with other routers, it didn't work for me); (2) "try connecting directly to port 4500" and see if that helps (I'll look into that but Tobias cautions this "doesn't seem to be possible on iOS"); and (3) replace the router (which I'm guessing I might need to look into). To the Algo team: Given the comments I've seen in other issues, including in davidemyers' #520, the two comments on this subject on Gitter and the comments on this issue over at strongSwan, I agree with davidemyers' suggestion to add this issue to the troubleshooting writeup. |
|
I came up with kludgy workaround -- just create extra wifi networks on my wireless access point. As long as each device is using a separate wifi network, my Cisco RV180 router allows multiple devices to connect to Algo simultaneously. Here's a stab at some text that you can use to insert under Connection Problems on the Troubleshooting page. H/t to @davidemyers for his draft, as well as to @Thermi and @tobiasbrunner for their work on strongSwan and suggestions on other threads. I can't get multiple devices to connect to the Algo server Not all routers support multiple simultaneous connections. Some routers are broken -- the router can't distinguish what host in its LAN the packets are for so it sends all the packets to just one host, blocking other devices from connecting to the VPN. To test whether this is happening, try using a different router (such as a nearby open wifi network) to connect to the Algo server. If you can connect multiple devices to the Algo server on another network, then this sounds like a router issue. If your router has a feature called "VPN Passthrough" OR "IPsec Passthrough", try turning it off. If your wireless access point permits you to create additional wifi networks, try whether setting up a different wifi network for each device resolves the problem. Alternatively, if you can edit the server port in the client configuration files, you could try connecting directly to port 4500 (but that doesn't seem possible for iOS devices). Otherwise you may need to get a new router. |
OS / Environment
macOS 10.13.1 on MacBook Air for local machine
iOS 10.3.3 on iPhone 5S (also tested iOS 11.1.1 on an iPhone 8+)
Ubuntu 16.04.3 on DigitalOcean droplet
Ansible version
ansible 2.4.1.0 on MacBook Air
Version of components from
requirements.txtsetuptools Version: 18.5
dopy Version: 0.3.5
boto Version: 2.48.0
six Version: 1.4.1
pyOpenSSL Version: 0.13.1
Summary of the problem
I cannot simultaneously connect to Algo on two devices.
I can connect to Algo on my MacBook; however, once I connect on my MacBook, I cannot connect on my iPhone.
Alternatively, I can connect to Algo on my iPhone; however, once I connect on my iPhone, I cannot connect on my MacBook.
Steps to reproduce the behavior
A1. Confirm that the MacBook and the iPhone are each disconnected from Algo. Shut down both devices.
A2. Restart the MacBook. Confirm that wifi is working. Connect to Algo. Confirm that Algo is connected.
A3. Restart the iPhone. Confirm that wifi is working. Attempt to connect to Algo. iPhone attempts to connect via Algo but fails to do so.
The converse is also true.
B1. Confirm that the MacBook and the iPhone are each disconnected from Algo. Shut down both devices.
B2. Restart the iPhone. Confirm that wifi is working. Connect to Algo. Confirm that Algo is connected.
B3. Restart the MacBook. Confirm that wifi is working. Attempt to connect to Algo. MacBook attempts to connect via Algo but fails to do so.
I've created a series of droplets to test this issue. I'm having the same problem with each droplet I create.
The problem appears to be independent of the choices I make when I run the script to create a droplet. It persists regardless of whether I select On Demand or not. It persists regardless of whether I select security enhancements to server or not.
The problem appears to be independent of the Apple device. In addition to my iPhone 5S, I tested out an iPhone 8+ running iOS 11.1.1. I had the same problems with the iPhone 8+ that I'm experiencing with my iPhone 5S--i.e., the iPhone 8+ can connect to Algo as long as I'm not already connected on my MacBook.
The problem appears to be independent of the Algo profile. I tried using the same profile on both devices. I also tried using different profiles on the two devices. That makes no difference.
The problem appears to be independent of whether I can SSH into the droplet. I currently have two new droplets that I created to run Algo. I can SSH into one. For whatever reason, I cannot SSH into the other. When I do, I get a message saying "Permission denied (publickey)." That makes no difference. I'm experiencing the same inability to simultaneously connect on two devices with each droplet.
I should note that I have NOT tried to add or delete any users. I'm experiencing this issue using the original profiles that Algo generates. In addition, the usernames I've put in are generic: User1, User2, etc.
The way of deployment (cloud or local)
Latest version of Algo as of 11/14/17 deployed on Digital Ocean droplet using the instructions and commands at https://github.com/trailofbits/algo#deploy-the-algo-server.
Expected behavior
I expect to be able to connect to Algo on two or more devices simultaneously.
Actual behavior
I can connect to Algo on only one device at a time.
In reviewing past issues, I see other users may be experiencing the same or similar issues.
In #362 thegranddesign reported he could connect on his phone but not his Mac.
In #430 davidemyers commented that he's "had issues with iOS devices having trouble reconnecting when more than one device was connected. A single device seems to reconnect successfully."
Two users have made similar reports on Gitter.
Aaron Tavistock @AaronTavistock_twitter Jul 30 16:04
I have an interesting issue that I can't seem to resolve. I setup algo and I deployed the profile to my iphone with no problems, its all working great -- super impressed! Though I'm having a problem getting my OS/X laptop to connect; I've setup the profile and can see it in the network settings, but it just says 'COnnecting' for a while, then quickly goes to 'Disconnected', then back to 'Connecting'. Essentially the OS/X client seems to not be working for me even though I know algo is working, that the profile is working, and have used a Cisco VPN (my work VPN) on this network. Has anyone seen anything like this or have troubleshooting tips???
Nicholas Tulach @nicholastulach Aug 11 08:23
Hi, i installed Algo on DO and i'm having trouble getting both my Mac and my iPhone connected at the same time using the same profile. The Mac connects just fine, but if i'm connected via the Mac, my iPhone won't connect. It’s especially troublesome with “On Demand” turned on. Am i doing something wrong?
