Internet appears offline once connected to the deployed VPN

[wiiind]

OS / Environment (where do you run Algo on)

Darwin 17.6.0 Darwin Kernel Version 17.6.0: Tue May  8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64

Cloud Provider (where do you deploy Algo to)

Azure

Summary of the problem

Process of deployment seems successful. Screen shows success message with password and IP. But once connected to the deployed VPN, internet appears offline. Internet works if I ssh into the server and ping an address, but the same address appears offline if I just ping it in a local terminal.

Steps to reproduce the behavior

1. Deploy
2. Connect VPN
3. Internet goes offline(Mac+Windows 10+iOS)

Full log

What provider would you like to use?
    1. DigitalOcean
    2. Amazon EC2
    3. Microsoft Azure
    4. Google Compute Engine
    5. Scaleway
    6. OpenStack (DreamCompute optimised)
    7. Install to existing Ubuntu 16.04 server (Advanced)

Enter the number of your desired provider
: 3

Enter your azure secret id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md)
You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
[pasted values will not be displayed]
[...]: 

Enter your azure tenant id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md)
You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
[pasted values will not be displayed]
[...]: 

Enter your azure client id (application id) (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md)
You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
[pasted values will not be displayed]
[...]: 

Enter your azure subscription id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md)
You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
[pasted values will not be displayed]
[...]: 

Name the vpn server:
[algo]: algoAzuEaUsII

  What region should the server be located in? (https://azure.microsoft.com/en-us/regions/)
    1.  East US              (Virginia)
    2.  East US 2            (Virginia)
    3.  Central US           (Iowa)
    4.  North Central US     (Illinois)
    5.  South Central US     (Texas)
    6.  West Central US      (Wyoming)
    7.  West US              (California)
    8.  West US 2            (Washington)
    9.  Canada East          (Quebec City)
    10. Canada Central       (Toronto)
    11. Brazil South         (Sao Paulo State)
    12. North Europe         (Ireland)
    13. West Europe          (Netherlands)
    14. France Central       (Paris)
    15. France South         (Marseille)
    16. UK West              (Cardiff)
    17. UK South             (London)
    18. Germany Central      (Frankfurt)
    19. Germany Northeast    (Magdeburg)
    20. Southeast Asia       (Singapore)
    21. East Asia            (Hong Kong)
    22. Australia East       (New South Wales)
    23. Australia Southeast  (Victoria)
    24. Australia Central    (Canberra)
    25. Australia Central 2  (Canberra)
    26. Central India        (Pune)
    27. West India           (Mumbai)
    28. South India          (Chennai)
    29. Japan East           (Tokyo, Saitama)
    30. Japan West           (Osaka)
    31. Korea Central        (Seoul)
    32. Korea South          (Busan)

Enter the number of your desired region:
[1]: 2

Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]: y

Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]: y

List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
: 

Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]: y

Do you want each user to have their own account for SSH tunneling?
[y/N]: 

Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]: y

Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]: 
 [WARNING]: While constructing a mapping from /Users/SW/Documents/Code/_algo/roles/cloud-
scaleway/tasks/main.yml, line 73, column 11, found a duplicate dict key (enable_ipv6). Using
last defined value only.

PLAY [Configure the server] ******************************************************************

TASK [Gathering Facts] ***********************************************************************
ok: [localhost]

TASK [Local pre-tasks] ***********************************************************************
included: /Users/SW/Documents/Code/_algo/playbooks/local.yml for localhost

TASK [Generate the SSH private key] **********************************************************
changed: [localhost]

TASK [Generate the SSH public key] ***********************************************************
ok: [localhost]

TASK [Change mode for the SSH private key] ***************************************************
ok: [localhost]

TASK [Ensure the dynamic inventory exists] ***************************************************
changed: [localhost]

TASK [cloud-azure : set_fact] ****************************************************************
ok: [localhost]

TASK [cloud-azure : Create a resource group] *************************************************
ok: [localhost]

TASK [cloud-azure : Create a virtual network] ************************************************
changed: [localhost]

TASK [cloud-azure : Create a security group] *************************************************
changed: [localhost]

TASK [cloud-azure : Create a subnet] *********************************************************
changed: [localhost]

TASK [cloud-azure : Create an instance] ******************************************************
changed: [localhost]

TASK [cloud-azure : set_fact] ****************************************************************
ok: [localhost]

TASK [cloud-azure : Ensure the network interface includes all required parameters] ***********
changed: [localhost]

TASK [cloud-azure : Add the instance to an inventory group] **********************************
changed: [localhost]

TASK [cloud-azure : set_fact] ****************************************************************
ok: [localhost]

TASK [cloud-azure : Ensure the group azure exists in the dynamic inventory file] *************
changed: [localhost]

TASK [cloud-azure : Populate the dynamic inventory] ******************************************
changed: [localhost]

TASK [Local post-tasks] **********************************************************************
included: /Users/SW/Documents/Code/_algo/playbooks/post.yml for localhost

TASK [Wait until SSH becomes ready...] *******************************************************
ok: [localhost]

TASK [A short pause, in order to be sure the instance is ready] ******************************
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [localhost]

TASK [include_tasks] *************************************************************************
included: /Users/SW/Documents/Code/_algo/playbooks/local_ssh.yml for localhost

TASK [Ensure the local ssh directory is exist] ***********************************************
ok: [localhost]

TASK [Copy the algo ssh key to the local ssh directory] **************************************
changed: [localhost]

PLAY [Configure the server and install required software] ************************************

TASK [Common pre-tasks] **********************************************************************
included: /Users/SW/Documents/Code/_algo/playbooks/common.yml for 104.209.159.2

TASK [Check the system] **********************************************************************
changed: [104.209.159.2]

TASK [Ubuntu pre-tasks] **********************************************************************
included: /Users/SW/Documents/Code/_algo/playbooks/ubuntu.yml for 104.209.159.2

TASK [Ubuntu | Install prerequisites] ********************************************************
changed: [104.209.159.2] => (item=sleep 10)
changed: [104.209.159.2] => (item=apt-get update -qq)
changed: [104.209.159.2] => (item=apt-get install -qq -y python2.7 sudo)

TASK [Ubuntu | Configure defaults] ***********************************************************
changed: [104.209.159.2]

TASK [FreeBSD pre-tasks] *********************************************************************
skipping: [104.209.159.2]

TASK [include_tasks] *************************************************************************
included: /Users/SW/Documents/Code/_algo/playbooks/facts/main.yml for 104.209.159.2

TASK [Gather Facts] **************************************************************************
ok: [104.209.159.2]

TASK [Ensure the algo ssh key exist on the server] *******************************************
changed: [104.209.159.2]

TASK [Check if IPv6 configured] **************************************************************
ok: [104.209.159.2]

TASK [Set facts if the deployment in a cloud] ************************************************
ok: [104.209.159.2]

TASK [Generate password for the CA key] ******************************************************
changed: [104.209.159.2 -> localhost]

TASK [Generate p12 export password] **********************************************************
changed: [104.209.159.2 -> localhost]

TASK [Define password facts] *****************************************************************
ok: [104.209.159.2]

TASK [Define the commonName] *****************************************************************
ok: [104.209.159.2]

TASK [common : include_tasks] ****************************************************************
included: /Users/SW/Documents/Code/_algo/roles/common/tasks/ubuntu.yml for 104.209.159.2

TASK [common : Install software updates] *****************************************************
changed: [104.209.159.2]

TASK [common : Upgrade the ca certificates] **************************************************
ok: [104.209.159.2]