Full log
I've copied below the FULL LOG after I ran the ./algo script.
I'm happy to provide additional logs. Just tell me what you want and please explain how I can collect them.
I'm also happy to share .mobileconfig profiles or login credentials with a member of the Algo team.
Last login: Tue Nov 14 13:27:47 on ttys000 AAA:~ BBB$ cd /Users/BBB/Misc/Algo/algo-master && python -m virtuale nv env && source env/bin/activate && python -m pip install -U pip && python -m p ip install -r requirements.txt New python executable in /Users/BBB/Misc/Algo/algo-master/env/bin/python Installing setuptools, pip, wheel...done. Requirement already up-to-date: pip in ./env/lib/python2.7/site-packages Collecting msrestazure (from -r requirements.txt (line 1))
Using cached msrestazure-0.4.16-py2.py3-none-any.whl Requirement already satisfied: setuptools>=11.3 in ./env/lib/python2.7/site-pack ages (from -r requirements.txt (line 2)) Collecting ansible<2.2.1,>=2.1 (from -r requirements.txt (line 3)) Collecting dopy==0.3.5 (from -r requirements.txt (line 4))
Collecting boto>=2.5 (from -r requirements.txt (line Using cached boto-2.48.0-py2.py3-none-any.whl
Collecting boto3 (from -r requirements.txt (line 6)) Using cached boto3-1.4.7-py2.py3-none-any.whl
Collecting azure==2.0.0rc5 (from -r requirements.txt Using cached azure-2.0.0rc5-py2.py3-none-any.whl
5))
(line 7))
Collecting msrest==0.4.1 (from -r requirements.txt (line 8)) Using cached msrest-0.4.1-py2-none-any.whl
Collecting apache-libcloud (from -r requirements.txt (line 9)) Using cached apache_libcloud-2.2.1-py2.py3-none-any.whl
Collecting six (from -r requirements.txt (line 10)) Using cached six-1.11.0-py2.py3-none-any.whl
Collecting pyopenssl (from -r requirements.txt (line 11)) Using cached pyOpenSSL-17.3.0-py2.py3-none-any.whl
Collecting jinja2==2.8 (from -r requirements.txt (line 12)) Using cached Jinja2-2.8-py2.py3-none-any.whl
Collecting adal~=0.4.0 (from msrestazure->-r requirements.txt (line 1)) Using cached adal-0.4.7-py2.py3-none-any.whl
Collecting keyring>=5.6 (from msrestazure->-r requirements.txt (line 1)) Using cached keyring-10.5.0-py2.py3-none-any.whl
Collecting pycrypto>=2.6 (from ansible<2.2.1,>=2.1->-r requirements.txt (line 3) ) Collecting paramiko (from ansible<2.2.1,>=2.1->-r requirements.txt (line 3))
Using cached paramiko-2.3.1-py2.py3-none-any.whl Collecting PyYAML (from ansible<2.2.1,>=2.1->-r requirements.txt (line 3)) Collecting requests>=1.0.4 (from dopy==0.3.5->-r requirements.txt (line 4))
Using cached requests-2.18.4-py2.py3-none-any.whl Collecting s3transfer<0.2.0,>=0.1.10 (from boto3->-r requirements.txt (line 6))
Using cached s3transfer-0.1.11-py2.py3-none-any.whl Collecting jmespath<1.0.0,>=0.7.1 (from boto3->-r requirements.txt (line 6))
Using cached jmespath-0.9.3-py2.py3-none-any.whl Collecting botocore<1.8.0,>=1.7.0 (from boto3->-r requirements.txt (line 6))
Using cached botocore-1.7.43-py2.py3-none-any.whl Collecting azure-graphrbac==0.30.0rc5 (from azure==2.0.0rc5->-r requirements.txt
(line 7)) Using cached azure_graphrbac-0.30.0rc5-py2.py3-none-any.whl
Collecting azure-batch==0.30.0rc5 (from azure==2.0.0rc5->-r requirements.txt (li ne 7))
Using cached azure_batch-0.30.0rc5-py2.py3-none-any.whl
Collecting azure-mgmt==0.30.0rc5 (from azure==2.0.0rc5->-r requirements.txt (lin e 7))
Using cached azure_mgmt-0.30.0rc5-py2.py3-none-any.whl Collecting azure-servicebus==0.20.2 (from azure==2.0.0rc5->-r requirements.txt ( line 7))
Using cached azure_servicebus-0.20.2-py2.py3-none-any.whl Collecting azure-servicemanagement-legacy==0.20.3 (from azure==2.0.0rc5->-r requ irements.txt (line 7))
Using cached azure_servicemanagement_legacy-0.20.3-py2.py3-none-any.whl Collecting azure-storage==0.32.0 (from azure==2.0.0rc5->-r requirements.txt (lin e 7))
Using cached azure_storage-0.32.0-py2-none-any.whl Collecting requests-oauthlib>=0.5.0 (from msrest==0.4.1->-r requirements.txt (li ne 8))
Using cached requests_oauthlib-0.8.0-py2.py3-none-any.whl Collecting chardet>=2.3.0 (from msrest==0.4.1->-r requirements.txt (line 8))
Using cached chardet-3.0.4-py2.py3-none-any.whl Collecting certifi>=2015.9.6.2 (from msrest==0.4.1->-r requirements.txt (line 8) )
Using cached certifi-2017.11.5-py2.py3-none-any.whl Collecting enum34>=1.0.4 (from msrest==0.4.1->-r requirements.txt (line 8))
Using cached enum34-1.1.6-py2-none-any.whl Collecting isodate>=0.5.4 (from msrest==0.4.1->-r requirements.txt (line 8))
Using cached isodate-0.6.0-py2.py3-none-any.whl Collecting cryptography>=1.9 (from pyopenssl->-r requirements.txt (line 11))
Using cached cryptography-2.1.3-cp27-cp27m-macosx_10_6_intel.whl Collecting MarkupSafe (from jinja2==2.8->-r requirements.txt (line 12)) Collecting PyJWT>=1.0.0 (from adal~=0.4.0->msrestazure->-r requirements.txt (lin e 1))
Using cached PyJWT-1.5.3-py2.py3-none-any.whl Collecting python-dateutil>=2.1.0 (from adal~=0.4.0->msrestazure->-r requirement s.txt (line 1))
Using cached python_dateutil-2.6.1-py2.py3-none-any.whl Collecting pyasn1>=0.1.7 (from paramiko->ansible<2.2.1,>=2.1->-r requirements.tx t (line 3))
Using cached pyasn1-0.3.7-py2.py3-none-any.whl Collecting bcrypt>=3.1.3 (from paramiko->ansible<2.2.1,>=2.1->-r requirements.tx t (line 3))
Using cached bcrypt-3.1.4-cp27-cp27m-macosx_10_6_intel.whl Collecting pynacl>=1.0.1 (from paramiko->ansible<2.2.1,>=2.1->-r requirements.tx t (line 3))