TASK [common : Check if reboot is required] **************************************************
changed: [104.209.159.2]

TASK [common : Reboot] ***********************************************************************
skipping: [104.209.159.2]

TASK [common : Wait until SSH becomes ready...] **********************************************
skipping: [104.209.159.2]

TASK [common : Include unatteded upgrades configuration] *************************************
included: /Users/SW/Documents/Code/_algo/roles/common/tasks/unattended-upgrades.yml for 104.209.159.2

TASK [common : Install unattended-upgrades] **************************************************
ok: [104.209.159.2]

TASK [common : Configure unattended-upgrades] ************************************************
changed: [104.209.159.2]

TASK [common : Periodic upgrades configured] *************************************************
changed: [104.209.159.2]

TASK [common : Disable MOTD on login and SSHD] ***********************************************
changed: [104.209.159.2] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'})
changed: [104.209.159.2] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})

TASK [common : Loopback for services configured] *********************************************
changed: [104.209.159.2]

TASK [common : systemd-networkd enabled and started] *****************************************
ok: [104.209.159.2]

RUNNING HANDLER [common : restart systemd-networkd] ******************************************
changed: [104.209.159.2]

TASK [common : Check apparmor support] *******************************************************
changed: [104.209.159.2]

TASK [common : set_fact] *********************************************************************
ok: [104.209.159.2]

TASK [common : set_fact] *********************************************************************
ok: [104.209.159.2]

TASK [common : include_tasks] ****************************************************************
skipping: [104.209.159.2]

TASK [common : Install tools] ****************************************************************
ok: [104.209.159.2] => (item=git)
ok: [104.209.159.2] => (item=screen)
changed: [104.209.159.2] => (item=apparmor-utils)
ok: [104.209.159.2] => (item=uuid-runtime)
ok: [104.209.159.2] => (item=coreutils)
changed: [104.209.159.2] => (item=iptables-persistent)
changed: [104.209.159.2] => (item=cgroup-tools)
ok: [104.209.159.2] => (item=openssl,linux-headers-4.15.0-1013-azure)

TASK [common : Sysctl tuning] ****************************************************************
changed: [104.209.159.2] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
changed: [104.209.159.2] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1})
changed: [104.209.159.2] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})

TASK [dns_encryption : Include tasks for Ubuntu] *********************************************
included: /Users/SW/Documents/Code/_algo/roles/dns_encryption/tasks/ubuntu.yml for 104.209.159.2

TASK [dns_encryption : Add the repository] ***************************************************
changed: [104.209.159.2]

TASK [dns_encryption : Install dnscrypt-proxy] ***********************************************
changed: [104.209.159.2]

TASK [dns_encryption : Ubuntu | Unbound profile for apparmor configured] *********************
changed: [104.209.159.2]

TASK [dns_encryption : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ******************
ok: [104.209.159.2]

TASK [dns_encryption : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ******
changed: [104.209.159.2]

TASK [dns_encryption : Ubuntu | Add capabilities to bind ports] ******************************
changed: [104.209.159.2]

TASK [dns_encryption : Include tasks for FreeBSD] ********************************************
skipping: [104.209.159.2]

TASK [dns_encryption : dnscrypt-proxy configured] ********************************************
changed: [104.209.159.2]

TASK [dns_encryption : dnscrypt-proxy enabled and started] ***********************************
ok: [104.209.159.2]

RUNNING HANDLER [dns_encryption : restart dnscrypt-proxy] ************************************
changed: [104.209.159.2]

TASK [dns_adblocking : The DNS tag is defined] ***********************************************
ok: [104.209.159.2]

TASK [dns_adblocking : Dnsmasq installed] ****************************************************
changed: [104.209.159.2]

TASK [dns_adblocking : Ensure that the dnsmasq user exist] ***********************************
changed: [104.209.159.2]

TASK [dns_adblocking : The dnsmasq directory created] ****************************************
changed: [104.209.159.2]

TASK [dns_adblocking : include_tasks] ********************************************************
included: /Users/SW/Documents/Code/_algo/roles/dns_adblocking/tasks/ubuntu.yml for 104.209.159.2

TASK [dns_adblocking : Ubuntu | Dnsmasq profile for apparmor configured] *********************
changed: [104.209.159.2]

TASK [dns_adblocking : Ubuntu | Enforce the dnsmasq AppArmor policy] *************************
changed: [104.209.159.2]

TASK [dns_adblocking : Ubuntu | Ensure that the dnsmasq service directory exist] *************
changed: [104.209.159.2]

TASK [dns_adblocking : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ***********
changed: [104.209.159.2]

TASK [dns_adblocking : include_tasks] ********************************************************
skipping: [104.209.159.2]

TASK [dns_adblocking : Dnsmasq configured] ***************************************************
changed: [104.209.159.2]

TASK [dns_adblocking : Adblock script created] ***********************************************
changed: [104.209.159.2]

TASK [dns_adblocking : Adblock script added to cron] *****************************************
changed: [104.209.159.2]

TASK [dns_adblocking : Update adblock hosts] *************************************************
changed: [104.209.159.2]

RUNNING HANDLER [dns_adblocking : restart dnsmasq] *******************************************
changed: [104.209.159.2]

RUNNING HANDLER [vpn : daemon-reload] ********************************************************
changed: [104.209.159.2]

TASK [dns_adblocking : Dnsmasq enabled and started] ******************************************
ok: [104.209.159.2]

TASK [wireguard : WireGuard repository configured] *******************************************
changed: [104.209.159.2]

TASK [wireguard : WireGuard installed] *******************************************************
changed: [104.209.159.2]

TASK [wireguard : Ensure the required directories exist] *************************************
changed: [104.209.159.2 -> localhost] => (item=private)
changed: [104.209.159.2 -> localhost] => (item=public)

TASK [wireguard : Delete the lock files] *****************************************************
skipping: [104.209.159.2] => (item=wiiind_x1) 
skipping: [104.209.159.2] => (item=wiiind_iNaes2) 
skipping: [104.209.159.2] => (item=wiiind_iNaesD) 
skipping: [104.209.159.2] => (item=jm) 
skipping: [104.209.159.2] => (item=104.209.159.2) 

TASK [wireguard : Generate private keys] *****************************************************
changed: [104.209.159.2] => (item=wiiind_x1)
changed: [104.209.159.2] => (item=wiiind_iNaes2)
changed: [104.209.159.2] => (item=wiiind_iNaesD)
changed: [104.209.159.2] => (item=jm)
changed: [104.209.159.2] => (item=104.209.159.2)
 [WARNING]: As of Ansible 2.4, the parameter 'executable' is no longer supported with the
'command' module. Not using 'bash'.