Using cached PyNaCl-1.2.0-cp27-cp27m-macosx_10_6_intel.whl Collecting idna<2.7,>=2.5 (from requests>=1.0.4->dopy==0.3.5->-r requirements.tx t (line 4))
Using cached idna-2.6-py2.py3-none-any.whl Collecting urllib3<1.23,>=1.21.1 (from requests>=1.0.4->dopy==0.3.5->-r requirem ents.txt (line 4))
Using cached urllib3-1.22-py2.py3-none-any.whl Collecting futures<4.0.0,>=2.2.0; python_version == "2.6" or python_version == " 2.7" (from s3transfer<0.2.0,>=0.1.10->boto3->-r requirements.txt (line 6))
Using cached futures-3.1.1-py2-none-any.whl Collecting docutils>=0.10 (from botocore<1.8.0,>=1.7.0->boto3->-r requirements.t
xt (line 6)) Using cached docutils-0.14-py2-none-any.whl
Collecting azure-common[autorest]==1.1.4 (from azure-graphrbac==0.30.0rc5->azure ==2.0.0rc5->-r requirements.txt (line 7))
Using cached azure_common-1.1.4-py2.py3-none-any.whl Collecting azure-mgmt-keyvault==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2. 0.0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_keyvault-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-authorization==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azur e==2.0.0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_authorization-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-notificationhubs==0.30.0rc5 (from azure-mgmt==0.30.0rc5->a zure==2.0.0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_notificationhubs-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-powerbiembedded==0.30.0rc5 (from azure-mgmt==0.30.0rc5->az ure==2.0.0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_powerbiembedded-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-commerce==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2. 0.0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_commerce-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-cognitiveservices==0.30.0rc5 (from azure-mgmt==0.30.0rc5-> azure==2.0.0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_cognitiveservices-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-compute==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2.0 .0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_compute-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-storage==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2.0 .0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_storage-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-batch==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2.0.0 rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_batch-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-scheduler==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2 .0.0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_scheduler-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-logic==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2.0.0 rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_logic-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-cdn==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2.0.0rc 5->-r requirements.txt (line 7))
Using cached azure_mgmt_cdn-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-redis==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2.0.0 rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_redis-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-web==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2.0.0rc 5->-r requirements.txt (line 7))
Using cached azure_mgmt_web-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-network==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2.0 .0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_network-0.30.0rc5-py2.py3-none-any.whl Collecting azure-mgmt-resource==0.30.0rc5 (from azure-mgmt==0.30.0rc5->azure==2. 0.0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_resource-0.30.0rc5-py2.py3-none-any.whl Collecting azure-nspkg (from azure-storage==0.32.0->azure==2.0.0rc5->-r requirem ents.txt (line 7))
Using cached azure_nspkg-2.0.0-py2.py3-none-any.whl Collecting oauthlib>=0.6.2 (from requests-oauthlib>=0.5.0->msrest==0.4.1->-r req uirements.txt (line 8)) Collecting cffi>=1.7; platform_python_implementation != "PyPy" (from cryptograph y>=1.9->pyopenssl->-r requirements.txt (line 11))
Using cached cffi-1.11.2-cp27-cp27m-macosx_10_6_intel.whl Collecting asn1crypto>=0.21.0 (from cryptography>=1.9->pyopenssl->-r requirement s.txt (line 11))
Using cached asn1crypto-0.23.0-py2.py3-none-any.whl Collecting ipaddress; python_version < "3" (from cryptography>=1.9->pyopenssl->- r requirements.txt (line 11))
Using cached ipaddress-1.0.18-py2-none-any.whl Collecting azure-mgmt-nspkg (from azure-mgmt-keyvault==0.30.0rc5->azure-mgmt==0. 30.0rc5->azure==2.0.0rc5->-r requirements.txt (line 7))
Using cached azure_mgmt_nspkg-2.0.0-py2.py3-none-any.whl Collecting pycparser (from cffi>=1.7; platform_python_implementation != "PyPy"-> cryptography>=1.9->pyopenssl->-r requirements.txt (line 11)) Installing collected packages: PyJWT, six, pycparser, cffi, enum34, idna, asn1cr ypto, ipaddress, cryptography, certifi, chardet, urllib3, requests, python-dateu til, adal, oauthlib, requests-oauthlib, keyring, isodate, msrest, msrestazure, p ycrypto, pyasn1, bcrypt, pynacl, paramiko, MarkupSafe, jinja2, PyYAML, ansible, dopy, boto, futures, jmespath, docutils, botocore, s3transfer, boto3, azure-nspk g, azure-common, azure-graphrbac, azure-batch, azure-mgmt-nspkg, azure-mgmt-keyv ault, azure-mgmt-authorization, azure-mgmt-notificationhubs, azure-mgmt-powerbie mbedded, azure-mgmt-commerce, azure-mgmt-cognitiveservices, azure-mgmt-compute, azure-mgmt-storage, azure-mgmt-batch, azure-mgmt-scheduler, azure-mgmt-logic, az ure-mgmt-cdn, azure-mgmt-redis, azure-mgmt-web, azure-mgmt-network, azure-mgmt-r esource, azure-mgmt, azure-servicebus, azure-servicemanagement-legacy, azure-sto rage, azure, apache-libcloud, pyopenssl Successfully installed MarkupSafe-1.0 PyJWT-1.5.3 PyYAML-3.12 adal-0.4.7 ansible -2.2.0.0 apache-libcloud-2.2.1 asn1crypto-0.23.0 azure-2.0.0rc5 azure-batch-0.30 .0rc5 azure-common-1.1.4 azure-graphrbac-0.30.0rc5 azure-mgmt-0.30.0rc5 azure-mg mt-authorization-0.30.0rc5 azure-mgmt-batch-0.30.0rc5 azure-mgmt-cdn-0.30.0rc5 a zure-mgmt-cognitiveservices-0.30.0rc5 azure-mgmt-commerce-0.30.0rc5 azure-mgmt-c ompute-0.30.0rc5 azure-mgmt-keyvault-0.30.0rc5 azure-mgmt-logic-0.30.0rc5 azure- mgmt-network-0.30.0rc5 azure-mgmt-notificationhubs-0.30.0rc5 azure-mgmt-nspkg-2. 0.0 azure-mgmt-powerbiembedded-0.30.0rc5 azure-mgmt-redis-0.30.0rc5 azure-mgmt-r esource-0.30.0rc5 azure-mgmt-scheduler-0.30.0rc5 azure-mgmt-storage-0.30.0rc5 az ure-mgmt-web-0.30.0rc5 azure-nspkg-2.0.0 azure-servicebus-0.20.2 azure-servicema nagement-legacy-0.20.3 azure-storage-0.32.0 bcrypt-3.1.4 boto-2.48.0 boto3-1.4.7
botocore-1.7.43 certifi-2017.11.5 cffi-1.11.2 chardet-3.0.4 cryptography-2.1.3 docutils-0.14 dopy-0.3.5 enum34-1.1.6 futures-3.1.1 idna-2.6 ipaddress-1.0.18 is odate-0.6.0 jinja2-2.8 jmespath-0.9.3 keyring-10.5.0 msrest-0.4.1 msrestazure-0. 4.16 oauthlib-2.0.6 paramiko-2.3.1 pyasn1-0.3.7 pycparser-2.18 pycrypto-2.6.1 py nacl-1.2.0 pyopenssl-17.3.0 python-dateutil-2.6.1 requests-2.18.4 requests-oauth lib-0.8.0 s3transfer-0.1.11 six-1.11.0 urllib3-1.22
(env) AAA:algo-master BBB$ ./algo What provider would you like to use?
Enter the number of your desired provider :1
Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens): [pasted values will not be displayed] :
Name the vpn server: [algo.local]: CCC
What region should the 1. Amsterdam 2. Amsterdam 3. Frankfurt
Enter the number of your [7]: 7
server be located in? (Datacenter 2) (Datacenter 3)
(Datacenter 1) (Datacenter 2) (Datacenter 3) (Datacenter 1) (Datacenter 2)
desired region:
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellul ar networks? [y/N]: n
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi? [y/N]: n
Do you want to install a DNS resolver on this VPN server, to block ads while sur fing? [y/N]: n
Do you want each user to have their own account for SSH tunneling? [y/N]: n
Do you want to apply operating system security enhancements on the server? (warn ing: replaces your sshd_config) [y/N]: n
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables com patible ciphers and key exchange, less secure) [y/N]: n
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]: n
PLAY [Configure the server] ****************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [Generate the SSH private key] ********************************************
changed: [localhost]
TASK [Generate the SSH public key] *********************************************
ok: [localhost]
TASK [Change mode for the SSH private key] *************************************
ok: [localhost]
TASK [Ensure the dynamic inventory exists] *************************************
changed: [localhost]
TASK [cloud-digitalocean : Set the DigitalOcean Access Token fact] *************
ok: [localhost]
TASK [cloud-digitalocean : Delete the existing Algo SSH keys] ******************
FAILED - RETRYING: TASK: cloud-digitalocean : Delete the existing Algo SSH keys (10 retries left). ok: [localhost]
TASK [cloud-digitalocean : Upload the SSH key] *********************************
changed: [localhost]
TASK [cloud-digitalocean : Creating a droplet...] ******************************
changed: [localhost]
TASK [cloud-digitalocean : Add the droplet to an inventory group] **************
changed: [localhost]
TASK [cloud-digitalocean : set_fact] *******************************************
ok: [localhost]
TASK [cloud-digitalocean : Tag the droplet] ************************************
changed: [localhost]
TASK [cloud-digitalocean : Get droplets] ***************************************
ok: [localhost]
TASK [cloud-digitalocean : Ensure the group digitalocean exists in the dynamic i
nventory file] ***
changed: [localhost]
TASK [cloud-digitalocean : Populate the dynamic inventory] *********************
changed: [localhost] => (item={u'status': u'active', u'kernel': None, u'volume_i ds': [], u'locked': False, u'name': u'1711131959', u'backup_ids': [], u'created_ at': u'2017-11-14T02:00:13Z', u'snapshot_ids': [], u'size_slug': u'512mb', u'net works': {u'v4': [{u'type': u'public', u'netmask': u'255.255.240.0', u'ip_address ': u'165.227.108.117', u'gateway': u'165.227.96.1'}], u'v6': [{u'type': u'public ', u'netmask': 64, u'ip_address': u'2604:A880:0800:00A1:0000:0000:005B:5001', u' gateway': u'2604:A880:0800:00A1:0000:0000:0000:0001'}]}, u'next_backup_window': None, u'vcpus': 1, u'size': {u'price_monthly': 5.0, u'available': True, u'transf er': 1.0, u'price_hourly': 0.00744, u'regions': [u'ams2', u'ams3', u'blr1', u'fr a1', u'lon1', u'nyc1', u'nyc2', u'nyc3', u'sfo1', u'sfo2', u'sgp1', u'tor1'], u' vcpus': 1, u'memory': 512, u'disk': 20, u'slug': u'512mb'}, u'image': {u'min_dis k_size': 20, u'name': u'16.04.3 x64', u'created_at': u'2017-11-09T00:40:04Z', u' slug': u'ubuntu-16-04-x64', u'regions': [u'nyc1', u'sfo1', u'nyc2', u'ams2', u's gp1', u'lon1', u'nyc3', u'ams3', u'fra1', u'tor1', u'sfo2', u'blr1'], u'id': 291 96652, u'distribution': u'Ubuntu', u'type': u'snapshot', u'public': True, u'size gigabytes': 0.3}, u'memory': 512, u'region': {u'available': True, u'sizes': [u' 512mb', u'1gb', u'2gb', u'4gb', u'8gb', u'16gb'], u'slug': u'nyc3', u'name': u'N ew York 3', u'features': [u'private_networking', u'backups', u'ipv6', u'metadata ', u'install_agent', u'storage']}, u'disk': 20, u'id': 70815357, u'tags': [u'Env ironment:Algo'], u'features': [u'ipv6']})