TASK [wireguard : Save private keys] *********************************************************
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)

TASK [wireguard : Touch the lock file] *******************************************************
changed: [104.209.159.2] => (item=wiiind_x1)
changed: [104.209.159.2] => (item=wiiind_iNaes2)
changed: [104.209.159.2] => (item=wiiind_iNaesD)
changed: [104.209.159.2] => (item=jm)
changed: [104.209.159.2] => (item=104.209.159.2)

TASK [wireguard : Generate public keys] ******************************************************
ok: [104.209.159.2] => (item=wiiind_x1)
ok: [104.209.159.2] => (item=wiiind_iNaes2)
ok: [104.209.159.2] => (item=wiiind_iNaesD)
ok: [104.209.159.2] => (item=jm)
ok: [104.209.159.2] => (item=104.209.159.2)

TASK [wireguard : Save public keys] **********************************************************
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)

TASK [wireguard : WireGuard configured] ******************************************************
changed: [104.209.159.2]

TASK [wireguard : WireGuard reload-module-on-update] *****************************************
changed: [104.209.159.2]

TASK [wireguard : WireGuard users config generated] ******************************************
changed: [104.209.159.2 -> localhost] => (item=(0, u'wiiind_x1'))
changed: [104.209.159.2 -> localhost] => (item=(1, u'wiiind_iNaes2'))
changed: [104.209.159.2 -> localhost] => (item=(2, u'wiiind_iNaesD'))
changed: [104.209.159.2 -> localhost] => (item=(3, u'jm'))

TASK [wireguard : WireGuard enabled and started] *********************************************
changed: [104.209.159.2]

RUNNING HANDLER [wireguard : restart wireguard] **********************************************
changed: [104.209.159.2]

TASK [vpn : Ensure that the strongswan group exist] ******************************************
changed: [104.209.159.2]

TASK [vpn : Ensure that the strongswan user exist] *******************************************
changed: [104.209.159.2]

TASK [vpn : include_tasks] *******************************************************************
included: /Users/SW/Documents/Code/_algo/roles/vpn/tasks/ubuntu.yml for 104.209.159.2

TASK [vpn : set_fact] ************************************************************************
ok: [104.209.159.2]

TASK [vpn : Ubuntu | Install strongSwan] *****************************************************
changed: [104.209.159.2]

TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] ******************************************
changed: [104.209.159.2] => (item=/usr/lib/ipsec/charon)
changed: [104.209.159.2] => (item=/usr/lib/ipsec/lookip)
changed: [104.209.159.2] => (item=/usr/lib/ipsec/stroke)

TASK [vpn : Ubuntu | Enable services] ********************************************************
ok: [104.209.159.2] => (item=apparmor)
ok: [104.209.159.2] => (item=strongswan)
ok: [104.209.159.2] => (item=netfilter-persistent)

TASK [vpn : Ubuntu | Ensure that the strongswan service directory exist] *********************
changed: [104.209.159.2]

TASK [vpn : Ubuntu | Setup the cgroup limitations for the ipsec daemon] **********************
changed: [104.209.159.2]

TASK [vpn : include_tasks] *******************************************************************
included: /Users/SW/Documents/Code/_algo/roles/vpn/tasks/iptables.yml for 104.209.159.2

TASK [vpn : Iptables configured] *************************************************************
changed: [104.209.159.2] => (item={u'dest': u'/etc/iptables/rules.v4', u'src': u'rules.v4.j2'})

TASK [vpn : Iptables configured] *************************************************************
skipping: [104.209.159.2] => (item={u'dest': u'/etc/iptables/rules.v6', u'src': u'rules.v6.j2'}) 

TASK [vpn : include_tasks] *******************************************************************
skipping: [104.209.159.2]

TASK [vpn : Install strongSwan] **************************************************************
ok: [104.209.159.2]

TASK [vpn : include_tasks] *******************************************************************
included: /Users/SW/Documents/Code/_algo/roles/vpn/tasks/ipsec_configuration.yml for 104.209.159.2

TASK [vpn : Setup the config files from our templates] ***************************************
changed: [104.209.159.2] => (item={u'dest': u'/etc/strongswan.conf', u'src': u'strongswan.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [104.209.159.2] => (item={u'dest': u'/etc/ipsec.conf', u'src': u'ipsec.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [104.209.159.2] => (item={u'dest': u'/etc/ipsec.secrets', u'src': u'ipsec.secrets.j2', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})

TASK [vpn : Get loaded plugins] **************************************************************
changed: [104.209.159.2]

TASK [vpn : Disable unneeded plugins] ********************************************************
skipping: [104.209.159.2] => (item=revocation) 
changed: [104.209.159.2] => (item=agent)
changed: [104.209.159.2] => (item=bypass-lan)
skipping: [104.209.159.2] => (item=pem) 
skipping: [104.209.159.2] => (item=stroke) 
changed: [104.209.159.2] => (item=fips-prf)
skipping: [104.209.159.2] => (item=pkcs12) 
changed: [104.209.159.2] => (item=sshkey)
changed: [104.209.159.2] => (item=dnskey)
changed: [104.209.159.2] => (item=md5)
changed: [104.209.159.2] => (item=resolve)
skipping: [104.209.159.2] => (item=pgp) 
changed: [104.209.159.2] => (item=updown)
changed: [104.209.159.2] => (item=sha1)
skipping: [104.209.159.2] => (item=hmac) 
changed: [104.209.159.2] => (item=counters)
changed: [104.209.159.2] => (item=md4)
changed: [104.209.159.2] => (item=xcbc)
changed: [104.209.159.2] => (item=mgf1)
skipping: [104.209.159.2] => (item=pubkey) 
skipping: [104.209.159.2] => (item=openssl) 
changed: [104.209.159.2] => (item=gmp)
changed: [104.209.159.2] => (item=connmark)
changed: [104.209.159.2] => (item=rc2)
skipping: [104.209.159.2] => (item=pkcs8) 
changed: [104.209.159.2] => (item=pkcs1)
skipping: [104.209.159.2] => (item=nonce) 
changed: [104.209.159.2] => (item=xauth-generic)
skipping: [104.209.159.2] => (item=x509) 
skipping: [104.209.159.2] => (item=gcm) 
skipping: [104.209.159.2] => (item=random) 
changed: [104.209.159.2] => (item=eap-mschapv2)
changed: [104.209.159.2] => (item=attr)
skipping: [104.209.159.2] => (item=socket-default) 
skipping: [104.209.159.2] => (item=aes) 
skipping: [104.209.159.2] => (item=kernel-netlink) 
changed: [104.209.159.2] => (item=aesni)
changed: [104.209.159.2] => (item=constraints)
skipping: [104.209.159.2] => (item=sha2) 
skipping: [104.209.159.2] => (item=pkcs7) 

TASK [vpn : Ensure that required plugins are enabled] ****************************************
changed: [104.209.159.2] => (item=revocation)
skipping: [104.209.159.2] => (item=agent) 
skipping: [104.209.159.2] => (item=bypass-lan) 
changed: [104.209.159.2] => (item=pem)
changed: [104.209.159.2] => (item=stroke)
skipping: [104.209.159.2] => (item=fips-prf) 
changed: [104.209.159.2] => (item=pkcs12)
skipping: [104.209.159.2] => (item=sshkey) 
skipping: [104.209.159.2] => (item=dnskey) 
skipping: [104.209.159.2] => (item=md5) 
skipping: [104.209.159.2] => (item=resolve) 
changed: [104.209.159.2] => (item=pgp)
skipping: [104.209.159.2] => (item=updown) 
skipping: [104.209.159.2] => (item=sha1) 
changed: [104.209.159.2] => (item=hmac)
skipping: [104.209.159.2] => (item=counters) 
skipping: [104.209.159.2] => (item=md4) 
skipping: [104.209.159.2] => (item=xcbc) 
skipping: [104.209.159.2] => (item=mgf1) 
changed: [104.209.159.2] => (item=pubkey)
changed: [104.209.159.2] => (item=openssl)
skipping: [104.209.159.2] => (item=gmp) 
skipping: [104.209.159.2] => (item=connmark) 
skipping: [104.209.159.2] => (item=rc2) 
changed: [104.209.159.2] => (item=pkcs8)
skipping: [104.209.159.2] => (item=pkcs1) 
changed: [104.209.159.2] => (item=nonce)
skipping: [104.209.159.2] => (item=xauth-generic) 
changed: [104.209.159.2] => (item=x509)
changed: [104.209.159.2] => (item=gcm)
changed: [104.209.159.2] => (item=random)
skipping: [104.209.159.2] => (item=eap-mschapv2) 
skipping: [104.209.159.2] => (item=attr) 
changed: [104.209.159.2] => (item=socket-default)
changed: [104.209.159.2] => (item=aes)
changed: [104.209.159.2] => (item=kernel-netlink)
skipping: [104.209.159.2] => (item=aesni) 
skipping: [104.209.159.2] => (item=constraints) 
changed: [104.209.159.2] => (item=sha2)
changed: [104.209.159.2] => (item=pkcs7)