changed: [localhost] => (item={u'status': u'active', u'kernel': None, u'volume_i ds': [], u'locked': False, u'name': u'CCC', u'backup_ids': [], u'created at': u'2017-11-14T20:03:02Z', u'snapshot_ids': [], u'size_slug': u'512mb', u'net works': {u'v4': [{u'type': u'public', u'netmask': u'255.255.192.0', u'ip_address ': u'a.b.c.d', u'gateway': u'45.55.128.1'}], u'v6': [{u'type': u'public', u 'netmask': 64, u'ip_address': u'2604:A880:0800:0010:0000:0000:00C7:3001', u'gate way': u'2604:A880:0800:0010:0000:0000:0000:0001'}]}, u'next_backup_window': None , u'vcpus': 1, u'size': {u'price_monthly': 5.0, u'available': True, u'transfer':
1.0, u'price_hourly': 0.00744, u'regions': [u'ams2', u'ams3', u'blr1', u'fra1',
u'lon1', u'nyc1', u'nyc2', u'nyc3', u'sfo1', u'sfo2', u'sgp1', u'tor1'], u'vcpu s': 1, u'memory': 512, u'disk': 20, u'slug': u'512mb'}, u'image': {u'min_disk_si ze': 20, u'name': u'16.04.3 x64', u'created_at': u'2017-11-09T00:40:04Z', u'slug ': u'ubuntu-16-04-x64', u'regions': [u'nyc1', u'sfo1', u'nyc2', u'ams2', u'sgp1' , u'lon1', u'nyc3', u'ams3', u'fra1', u'tor1', u'sfo2', u'blr1'], u'id': 2919665 2, u'distribution': u'Ubuntu', u'type': u'snapshot', u'public': True, u'size_gig abytes': 0.3}, u'memory': 512, u'region': {u'available': True, u'sizes': [u'512m b', u'1gb', u'2gb', u'4gb', u'8gb', u'16gb'], u'slug': u'nyc3', u'name': u'New Y ork 3', u'features': [u'private_networking', u'backups', u'ipv6', u'metadata', u 'install_agent', u'storage']}, u'disk': 20, u'id': 70931321, u'tags': [u'Environ ment:Algo'], u'features': [u'ipv6']})
TASK [Wait until SSH becomes ready...] *****************************************
ok: [localhost]
TASK [A short pause, in order to be sure the instance is ready] **************** Pausing for 20 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [localhost]
TASK [Ensure the local ssh directory is exist] *********************************
ok: [localhost]
TASK [Copy the algo ssh key to the local ssh directory] ************************
changed: [localhost]
PLAY [Configure the server and install required software] ********************** TASK [Check the system] ********************************************************
changed: [a.b.c.d]
TASK [Ubuntu | Install prerequisites] ******************************************
changed: [a.b.c.d]
TASK [Ubuntu | Configure defaults] *********************************************
changed: [a.b.c.d]
TASK [FreeBSD / HardenedBSD | Install prerequisites] ***************************
skipping: [a.b.c.d]
TASK [FreeBSD / HardenedBSD | Configure defaults] ******************************
skipping: [a.b.c.d]
TASK [set_fact] ****************************************************************
skipping: [a.b.c.d]
TASK [Gather Facts] ************************************************************
ok: [a.b.c.d]
TASK [Ensure the algo ssh key exist on the server] *****************************
ok: [a.b.c.d]
TASK [Enable IPv6] *************************************************************
ok: [a.b.c.d]
TASK [Set facts if the deployment in a cloud] **********************************
ok: [a.b.c.d]
TASK [Generate password for the CA key] ****************************************
changed: [a.b.c.d -> localhost]
TASK [Generate p12 export password] ********************************************
changed: [a.b.c.d -> localhost]
TASK [Define password facts] ***************************************************
ok: [a.b.c.d]
TASK [Define the commonName] ***************************************************
ok: [a.b.c.d]
TASK [common : Install software updates] ***************************************
changed: [a.b.c.d]
TASK [common : Check if reboot is required] ************************************
changed: [a.b.c.d]
TASK [common : Reboot] *********************************************************
skipping: [a.b.c.d]
TASK [common : Wait until SSH becomes ready...] ********************************
skipping: [a.b.c.d]
TASK [common : Disable MOTD on login and SSHD] *********************************
changed: [a.b.c.d] => (item={u'regexp': u'^session.*optional.pam_motd.so. ', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'}) changed: [a.b.c.d] => (item={u'regexp': u'^session.*optional.pam_motd.so. ', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})
TASK [common : Loopback
changed: [a.b.c.d]
TASK [common : Loopback
changed: [a.b.c.d]
RUNNING HANDLER [common
changed: [a.b.c.d]
TASK [common : set_fact]
ok: [a.b.c.d]
for services configured] ******************************* included into the network config] ********************** : restart loopback] ************************************
TASK [common : Enable the gateway features] ************************************