TASK [vpn : include_tasks] *******************************************************************
included: /Users/SW/Documents/Code/_algo/roles/vpn/tasks/openssl.yml for 104.209.159.2

TASK [vpn : Set subjectAltName as a fact] ****************************************************
ok: [104.209.159.2 -> localhost]

TASK [vpn : Ensure the pki directory does not exist] *****************************************
skipping: [104.209.159.2]

TASK [vpn : Ensure the pki directories exist] ************************************************
changed: [104.209.159.2 -> localhost] => (item=ecparams)
changed: [104.209.159.2 -> localhost] => (item=certs)
changed: [104.209.159.2 -> localhost] => (item=crl)
changed: [104.209.159.2 -> localhost] => (item=newcerts)
changed: [104.209.159.2 -> localhost] => (item=private)
changed: [104.209.159.2 -> localhost] => (item=reqs)

TASK [vpn : Ensure the files exist] **********************************************************
changed: [104.209.159.2 -> localhost] => (item=.rnd)
changed: [104.209.159.2 -> localhost] => (item=private/.rnd)
changed: [104.209.159.2 -> localhost] => (item=index.txt)
changed: [104.209.159.2 -> localhost] => (item=index.txt.attr)
changed: [104.209.159.2 -> localhost] => (item=serial)

TASK [vpn : Generate the openssl server configs] *********************************************
changed: [104.209.159.2 -> localhost]

TASK [vpn : Build the CA pair] ***************************************************************
changed: [104.209.159.2 -> localhost]

TASK [vpn : Copy the CA certificate] *********************************************************
changed: [104.209.159.2 -> localhost]

TASK [vpn : Generate the serial number] ******************************************************
changed: [104.209.159.2 -> localhost]

TASK [vpn : Build the server pair] ***********************************************************
changed: [104.209.159.2 -> localhost]

TASK [vpn : Build the client's pair] *********************************************************
changed: [104.209.159.2 -> localhost] => (item=wiiind_x1)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaes2)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaesD)
changed: [104.209.159.2 -> localhost] => (item=jm)

TASK [vpn : Build the client's p12] **********************************************************
changed: [104.209.159.2 -> localhost] => (item=wiiind_x1)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaes2)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaesD)
changed: [104.209.159.2 -> localhost] => (item=jm)

TASK [vpn : Copy the p12 certificates] *******************************************************
changed: [104.209.159.2 -> localhost] => (item=wiiind_x1)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaes2)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaesD)
changed: [104.209.159.2 -> localhost] => (item=jm)

TASK [vpn : Get active users] ****************************************************************
changed: [104.209.159.2 -> localhost]

TASK [vpn : Revoke non-existing users] *******************************************************
skipping: [104.209.159.2] => (item=wiiind_x1) 
skipping: [104.209.159.2] => (item=wiiind_iNaes2) 
skipping: [104.209.159.2] => (item=wiiind_iNaesD) 
skipping: [104.209.159.2] => (item=jm) 

TASK [vpn : Genereate new CRL file] **********************************************************
skipping: [104.209.159.2]

TASK [vpn : Copy the CRL to the vpn server] **************************************************
skipping: [104.209.159.2]

TASK [vpn : include_tasks] *******************************************************************
included: /Users/SW/Documents/Code/_algo/roles/vpn/tasks/distribute_keys.yml for 104.209.159.2

TASK [vpn : Copy the keys to the strongswan directory] ***************************************
changed: [104.209.159.2] => (item={u'dest': u'/etc/ipsec.d/cacerts/ca.crt', u'src': u'configs/104.209.159.2/pki/cacert.pem', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [104.209.159.2] => (item={u'dest': u'/etc/ipsec.d/certs/104.209.159.2.crt', u'src': u'configs/104.209.159.2/pki/certs/104.209.159.2.crt', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [104.209.159.2] => (item={u'dest': u'/etc/ipsec.d/private/104.209.159.2.key', u'src': u'configs/104.209.159.2/pki/private/104.209.159.2.key', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})

TASK [vpn : include_tasks] *******************************************************************
included: /Users/SW/Documents/Code/_algo/roles/vpn/tasks/client_configs.yml for 104.209.159.2

TASK [vpn : Register p12 PayloadContent] *****************************************************
changed: [104.209.159.2 -> localhost] => (item=wiiind_x1)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaes2)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaesD)
changed: [104.209.159.2 -> localhost] => (item=jm)

TASK [vpn : Set facts for mobileconfigs] *****************************************************
ok: [104.209.159.2 -> localhost]

TASK [vpn : Build the mobileconfigs] *********************************************************
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)
changed: [104.209.159.2] => (item=None)

TASK [vpn : Build the client ipsec config file] **********************************************
changed: [104.209.159.2 -> localhost] => (item=wiiind_x1)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaes2)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaesD)
changed: [104.209.159.2 -> localhost] => (item=jm)

TASK [vpn : Build the client ipsec secret file] **********************************************
changed: [104.209.159.2 -> localhost] => (item=wiiind_x1)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaes2)
changed: [104.209.159.2 -> localhost] => (item=wiiind_iNaesD)
changed: [104.209.159.2 -> localhost] => (item=jm)

TASK [vpn : Create the windows check file] ***************************************************
changed: [104.209.159.2 -> localhost]

TASK [vpn : Check if the windows check file exists] ******************************************
ok: [104.209.159.2 -> localhost]