skipping: [a.b.c.d] => (item={u'value': u'"YES"', u'param': u'firewall_enab le'}) skipping: [a.b.c.d] => (item={u'value': u'"open"', u'param': u'firewall_typ e'})
skipping: [a.b.c.d] => (item={u'value': u'"YES"', u'param': u'gateway_enabl e'}) skipping: [a.b.c.d] => (item={u'value': u'"YES"', u'param': u'natd_enable'} )
skipping: [a.b.c.d] => (item={u'value': u'""', u'param': u'natd_interface'} ) skipping: [a.b.c.d] => (item={u'value': u'"-dynamic -m"', u'param': u'natd_ flags'})
TASK [common : Install tools] **************************************************
changed: [a.b.c.d] => (item=[u'git', u'screen', u'apparmor-utils', u'uuid-r untime', u'coreutils', u'sendmail', u'iptables-persistent', u'cgroup-tools', u'o
TASK [common : set_fact]
******************************************************* TASK [common : Loopback included into the rc config] ***************************
skipping: [a.b.c.d] skipping: [a.b.c.d]
penssl'])
TASK [common : Sysctl tuning] **************************************************
changed: [a.b.c.d] changed: [a.b.c.d] lue': 1}) changed: [a.b.c.d] lue': 1})
TASK [vpn : Ensure that
changed: [a.b.c.d]
=> (item={u'item': u'net.ipv4.ip_forward', u'value': 1}) => (item={u'item': u'net.ipv4.conf.all.forwarding', u'va
=> (item={u'item': u'net.ipv6.conf.all.forwarding', u'va
the strongswan group exist] ****************************
the strongswan user exist] ***************************** TASK [vpn : set_fact] **********************************************************
ok: [a.b.c.d]
TASK [vpn : Ubuntu | Install strongSwan] ***************************************
changed: [a.b.c.d]
TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] ****************************
skipping: [a.b.c.d] => (item=/usr/lib/ipsec/charon) skipping: [a.b.c.d] => (item=/usr/lib/ipsec/lookip) skipping: [a.b.c.d] => (item=/usr/lib/ipsec/stroke)
TASK [vpn : Ubuntu | Enable services] ******************************************
ok: [a.b.c.d] => (item=apparmor) ok: [a.b.c.d] => (item=strongswan) ok: [a.b.c.d] => (item=netfilter-persistent)
TASK [vpn : Ubuntu | Ensure that the strongswan service directory exist] *******
changed: [a.b.c.d]
TASK [vpn : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ********
changed: [a.b.c.d]
TASK [vpn : Iptables configured] ***********************************************
changed: [a.b.c.d] => (item={u'dest': u'/etc/iptables/rules.v4', u'src': u' rules.v4.j2'})
TASK [vpn : Iptables configured] ***********************************************
changed: [a.b.c.d] => (item={u'dest': u'/etc/iptables/rules.v6', u'src': u' rules.v6.j2'})
TASK [vpn : FreeBSD / HardenedBSD | Get the existing kernel parameters] ********
skipping: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | Set the rebuild_needed fact] ***************
skipping: [a.b.c.d] => (item=IPSEC) skipping: [a.b.c.d] => (item=IPSEC_NAT_T) skipping: [a.b.c.d] => (item=crypto)
TASK [vpn : Ensure that
changed: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | Make the kernel config] ********************
skipping: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | Ensure the all options are enabled] ********
skipping: [a.b.c.d] => (item=options IPSEC) skipping: [a.b.c.d] => (item=options IPSEC_NAT_T) skipping: [a.b.c.d] => (item=device crypto)
TASK [vpn : HardenedBSD | Determine the sources] *******************************
skipping: [a.b.c.d]
TASK [vpn : FreeBSD | Determine the sources] ***********************************
skipping: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | Increase the git postBuffer size] **********
skipping: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | Fetching the sources...] *******************
skipping: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | Fetching the sources...] *******************
skipping: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | The kernel is being built...] **************
skipping: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | The kernel is being built...] **************
skipping: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | Reboot] ************************************
skipping: [a.b.c.d]
TASK [vpn : FreeBSD / HardenedBSD | Enable strongswan] *************************
skipping: [a.b.c.d]
TASK [vpn : Install strongSwan] ************************************************
ok: [a.b.c.d]
TASK [vpn : Setup the config files from our templates] *************************
changed: [a.b.c.d] => (item={u'dest': u'/etc/strongswan.conf', u'src': u'st rongswan.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'}) changed: [a.b.c.d] => (item={u'dest': u'/etc/ipsec.conf', u'src': u'ipsec.c onf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [a.b.c.d] => (item={u'dest': u'/etc/ipsec.secrets', u'src': u'ipse c.secrets.j2', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
TASK [vpn : Get loaded plugins] ************************************************
changed: [a.b.c.d]
TASK [vpn : Disable unneeded plugins] ******************************************
skipping: [a.b.c.d] => (item=pubkey)
changed: [a.b.c.d] => (item=attr)
skipping: [a.b.c.d] => (item=socket-default)