TASK [vpn : Build the windows client powershell script] **************************************
changed: [104.209.159.2 -> localhost] => (item=[u'wiiind_x1', {'_ansible_parsed': True, 'stderr_lines': [], u'cmd': u'cat private/wiiind_x1.p12 | base64', u'end': u'2018-06-23 21:24:38.532732', '_ansible_no_log': False, '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'changed': True, u'stdout': u'MIIEKQIBAzCCA+8GCSqGSIb3DQEHAaCCA+AEggPcMIID2DCCAqcGCSqGSIb3DQEHBqCCApgwggKUAgEAMIICjQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIoE9QTruiyboCAggAgIICYLfgcvSrfcozt3/nDqY8CRcWJwC5oNdkYqkJKMizZp9sXpp0InJfhg8v9wNoBDqqS8sKsxa4bzlWtoLLYWaUvUKMeP5ODfjhcUb1oSfS19evQIhpku6smEq/c++30UvaFfUiCW+ns76G3H+tC1tMxn8WPYEg7O537QA1JxnjZfso6nYUApo/ZjGQ0Tb2p3GgqmhNHwuOVLKQlUYm7TGmJ7733kFzyt3+DB5KAgc4BgEk5lcMj4rQ886LCPGE0S50XS+AxjjQX+2+XEh9Dxreyq9D1SX3eTsbUQ+qn8VZhPo6lNKPSPgc1MiNDSS0SO0VQFkNes/uZlsZzvIz0z9U+vSVZc5YnMEf8xwhu6gUUOiYYheKJh8gGdwzz8XVRQpfkt17Eel+Lh3ZpzbKQmL9kjOOllMX0bObHRfOlVN2Pmcs0BbYvdJSMhAvYejzVxm+H7WsZ/0fIO9logDIvU8yRAuaNqu+wiLrxlPQyyXvYqudJ37JH3hU+y5b0qpZLEWBHpM1KBR+NkmJNdLxAQa5PWLRbbr1sNOEibYcbo1/YY+2N0N9AlEN/IETxxwd4lNd5v9wqbKV4saTM0ZIU5y96XmVo4FNNR78fLvU13LeNFTVp1TYBDn2bKF3YpKrlkEKHBiPCAGea/X2M75hI0QtS2RPtuTaYQlPjDjfBe/v/Vw+UtQV6e+ptF+6m8TQgLZhN9KRL9tD0wOz6bpQpgx+8kFs3406HBO/ugGCdUiQdSusWNt2zhAI20Es6EBu7PjGVxzc5wu5Hbe+POvPXUklIEguJk6cr0tLo+F4M3HIKdGeMIIBKQYJKoZIhvcNAQcBoIIBGgSCARYwggESMIIBDgYLKoZIhvcNAQwKAQKggbQwgbEwHAYKKoZIhvcNAQwBAzAOBAhsgtUQdWtxjAICCAAEgZA/OQRVJ8IndSN/A6RFgn3TIjOtk8ZS3vu7mzL7yJojsknOKiGOlSB/a6/XvlNeHzUUE/ULOXkuapFFtMADIStULtn7uaO6W+RM0iNmgcrM0Q5aRyn7VSzzCxrrrppf0lfmJVypmfq/4/xF3DN78Y00mQ+OEDw3bqAZFNvSVEoPyc22Tg+IBgovGPR7HJwpSPoxSDAhBgkqhkiG9w0BCRQxFB4SAHcAaQBpAGkAbgBkAF8AeAAxMCMGCSqGSIb3DQEJFTEWBBQoBcLheFAizh290WlfQyj3zg/ZFjAxMCEwCQYFKw4DAhoFAAQU4JTru/fcpBPshY1sXjJMOIggiY8ECJCBqCGnu8TYAgIIAA==', 'item': u'wiiind_x1', u'delta': u'0:00:00.017422', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'warn': True, u'executable': None, u'chdir': u'configs/104.209.159.2/pki/', u'_raw_params': u'cat private/wiiind_x1.p12 | base64', u'removes': None, u'creates': None, u'_uses_shell': True, u'stdin': None}}, 'stdout_lines': [u'MIIEKQIBAzCCA+8GCSqGSIb3DQEHAaCCA+AEggPcMIID2DCCAqcGCSqGSIb3DQEHBqCCApgwggKUAgEAMIICjQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIoE9QTruiyboCAggAgIICYLfgcvSrfcozt3/nDqY8CRcWJwC5oNdkYqkJKMizZp9sXpp0InJfhg8v9wNoBDqqS8sKsxa4bzlWtoLLYWaUvUKMeP5ODfjhcUb1oSfS19evQIhpku6smEq/c++30UvaFfUiCW+ns76G3H+tC1tMxn8WPYEg7O537QA1JxnjZfso6nYUApo/ZjGQ0Tb2p3GgqmhNHwuOVLKQlUYm7TGmJ7733kFzyt3+DB5KAgc4BgEk5lcMj4rQ886LCPGE0S50XS+AxjjQX+2+XEh9Dxreyq9D1SX3eTsbUQ+qn8VZhPo6lNKPSPgc1MiNDSS0SO0VQFkNes/uZlsZzvIz0z9U+vSVZc5YnMEf8xwhu6gUUOiYYheKJh8gGdwzz8XVRQpfkt17Eel+Lh3ZpzbKQmL9kjOOllMX0bObHRfOlVN2Pmcs0BbYvdJSMhAvYejzVxm+H7WsZ/0fIO9logDIvU8yRAuaNqu+wiLrxlPQyyXvYqudJ37JH3hU+y5b0qpZLEWBHpM1KBR+NkmJNdLxAQa5PWLRbbr1sNOEibYcbo1/YY+2N0N9AlEN/IETxxwd4lNd5v9wqbKV4saTM0ZIU5y96XmVo4FNNR78fLvU13LeNFTVp1TYBDn2bKF3YpKrlkEKHBiPCAGea/X2M75hI0QtS2RPtuTaYQlPjDjfBe/v/Vw+UtQV6e+ptF+6m8TQgLZhN9KRL9tD0wOz6bpQpgx+8kFs3406HBO/ugGCdUiQdSusWNt2zhAI20Es6EBu7PjGVxzc5wu5Hbe+POvPXUklIEguJk6cr0tLo+F4M3HIKdGeMIIBKQYJKoZIhvcNAQcBoIIBGgSCARYwggESMIIBDgYLKoZIhvcNAQwKAQKggbQwgbEwHAYKKoZIhvcNAQwBAzAOBAhsgtUQdWtxjAICCAAEgZA/OQRVJ8IndSN/A6RFgn3TIjOtk8ZS3vu7mzL7yJojsknOKiGOlSB/a6/XvlNeHzUUE/ULOXkuapFFtMADIStULtn7uaO6W+RM0iNmgcrM0Q5aRyn7VSzzCxrrrppf0lfmJVypmfq/4/xF3DN78Y00mQ+OEDw3bqAZFNvSVEoPyc22Tg+IBgovGPR7HJwpSPoxSDAhBgkqhkiG9w0BCRQxFB4SAHcAaQBpAGkAbgBkAF8AeAAxMCMGCSqGSIb3DQEJFTEWBBQoBcLheFAizh290WlfQyj3zg/ZFjAxMCEwCQYFKw4DAhoFAAQU4JTru/fcpBPshY1sXjJMOIggiY8ECJCBqCGnu8TYAgIIAA=='], u'start': u'2018-06-23 21:24:38.515310', '_ansible_ignore_errors': None, 'failed': False}])
changed: [104.209.159.2 -> localhost] => (item=[u'wiiind_iNaes2', {'_ansible_parsed': True, 'stderr_lines': [], u'cmd': u'cat private/wiiind_iNaes2.p12 | base64', u'end': u'2018-06-23 21:24:38.854364', '_ansible_no_log': False, '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'changed': True, u'stdout': u'MIIEQQIBAzCCBAcGCSqGSIb3DQEHAaCCA/gEggP0MIID8DCCArcGCSqGSIb3DQEHBqCCAqgwggKkAgEAMIICnQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIJfsyFKs3xyACAggAgIICcDkUh7ug6+w9ttUdrisJVxcKfRI54v6VstRPIPOTz8ibFrZTHwwyHl7DpbICCvBCoWc92bKA/FfUPCBlYp17C+lgcHZL9TBf+7Xff32ggdSE8ssPPntuf/HI5HLi50lJiJsyhf2aRiqwln1z+xsx6QaMF/gvYITrlDz+8CAmhs3/ht/4tRltpp/+kS2MihVsVkyE1amhii48WdXgPnNXmHr4yz3bHSdGlgI1XUG9TpiKOenpbed1pM6v7bFMb+erDFkGyceySKVpS6tMYbcuIdCpbiMsid6wXWF2JwgqBC1UXM6CsDnJM3ArAzDFifGe8nXce2t3skTlOxN/1z2CLOKdnsAQMSdCoH9ZC0H9WPOvrp7JA2w/2gO13XRIGulScWSWJP0vaCJE8JfhAGDAN8Cb+a211zpIRJQ1bNPNxLgZjwdTsl8/EW0YBgtHXxMewH4S6hCC1Ux8IpAkZEj1RLChAMA7qjnnACYHUD097iFy/pIZPs3t/qtr61Gpvj1GmSFDG4xllC01uLMlaaDtPFwaR5m0BxJgGataeMuPRUQECriezso0Xeww0IOmvYN2SFPQg6Hv8Mjj92TEC4qmZFsoQ9hNAy7MiTuN5sdIptqJ+p+8oS2EUFA81xR0sPh1iXsPFcrosHOPB0ShDGiTgs5uygr4GvO5l7t3IHvWq0H8C+151zIRK5Deu+VCqV0q6gPnzawaEPtZb/tmLQlYLxD/A+1/9ZJ9cnzO0WlAVgGki8i4UtFilom1tSjYRcKyq4+2v2GtLpl56MXJPoHiPS9hlky7vt5GsFj30pujGz3brITKZbtZdxgwJyy0xPuflTCCATEGCSqGSIb3DQEHAaCCASIEggEeMIIBGjCCARYGCyqGSIb3DQEMCgECoIG0MIGxMBwGCiqGSIb3DQEMAQMwDgQIXK6tejWkdDkCAggABIGQY5Qq2wHAAK/tXPvQWbkPsu+73KhiqyVkdjdOEqLIJCwYHkcUPVnjX+2ftf75oj0jAwDQ+CpvHszSCB0ORdYFGXl9E+ddyD1qbWOnCWoKifBTnuGhaJGcT93K1KrkcA6/qvSgtL2NL8MB/HsRbOJP8D5DeWUEQlfzH5pZdX/NWGjYAYlSU3D0tTVlUahpXZMsMVAwIwYJKoZIhvcNAQkVMRYEFILN567h2eqHoy2mvyAjF4QCZWHuMCkGCSqGSIb3DQEJFDEcHhoAdwBpAGkAaQBuAGQAXwBpAE4AYQBlAHMAMjAxMCEwCQYFKw4DAhoFAAQU6kqnZoTkJI506TzZFjesIOJOJoQECLCgjQgj6LWFAgIIAA==', 'item': u'wiiind_iNaes2', u'delta': u'0:00:00.016310', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'warn': True, u'executable': None, u'chdir': u'configs/104.209.159.2/pki/', u'_raw_params': u'cat private/wiiind_iNaes2.p12 | base64', u'removes': None, u'creates': None, u'_uses_shell': True, u'stdin': None}}, 'stdout_lines': [u'MIIEQQIBAzCCBAcGCSqGSIb3DQEHAaCCA/gEggP0MIID8DCCArcGCSqGSIb3DQEHBqCCAqgwggKkAgEAMIICnQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIJfsyFKs3xyACAggAgIICcDkUh7ug6+w9ttUdrisJVxcKfRI54v6VstRPIPOTz8ibFrZTHwwyHl7DpbICCvBCoWc92bKA/FfUPCBlYp17C+lgcHZL9TBf+7Xff32ggdSE8ssPPntuf/HI5HLi50lJiJsyhf2aRiqwln1z+xsx6QaMF/gvYITrlDz+8CAmhs3/ht/4tRltpp/+kS2MihVsVkyE1amhii48WdXgPnNXmHr4yz3bHSdGlgI1XUG9TpiKOenpbed1pM6v7bFMb+erDFkGyceySKVpS6tMYbcuIdCpbiMsid6wXWF2JwgqBC1UXM6CsDnJM3ArAzDFifGe8nXce2t3skTlOxN/1z2CLOKdnsAQMSdCoH9ZC0H9WPOvrp7JA2w/2gO13XRIGulScWSWJP0vaCJE8JfhAGDAN8Cb+a211zpIRJQ1bNPNxLgZjwdTsl8/EW0YBgtHXxMewH4S6hCC1Ux8IpAkZEj1RLChAMA7qjnnACYHUD097iFy/pIZPs3t/qtr61Gpvj1GmSFDG4xllC01uLMlaaDtPFwaR5m0BxJgGataeMuPRUQECriezso0Xeww0IOmvYN2SFPQg6Hv8Mjj92TEC4qmZFsoQ9hNAy7MiTuN5sdIptqJ+p+8oS2EUFA81xR0sPh1iXsPFcrosHOPB0ShDGiTgs5uygr4GvO5l7t3IHvWq0H8C+151zIRK5Deu+VCqV0q6gPnzawaEPtZb/tmLQlYLxD/A+1/9ZJ9cnzO0WlAVgGki8i4UtFilom1tSjYRcKyq4+2v2GtLpl56MXJPoHiPS9hlky7vt5GsFj30pujGz3brITKZbtZdxgwJyy0xPuflTCCATEGCSqGSIb3DQEHAaCCASIEggEeMIIBGjCCARYGCyqGSIb3DQEMCgECoIG0MIGxMBwGCiqGSIb3DQEMAQMwDgQIXK6tejWkdDkCAggABIGQY5Qq2wHAAK/tXPvQWbkPsu+73KhiqyVkdjdOEqLIJCwYHkcUPVnjX+2ftf75oj0jAwDQ+CpvHszSCB0ORdYFGXl9E+ddyD1qbWOnCWoKifBTnuGhaJGcT93K1KrkcA6/qvSgtL2NL8MB/HsRbOJP8D5DeWUEQlfzH5pZdX/NWGjYAYlSU3D0tTVlUahpXZMsMVAwIwYJKoZIhvcNAQkVMRYEFILN567h2eqHoy2mvyAjF4QCZWHuMCkGCSqGSIb3DQEJFDEcHhoAdwBpAGkAaQBuAGQAXwBpAE4AYQBlAHMAMjAxMCEwCQYFKw4DAhoFAAQU6kqnZoTkJI506TzZFjesIOJOJoQECLCgjQgj6LWFAgIIAA=='], u'start': u'2018-06-23 21:24:38.838054', '_ansible_ignore_errors': None, 'failed': False}])
changed: [104.209.159.2 -> localhost] => (item=[u'wiiind_iNaesD', {'_ansible_parsed': True, 'stderr_lines': [], u'cmd': u'cat private/wiiind_iNaesD.p12 | base64', u'end': u'2018-06-23 21:24:39.180313', '_ansible_no_log': False, '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'changed': True, u'stdout': u'MIIEQQIBAzCCBAcGCSqGSIb3DQEHAaCCA/gEggP0MIID8DCCArcGCSqGSIb3DQEHBqCCAqgwggKkAgEAMIICnQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIdIb4NKMgCYcCAggAgIICcN+kxefVmb+ATgguqf8YrAkXK9IXfqEeyb7SlcaQHQjo2t1RLUBpVcXckRE7hkj6DJjm0fHiieRabgLIVPmi0Y0Gi8xE9dt+aPJOq6ga1sq0R0oeSOUQJ1aYOhc9zTMuC/3FVGJ/9Whrg2J8yZITZrw3Dpkwj4JxOsVDZBC2FWZYttXbifwZ+I3EYKVHvDM67kXAtLSlfEMC+HysgSKBA1Y+rhldxavcb1PsXaa3r4PTicKr2soQ3myJnz6Pkn2+fpmQIg0IueprhMdv8+ttluIYybR4mFNclXp8kfqCDIw7XMpZ5t5f4crHNIo8RIinshmzuXCZ9OIdHqU4rJzmuEgqH7lAj8/b+b+iMzmjHlj+c9IuVRcXOf2M1ibFUTruRayp2jUO591x9y00VseqybNU3pn0oze0BB5CfRWdmfjXCkzzsG4phqdb71tOaZJdbwRWhA4gli5XIpT6Wh5Ac4Bqs5+DYZHnbvQbYIP9lh+FHx/wTOAK0+Ap7n5iRrXDYBey5+0Lzum3qplyjbYA70/2dACoYMSkhUm8FBezcfqhILczZ+JaMaOuzCQ5bRn5V3vrG1mgflv5u6lGds6DKPQYU4o2dPo1Sl1xgh06eVln/U8snDX9hcf8neE1opKgEhAmUH4iOBiwr6u8MqvRQuz04rqT+R6ECMkJJ3l++ied6/5AwvfOMx5gobyRa259eSaZcQGlqtmWcj86wTNFa1oqQbSs2f9hAcWNbl6CR4qU0NAJVTh51SEq03r/Qsno0dzFk/O+CZu/Mepxddw5Xab+buehZGL0i+xwx5ScT48CVqLL0FGj84B58/WMWC+8UjCCATEGCSqGSIb3DQEHAaCCASIEggEeMIIBGjCCARYGCyqGSIb3DQEMCgECoIG0MIGxMBwGCiqGSIb3DQEMAQMwDgQIkE0qS5Rq5UUCAggABIGQmwsOJR/sQaCIyBntQc+I5V8fPALplOGQH6wMroW9T4f8kV8Wnw91H/Y2EtWrsWasRPxijdNZHvLQvzPgZXLa3bBH6W4mfQrZqrhaSwAlsuKHgabKUBmXF3HwROBso3JIjYMXZTrO4IHes2QhPIwcqE3aKy81BPEQTRseM/K9++xyqXZWKOaHqZCVyuFixoEkMVAwIwYJKoZIhvcNAQkVMRYEFKAIWfLRNDqM2KVzQyzG2t5ITg6AMCkGCSqGSIb3DQEJFDEcHhoAdwBpAGkAaQBuAGQAXwBpAE4AYQBlAHMARDAxMCEwCQYFKw4DAhoFAAQUnpO0/f1wj4cQB855ocRbYqVkH/UECJ/5xa6fb/DLAgIIAA==', 'item': u'wiiind_iNaesD', u'delta': u'0:00:00.016347', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'warn': True, u'executable': None, u'chdir': u'configs/104.209.159.2/pki/', u'_raw_params': u'cat private/wiiind_iNaesD.p12 | base64', u'removes': None, u'creates': None, u'_uses_shell': True, u'stdin': None}}, 