changed: [a.b.c.d] => (item=resolve) changed: [a.b.c.d] => (item=md5) changed: [a.b.c.d] => (item=constraints) changed: [a.b.c.d] => (item=updown) skipping: [a.b.c.d] => (item=x509) changed: [a.b.c.d] => (item=agent) changed: [a.b.c.d] => (item=rc2) skipping: [a.b.c.d] => (item=pkcs7) skipping: [a.b.c.d] => (item=openssl) changed: [a.b.c.d] => (item=pkcs1) skipping: [a.b.c.d] => (item=stroke) changed: [a.b.c.d] => (item=gmp) skipping: [a.b.c.d] => (item=nonce) changed: [a.b.c.d] => (item=xcbc) changed: [a.b.c.d] => (item=sha1) skipping: [a.b.c.d] => (item=pkcs8) skipping: [a.b.c.d] => (item=kernel-netlink) skipping: [a.b.c.d] => (item=pem)
skipping: [a.b.c.d] => (item=hmac) skipping: [a.b.c.d] => (item=pgp) changed: [a.b.c.d] => (item=sshkey) skipping: [a.b.c.d] => (item=random) skipping: [a.b.c.d] => (item=gcm) changed: [a.b.c.d] => (item=test-vectors) changed: [a.b.c.d] => (item=connmark) changed: [a.b.c.d] => (item=fips-prf) skipping: [a.b.c.d] => (item=aes) skipping: [a.b.c.d] => (item=sha2) skipping: [a.b.c.d] => (item=revocation) skipping: [a.b.c.d] => (item=pkcs12) changed: [a.b.c.d] => (item=md4)
changed: [a.b.c.d] => (item=dnskey)
TASK [vpn : Ensure that required plugins are enabled] **************************
changed: [a.b.c.d] => (item=pubkey)
skipping: [a.b.c.d] => (item=attr)
changed: [a.b.c.d] => (item=socket-default)
skipping: [a.b.c.d] => (item=resolve) skipping: [a.b.c.d] => (item=md5) skipping: [a.b.c.d] => (item=constraints) skipping: [a.b.c.d] => (item=updown) changed: [a.b.c.d] => (item=x509) skipping: [a.b.c.d] => (item=agent) skipping: [a.b.c.d] => (item=rc2) changed: [a.b.c.d] => (item=pkcs7) changed: [a.b.c.d] => (item=openssl) skipping: [a.b.c.d] => (item=pkcs1) changed: [a.b.c.d] => (item=stroke) skipping: [a.b.c.d] => (item=gmp) changed: [a.b.c.d] => (item=nonce)
skipping: [a.b.c.d] => (item=xcbc) skipping: [a.b.c.d] => (item=sha1) changed: [a.b.c.d] => (item=pkcs8) changed: [a.b.c.d] => (item=kernel-netlink) changed: [a.b.c.d] => (item=pem)
changed: [a.b.c.d] => (item=hmac) changed: [a.b.c.d] => (item=pgp) skipping: [a.b.c.d] => (item=sshkey) changed: [a.b.c.d] => (item=random) changed: [a.b.c.d] => (item=gcm) skipping: [a.b.c.d] => (item=test-vectors) skipping: [a.b.c.d] => (item=connmark) skipping: [a.b.c.d] => (item=fips-prf) changed: [a.b.c.d] => (item=aes)
changed: [a.b.c.d] => (item=sha2) changed: [a.b.c.d] => (item=revocation) changed: [a.b.c.d] => (item=pkcs12) skipping: [a.b.c.d] => (item=md4) skipping: [a.b.c.d] => (item=dnskey)
TASK [vpn : Ensure the pki directory does not exist] ***************************
skipping: [a.b.c.d]
TASK [vpn : Ensure the pki directories exist] **********************************
changed: [a.b.c.d -> localhost] => (item=ecparams) changed: [a.b.c.d -> localhost] => (item=certs) changed: [a.b.c.d -> localhost] => (item=crl) changed: [a.b.c.d -> localhost] => (item=newcerts) changed: [a.b.c.d -> localhost] => (item=private) changed: [a.b.c.d -> localhost] => (item=reqs)
TASK [vpn : Ensure the files exist] ********************************************
changed: [a.b.c.d -> localhost] => (item=.rnd) changed: [a.b.c.d -> localhost] => (item=private/.rnd) changed: [a.b.c.d -> localhost] => (item=index.txt) changed: [a.b.c.d -> localhost] => (item=index.txt.attr) changed: [a.b.c.d -> localhost] => (item=serial)
TASK [vpn : Generate the openssl server configs] *******************************
changed: [a.b.c.d -> localhost]
TASK [vpn : Build the CA pair] *************************************************
changed: [a.b.c.d -> localhost]
TASK [vpn : Copy the CA certificate] *******************************************
changed: [a.b.c.d -> localhost]
TASK [vpn : Generate the serial number] ****************************************
changed: [a.b.c.d -> localhost]
TASK [vpn : Build the server pair] *********************************************
changed: [a.b.c.d -> localhost]
TASK [vpn : Build the client's pair] *******************************************
changed: [a.b.c.d -> localhost] => (item=user1) changed: [a.b.c.d -> localhost] => (item=user2) changed: [a.b.c.d -> localhost] => (item=user3) changed: [a.b.c.d -> localhost] => (item=user4) changed: [a.b.c.d -> localhost] => (item=user5) changed: [a.b.c.d -> localhost] => (item=user6) changed: [a.b.c.d -> localhost] => (item=user7) changed: [a.b.c.d -> localhost] => (item=user8) changed: [a.b.c.d -> localhost] => (item=user9)
TASK [vpn : Build the client's p12] ********************************************
changed: [a.b.c.d -> localhost] => (item=user1) changed: [a.b.c.d -> localhost] => (item=user2) changed: [a.b.c.d -> localhost] => (item=user3) changed: [a.b.c.d -> localhost] => (item=user4) changed: [a.b.c.d -> localhost] => (item=user5) changed: [a.b.c.d -> localhost] => (item=user6) changed: [a.b.c.d -> localhost] => (item=user7) changed: [a.b.c.d -> localhost] => (item=user8) changed: [a.b.c.d -> localhost] => (item=user9)
TASK [vpn : Copy the p12 certificates] *****************************************
changed: [a.b.c.d -> localhost] => (item=user1) changed: [a.b.c.d -> localhost] => (item=user2) changed: [a.b.c.d -> localhost] => (item=user3) changed: [a.b.c.d -> localhost] => (item=user4) changed: [a.b.c.d -> localhost] => (item=user5) changed: [a.b.c.d -> localhost] => (item=user6) changed: [a.b.c.d -> localhost] => (item=user7) changed: [a.b.c.d -> localhost] => (item=user8) changed: [a.b.c.d -> localhost] => (item=user9)
TASK [vpn : Get active users] **************************************************
changed: [a.b.c.d -> localhost]
TASK [vpn : Revoke non-existing users] *****************************************