'stdout_lines': [u'MIIEQQIBAzCCBAcGCSqGSIb3DQEHAaCCA/gEggP0MIID8DCCArcGCSqGSIb3DQEHBqCCAqgwggKkAgEAMIICnQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIdIb4NKMgCYcCAggAgIICcN+kxefVmb+ATgguqf8YrAkXK9IXfqEeyb7SlcaQHQjo2t1RLUBpVcXckRE7hkj6DJjm0fHiieRabgLIVPmi0Y0Gi8xE9dt+aPJOq6ga1sq0R0oeSOUQJ1aYOhc9zTMuC/3FVGJ/9Whrg2J8yZITZrw3Dpkwj4JxOsVDZBC2FWZYttXbifwZ+I3EYKVHvDM67kXAtLSlfEMC+HysgSKBA1Y+rhldxavcb1PsXaa3r4PTicKr2soQ3myJnz6Pkn2+fpmQIg0IueprhMdv8+ttluIYybR4mFNclXp8kfqCDIw7XMpZ5t5f4crHNIo8RIinshmzuXCZ9OIdHqU4rJzmuEgqH7lAj8/b+b+iMzmjHlj+c9IuVRcXOf2M1ibFUTruRayp2jUO591x9y00VseqybNU3pn0oze0BB5CfRWdmfjXCkzzsG4phqdb71tOaZJdbwRWhA4gli5XIpT6Wh5Ac4Bqs5+DYZHnbvQbYIP9lh+FHx/wTOAK0+Ap7n5iRrXDYBey5+0Lzum3qplyjbYA70/2dACoYMSkhUm8FBezcfqhILczZ+JaMaOuzCQ5bRn5V3vrG1mgflv5u6lGds6DKPQYU4o2dPo1Sl1xgh06eVln/U8snDX9hcf8neE1opKgEhAmUH4iOBiwr6u8MqvRQuz04rqT+R6ECMkJJ3l++ied6/5AwvfOMx5gobyRa259eSaZcQGlqtmWcj86wTNFa1oqQbSs2f9hAcWNbl6CR4qU0NAJVTh51SEq03r/Qsno0dzFk/O+CZu/Mepxddw5Xab+buehZGL0i+xwx5ScT48CVqLL0FGj84B58/WMWC+8UjCCATEGCSqGSIb3DQEHAaCCASIEggEeMIIBGjCCARYGCyqGSIb3DQEMCgECoIG0MIGxMBwGCiqGSIb3DQEMAQMwDgQIkE0qS5Rq5UUCAggABIGQmwsOJR/sQaCIyBntQc+I5V8fPALplOGQH6wMroW9T4f8kV8Wnw91H/Y2EtWrsWasRPxijdNZHvLQvzPgZXLa3bBH6W4mfQrZqrhaSwAlsuKHgabKUBmXF3HwROBso3JIjYMXZTrO4IHes2QhPIwcqE3aKy81BPEQTRseM/K9++xyqXZWKOaHqZCVyuFixoEkMVAwIwYJKoZIhvcNAQkVMRYEFKAIWfLRNDqM2KVzQyzG2t5ITg6AMCkGCSqGSIb3DQEJFDEcHhoAdwBpAGkAaQBuAGQAXwBpAE4AYQBlAHMARDAxMCEwCQYFKw4DAhoFAAQUnpO0/f1wj4cQB855ocRbYqVkH/UECJ/5xa6fb/DLAgIIAA=='], u'start': u'2018-06-23 21:24:39.163966', '_ansible_ignore_errors': None, 'failed': False}])
changed: [104.209.159.2 -> localhost] => (item=[u'jm', {'_ansible_parsed': True, 'stderr_lines': [], u'cmd': u'cat private/jm.p12 | base64', u'end': u'2018-06-23 21:24:39.449863', '_ansible_no_log': False, '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'changed': True, u'stdout': u'MIIEAwIBAzCCA8kGCSqGSIb3DQEHAaCCA7oEggO2MIIDsjCCAo8GCSqGSIb3DQEHBqCCAoAwggJ8AgEAMIICdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIMGQDAB3XuQoCAggAgIICSAgmdkn1IxUVpGcPnQzwQO9Hh3nQveoNzWXGOGEDf5eKKCam383PsPVmkG9VDgeC0vH3dLnlOBPcqcrkso4nmmtI90ldI8ebyOjSBzsCYes8L44492+OWAl6pNCSM1uNTS4dHBMDWI42rvSbCKz8gD4twhaPEh/rau+ce2dP9BZTVCH9bg/NTaWYeT6uU5b3bJInGmCJTL4857icVHjC/wIcyqrcz4ng5CyNcI8bKq6JV7lJPn94Dk6sl/ZXEmc2DaIlvukJiYumaF+LUVIhpDjSNF3FNgdJ81otysqvhDZA9xW8+qEp1PR093APZtLb2EWvKo3Lxo8X9OdgXObKfb90hWTiddThV2nWRNRsO2RFf1pCemRhfj54U66ah6YOXlnmWUsu0uP7VrofSVHF4sxxDEm8BKm0ubcbQh5NqjBvFUtxpixWUtA0hBhjMGNM/0tLsRt1O97LhHY2/8Uv9DP2Bc1SOITc2NS1dW8h5BRFlPqW5XeKOQ2B0BqQZW2isq+cyMnwCYNhru33fcLm7ofohEzY8RVwuq16xnPKzUgGovkmbcvMqFxbYkijMzCPxtT+s0W1ucBgtPdxsPrSJQt6lqjTu5Bew59Pagy6q9F4L0U169oKjton97zuGUMRmTav7wCqu9AVqlSPIDmTPoD4TP1tqnHdvb+5ldrLh/WErWffiGRBQ662AMZezPFsyOZEeHQWdi9YFp5Xjav3NtouuM8Sx3tjPHSPFouTQ0Sj6+llgBWzknfQaSVAWnEWIlvV9x2mSGgEMIIBGwYJKoZIhvcNAQcBoIIBDASCAQgwggEEMIIBAAYLKoZIhvcNAQwKAQKggbQwgbEwHAYKKoZIhvcNAQwBAzAOBAi8T4FpKKCFKgICCAAEgZC63vSM9aXbJT8l69QHyf3hZl+j8oulxcvcu5uRWz3U5UHf2zv88TxYIduxj3L3T0UpmIzMVYubSy+OZKr+RfSJzjTBBCTr0DPqBJ2MZO1fUU86CLclBGo9yODgsKZSxRdqMl/A7ssLkxIGv4W6wY3FxRnKo0TcW2pMHFTQlo0mQJtISQ2MenEjrjh/4bLgO1AxOjATBgkqhkiG9w0BCRQxBh4EAGoAbTAjBgkqhkiG9w0BCRUxFgQUU2TSolg7lek05orFLbY5CVZHbqMwMTAhMAkGBSsOAwIaBQAEFG/6lRxiDafeWeB6hGuqHcOyM3FNBAi2tfyxG1z0vAICCAA=', 'item': u'jm', u'delta': u'0:00:00.016118', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'warn': True, u'executable': None, u'chdir': u'configs/104.209.159.2/pki/', u'_raw_params': u'cat private/jm.p12 | base64', u'removes': None, u'creates': None, u'_uses_shell': True, u'stdin': None}}, 'stdout_lines': [u'MIIEAwIBAzCCA8kGCSqGSIb3DQEHAaCCA7oEggO2MIIDsjCCAo8GCSqGSIb3DQEHBqCCAoAwggJ8AgEAMIICdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIMGQDAB3XuQoCAggAgIICSAgmdkn1IxUVpGcPnQzwQO9Hh3nQveoNzWXGOGEDf5eKKCam383PsPVmkG9VDgeC0vH3dLnlOBPcqcrkso4nmmtI90ldI8ebyOjSBzsCYes8L44492+OWAl6pNCSM1uNTS4dHBMDWI42rvSbCKz8gD4twhaPEh/rau+ce2dP9BZTVCH9bg/NTaWYeT6uU5b3bJInGmCJTL4857icVHjC/wIcyqrcz4ng5CyNcI8bKq6JV7lJPn94Dk6sl/ZXEmc2DaIlvukJiYumaF+LUVIhpDjSNF3FNgdJ81otysqvhDZA9xW8+qEp1PR093APZtLb2EWvKo3Lxo8X9OdgXObKfb90hWTiddThV2nWRNRsO2RFf1pCemRhfj54U66ah6YOXlnmWUsu0uP7VrofSVHF4sxxDEm8BKm0ubcbQh5NqjBvFUtxpixWUtA0hBhjMGNM/0tLsRt1O97LhHY2/8Uv9DP2Bc1SOITc2NS1dW8h5BRFlPqW5XeKOQ2B0BqQZW2isq+cyMnwCYNhru33fcLm7ofohEzY8RVwuq16xnPKzUgGovkmbcvMqFxbYkijMzCPxtT+s0W1ucBgtPdxsPrSJQt6lqjTu5Bew59Pagy6q9F4L0U169oKjton97zuGUMRmTav7wCqu9AVqlSPIDmTPoD4TP1tqnHdvb+5ldrLh/WErWffiGRBQ662AMZezPFsyOZEeHQWdi9YFp5Xjav3NtouuM8Sx3tjPHSPFouTQ0Sj6+llgBWzknfQaSVAWnEWIlvV9x2mSGgEMIIBGwYJKoZIhvcNAQcBoIIBDASCAQgwggEEMIIBAAYLKoZIhvcNAQwKAQKggbQwgbEwHAYKKoZIhvcNAQwBAzAOBAi8T4FpKKCFKgICCAAEgZC63vSM9aXbJT8l69QHyf3hZl+j8oulxcvcu5uRWz3U5UHf2zv88TxYIduxj3L3T0UpmIzMVYubSy+OZKr+RfSJzjTBBCTr0DPqBJ2MZO1fUU86CLclBGo9yODgsKZSxRdqMl/A7ssLkxIGv4W6wY3FxRnKo0TcW2pMHFTQlo0mQJtISQ2MenEjrjh/4bLgO1AxOjATBgkqhkiG9w0BCRQxBh4EAGoAbTAjBgkqhkiG9w0BCRUxFgQUU2TSolg7lek05orFLbY5CVZHbqMwMTAhMAkGBSsOAwIaBQAEFG/6lRxiDafeWeB6hGuqHcOyM3FNBAi2tfyxG1z0vAICCAA='], u'start': u'2018-06-23 21:24:39.433745', '_ansible_ignore_errors': None, 'failed': False}])

TASK [vpn : Restrict permissions for the local private directories] **************************
changed: [104.209.159.2 -> localhost] => (item=configs/104.209.159.2)

RUNNING HANDLER [dns_adblocking : restart apparmor] ******************************************
changed: [104.209.159.2]

RUNNING HANDLER [vpn : restart strongswan] ***************************************************
changed: [104.209.159.2]

RUNNING HANDLER [vpn : daemon-reload] ********************************************************
changed: [104.209.159.2]

RUNNING HANDLER [vpn : restart iptables] *****************************************************
changed: [104.209.159.2]

TASK [vpn : strongSwan started] **************************************************************
ok: [104.209.159.2]

TASK [debug] *********************************************************************************
ok: [104.209.159.2] => {
    "msg": [
        [
            "\"#                          Congratulations!                            #\"", 
            "\"#                     Your Algo server is running.                     #\"", 
            "\"#    Config files and certificates are in the ./configs/ directory.    #\"", 
            "\"#              Go to https://whoer.net/ after connecting               #\"", 
            "\"#        and ensure that all your traffic passes through the VPN.      #\"", 
            "\"#               Local DNS resolver 172.16.0.1              #\"", 

[urielha]

I have the same problem. Deployed Algo to Azure and got success message but when I connect through Windows or Android phone no internet is available.

[jackivanov]

Here is a PR that might fix this problem. Could you try it?

[wiiind]

My windows 10 machine running WLS has been getting deployment errors below since April. I will try the fix again with my Mac when I get home and report back. Thanks!

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error creating or updating virtual machine algoAzuEaUs - Azure Error: InvalidParameter\nMessage: The value of parameter linuxConfiguration.ssh.publicKeys.keyData is invalid.\nTarget: linuxConfiguration.ssh.publicKeys.keyData"}

[urielha]

Hi @jackivanov , I installed into a new server using your branch (from Ubuntu client) and now the internet is working! I checked on both Windows 10 client and Android.

Thanks a lot :)

[wiiind]

The fix worked! Thanks for the quick resolution @jackivanov 👍