skipping: [a.b.c.d] => (item=user1) skipping: [a.b.c.d] => (item=user2) skipping: [a.b.c.d] => (item=user3) skipping: [a.b.c.d] => (item=user4) skipping: [a.b.c.d] => (item=user5) skipping: [a.b.c.d] => (item=user6) skipping: [a.b.c.d] => (item=user7) skipping: [a.b.c.d] => (item=user8) skipping: [a.b.c.d] => (item=user9)
TASK [vpn : Genereate new CRL file] ********************************************
skipping: [a.b.c.d]
TASK [vpn : Copy the CRL to the vpn server] ************************************
skipping: [a.b.c.d]
TASK [vpn : Copy the keys to the strongswan directory] *************************
changed: [a.b.c.d] => (item={u'dest': u'/etc/ipsec.d/cacerts/ca.crt', u'src ': u'configs/a.b.c.d/pki/cacert.pem', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'}) changed: [a.b.c.d] => (item={u'dest': u'/etc/ipsec.d/certs/a.b.c.d.crt ', u'src': u'configs/a.b.c.d/pki/certs/a.b.c.d.crt', u'group': u'root' , u'mode': u'0600', u'owner': u'strongswan'})
changed: [a.b.c.d] => (item={u'dest': u'/etc/ipsec.d/private/a.b.c.d.k ey', u'src': u'configs/a.b.c.d/pki/private/a.b.c.d.key', u'group': u'r oot', u'mode': u'0600', u'owner': u'strongswan'})
TASK [vpn : Register p12 PayloadContent] ***************************************
changed: [a.b.c.d -> localhost] => (item=user1) changed: [a.b.c.d -> localhost] => (item=user2) changed: [a.b.c.d -> localhost] => (item=user3) changed: [a.b.c.d -> localhost] => (item=user4) changed: [a.b.c.d -> localhost] => (item=user5) changed: [a.b.c.d -> localhost] => (item=user6) changed: [a.b.c.d -> localhost] => (item=user7) changed: [a.b.c.d -> localhost] => (item=user8) changed: [a.b.c.d -> localhost] => (item=user9)
TASK [vpn : Set facts for mobileconfigs] ***************************************
ok: [a.b.c.d -> localhost]
TASK [vpn : Build the mobileconfigs] *******************************************
changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log))
TASK [vpn : Build the strongswan app android config] ***************************
changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log))
TASK [vpn : Build the android helper html] *************************************
changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log))
changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log)) changed: [a.b.c.d -> localhost] => (item=(censored due to no_log))
TASK [vpn : Build the client ipsec config file] ********************************
changed: [a.b.c.d -> localhost] => (item=user1) changed: [a.b.c.d -> localhost] => (item=user2) changed: [a.b.c.d -> localhost] => (item=user3) changed: [a.b.c.d -> localhost] => (item=user4) changed: [a.b.c.d -> localhost] => (item=user5) changed: [a.b.c.d -> localhost] => (item=user6) changed: [a.b.c.d -> localhost] => (item=user7) changed: [a.b.c.d -> localhost] => (item=user8) changed: [a.b.c.d -> localhost] => (item=user9)
TASK [vpn : Build the client ipsec secret file] ********************************
changed: [a.b.c.d -> localhost] => (item=user1) changed: [a.b.c.d -> localhost] => (item=user2) changed: [a.b.c.d -> localhost] => (item=user3) changed: [a.b.c.d -> localhost] => (item=user4) changed: [a.b.c.d -> localhost] => (item=user5) changed: [a.b.c.d -> localhost] => (item=user6) changed: [a.b.c.d -> localhost] => (item=user7) changed: [a.b.c.d -> localhost] => (item=user8) changed: [a.b.c.d -> localhost] => (item=user9)
TASK [vpn : Create the windows check file] *************************************
skipping: [a.b.c.d]
TASK [vpn : Check if the windows check file exists] ****************************
ok: [a.b.c.d -> localhost]
TASK [vpn : Build the windows client powershell script] ************************
skipping: [a.b.c.d] => (item=user1) skipping: [a.b.c.d] => (item=user2) skipping: [a.b.c.d] => (item=user3) skipping: [a.b.c.d] => (item=user4) skipping: [a.b.c.d] => (item=user5) skipping: [a.b.c.d] => (item=user6) skipping: [a.b.c.d] => (item=user7) skipping: [a.b.c.d] => (item=user8) skipping: [a.b.c.d] => (item=user9)
TASK [vpn : Restrict permissions for the local private directories] ************
changed: [a.b.c.d -> localhost] => (item=configs/a.b.c.d)
RUNNING HANDLER [vpn : restart strongswan] *************************************
changed: [a.b.c.d]
RUNNING HANDLER [vpn : daemon-reload] ******************************************
changed: [a.b.c.d]
RUNNING HANDLER [vpn : restart iptables] ***************************************
changed: [a.b.c.d]
TASK [vpn : strongSwan started] ************************************************
ok: [a.b.c.d]
TASK [debug] *******************************************************************
ok: [a.b.c.d] => { "msg": [
[ #"", #"",
y. #"", #"", #"",
"" ],
" "# yTsAmjM
#"\n",
" ",
" "# #"\n"
] }
""# ""# ""# ""# ""#
""#
Congratulations! Your Algo server is running.
Config files and certificates are in the ./configs/ director Go to https://whoer.net/ after connecting
and ensure that all your traffic passes through the VPN. Local DNS resolver 172.16.0.1 #"",
The p12 and SSH keys password for new users is xxxxxxxx
4 Shell access: ssh -i configs/algo.pem root@a.b.c.d
TASK [Delete the CA key] *******************************************************
changed: [a.b.c.d -> localhost]
PLAY RECAP ********************************************************************* a.b.c.d : ok=61 changed=47 unreachable=0 failed=0 localhost : ok=19 changed=9 unreachable=0 failed=0
(env) AAA:algo-master BBB$
The text was updated successfully, but these errors were encountered: