search

trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
28.93k stars 2.32k forks source link

Wireguard not working in Scaleway #1122

Closed dserodio closed 6 years ago

dserodio commented 6 years ago

Describe the bug

After provisioning a new Scaleway instance with algo, wireguard service won't start

To Reproduce

Steps to reproduce the behavior:

Run ./algo script Choose 6 (Scaleway) provider Answer other prompts (wait some time for Ansible)

Expected behavior

Ansible should've finished successfully

Full log

dserodio@notebook$ ./algo

PLAY [Ask user for the input] ***************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [localhost]
[pause]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon EC2
    3. Vultr
    4. Microsoft Azure
    5. Google Compute Engine
    6. Scaleway
    7. OpenStack (DreamCompute optimised)
    8. Install to existing Ubuntu 18.04 server (Advanced)

Enter the number of your desired provider
:
6

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *********************************************************************************************************************************
ok: [localhost]
[pause]
Name the vpn server
[algo]
:

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]
:
n

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]
:
n

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]
:
y

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
y

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:
y

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:
n

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *********************************************************************************************************************************
ok: [localhost]

PLAY [Provision the server] *****************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Mac OS X 10.11.6
Created from git fork. Last commit: 8f090a3 Fix minor typos in Amazon EC2 setup documentation. (#1116)
Python 2.7.15
Runtime variables:
    algo_provider "scaleway"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "False"
    algo_ondemand_wifi_exclude "_null"
    algo_local_dns "True"
    algo_ssh_tunneling "True"
    algo_windows "True"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] ***************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Generate the SSH private key] *********************************************************************************************************************************
ok: [localhost]

TASK [Generate the SSH public key] **********************************************************************************************************************************
ok: [localhost]
[cloud-scaleway : pause]
Enter your auth token (https://www.scaleway.com/docs/generate-an-api-token/)
 (output is hidden):

TASK [cloud-scaleway : pause] ***************************************************************************************************************************************
ok: [localhost]
[cloud-scaleway : pause]
Enter your organization name (https://cloud.scaleway.com/#/billing)
:
Daniel Serodio

TASK [cloud-scaleway : pause] ***************************************************************************************************************************************
ok: [localhost]
[cloud-scaleway : pause]
What region should the server be located in?
    1. par1
    2. ams1

Enter the number of your desired region
[par1]
:
1

TASK [cloud-scaleway : pause] ***************************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Set scaleway facts] **************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Check if server exists] **********************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "connection": "close", "content": "{\"message\": \"Authentication error\", \"type\": \"invalid_auth\"}", "content_length": "59", "content_type": "application/json", "date": "Thu, 20 Sep 2018 03:03:39 GMT", "json": {"message": "Authentication error", "type": "invalid_auth"}, "msg": "Status code was 401 and not [200]: HTTP Error 401: UNAUTHORIZED", "redirected": false, "server": "Tengine", "status": 401, "url": "https://cp-par1.scaleway.com/servers"}

TASK [cloud-scaleway : debug] ***************************************************************************************************************************************
ok: [localhost] => {
    "fail_hint": [
        "Sorry, but something went wrong!",
        "Please check the troubleshooting guide.",
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}

TASK [cloud-scaleway : fail] ****************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP **********************************************************************************************************************************************************
localhost                  : ok=20   changed=1    unreachable=0    failed=2

⌂177% [:~/code/algo] master(+1/-2) 2 ± ./algo

PLAY [Ask user for the input] ***************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [localhost]
[pause]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon EC2
    3. Vultr
    4. Microsoft Azure
    5. Google Compute Engine
    6. Scaleway
    7. OpenStack (DreamCompute optimised)
    8. Install to existing Ubuntu 18.04 server (Advanced)

Enter the number of your desired provider
:
6

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *********************************************************************************************************************************
ok: [localhost]
[pause]
Name the vpn server
[algo]
:

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]
:
n

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]
:
n

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]
:
y

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
y

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:
y

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:
n

TASK [pause] ********************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *********************************************************************************************************************************
ok: [localhost]

PLAY [Provision the server] *****************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Mac OS X 10.11.6
Created from git fork. Last commit: 8f090a3 Fix minor typos in Amazon EC2 setup documentation. (#1116)
Python 2.7.15
Runtime variables:
    algo_provider "scaleway"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "False"
    algo_ondemand_wifi_exclude "_null"
    algo_local_dns "True"
    algo_ssh_tunneling "True"
    algo_windows "True"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] ***************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Generate the SSH private key] *********************************************************************************************************************************
ok: [localhost]

TASK [Generate the SSH public key] **********************************************************************************************************************************
ok: [localhost]
[cloud-scaleway : pause]
Enter your auth token (https://www.scaleway.com/docs/generate-an-api-token/)
 (output is hidden):

TASK [cloud-scaleway : pause] ***************************************************************************************************************************************
ok: [localhost]
[cloud-scaleway : pause]
Enter your organization name (https://cloud.scaleway.com/#/billing)
:
Daniel Serodio

TASK [cloud-scaleway : pause] ***************************************************************************************************************************************
ok: [localhost]
[cloud-scaleway : pause]
What region should the server be located in?
    1. par1
    2. ams1

Enter the number of your desired region
[par1]
:
1

TASK [cloud-scaleway : pause] ***************************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Set scaleway facts] **************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Check if server exists] **********************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Get the organization id] *********************************************************************************************************************
ok: [localhost]
ok: [localhost] => (item=None)

TASK [cloud-scaleway : Set organization id as a fact] ***************************************************************************************************************

TASK [cloud-scaleway : Get total count of images] *******************************************************************************************************************
ok: [localhost]
ok: [localhost] => (item=1)
ok: [localhost] => (item=2)
ok: [localhost] => (item=3)
ok: [localhost] => (item=4)
ok: [localhost] => (item=5)
ok: [localhost] => (item=6)
ok: [localhost] => (item=7)
ok: [localhost] => (item=8)
ok: [localhost] => (item=9)
ok: [localhost] => (item=10)

TASK [cloud-scaleway : Get images] **********************************************************************************************************************************

TASK [cloud-scaleway : Set image id as a fact] **********************************************************************************************************************
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/dserodio/code/algo/roles/cloud-scaleway/tasks/image_facts.yml for localhost
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)

TASK [cloud-scaleway : Create a server] *****************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Set server id as a fact] *********************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Power on the server] *************************************************************************************************************************
ok: [localhost]
FAILED - RETRYING: Wait for the server to become running (20 retries left).

TASK [cloud-scaleway : Wait for the server to become running] *******************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : set_fact] ************************************************************************************************************************************
ok: [localhost]

TASK [Set subjectAltName as afact] **********************************************************************************************************************************
ok: [localhost]

TASK [Add the server to an inventory group] *************************************************************************************************************************
changed: [localhost]

TASK [Additional variables for the server] **************************************************************************************************************************
changed: [localhost]

TASK [Wait until SSH becomes ready...] ******************************************************************************************************************************
ok: [localhost]

TASK [debug] ********************************************************************************************************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "51.158.74.146"
}
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)

TASK [A short pause, in order to be sure the instance is ready] *****************************************************************************************************
ok: [localhost]

PLAY [Configure the server and install required software] ***********************************************************************************************************

TASK [common : Check the system] ************************************************************************************************************************************
changed: [51.158.74.146]

TASK [common : include_tasks] ***************************************************************************************************************************************
included: /Users/dserodio/code/algo/roles/common/tasks/ubuntu.yml for 51.158.74.146
changed: [51.158.74.146] => (item=[u'python2.7', u'sudo'])

TASK [common : Ubuntu | Install prerequisites] **********************************************************************************************************************

TASK [common : Ubuntu | Configure defaults] *************************************************************************************************************************
changed: [51.158.74.146]

TASK [common : Gather facts] ****************************************************************************************************************************************
ok: [51.158.74.146]

TASK [common : Install software updates] ****************************************************************************************************************************
changed: [51.158.74.146]

TASK [common : Check if reboot is required] *************************************************************************************************************************
changed: [51.158.74.146]

TASK [common : Reboot] **********************************************************************************************************************************************
changed: [51.158.74.146]

TASK [common : Wait until SSH becomes ready...] *********************************************************************************************************************
ok: [51.158.74.146 -> localhost]

TASK [common : Install unattended-upgrades] *************************************************************************************************************************
ok: [51.158.74.146]

TASK [common : Configure unattended-upgrades] ***********************************************************************************************************************
changed: [51.158.74.146]

TASK [common : Periodic upgrades configured] ************************************************************************************************************************
changed: [51.158.74.146]

TASK [common : Unattended reboots configured] ***********************************************************************************************************************
changed: [51.158.74.146]
changed: [51.158.74.146] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'})
changed: [51.158.74.146] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})

TASK [common : Disable MOTD on login and SSHD] **********************************************************************************************************************

TASK [common : Loopback for services configured] ********************************************************************************************************************
changed: [51.158.74.146]
changed: [51.158.74.146] => (item=systemd-networkd)
ok: [51.158.74.146] => (item=systemd-resolved)

TASK [common : systemd services enabled and started] ****************************************************************************************************************

RUNNING HANDLER [common : restart systemd-networkd] *****************************************************************************************************************
changed: [51.158.74.146]

TASK [common : Check apparmor support] ******************************************************************************************************************************
changed: [51.158.74.146]

TASK [common : set_fact] ********************************************************************************************************************************************
ok: [51.158.74.146]

TASK [common : set_fact] ********************************************************************************************************************************************
ok: [51.158.74.146]
ok: [51.158.74.146] => (item=git)
ok: [51.158.74.146] => (item=screen)
changed: [51.158.74.146] => (item=apparmor-utils)
ok: [51.158.74.146] => (item=uuid-runtime)
ok: [51.158.74.146] => (item=coreutils)
changed: [51.158.74.146] => (item=iptables-persistent)
changed: [51.158.74.146] => (item=cgroup-tools)
changed: [51.158.74.146] => (item=openssl,linux-headers-4.15.0-20-generic)

TASK [common : Install tools] ***************************************************************************************************************************************

TASK [common : Generate password for the CA key] ********************************************************************************************************************
changed: [51.158.74.146 -> localhost]

TASK [common : Generate p12 export password] ************************************************************************************************************************
changed: [51.158.74.146 -> localhost]

TASK [common : Define facts] ****************************************************************************************************************************************
ok: [51.158.74.146]

TASK [common : set_fact] ********************************************************************************************************************************************
ok: [51.158.74.146]
changed: [51.158.74.146] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
changed: [51.158.74.146] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1})
changed: [51.158.74.146] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})

TASK [common : Sysctl tuning] ***************************************************************************************************************************************

TASK [dns_encryption : Include tasks for Ubuntu] ********************************************************************************************************************
included: /Users/dserodio/code/algo/roles/dns_encryption/tasks/ubuntu.yml for 51.158.74.146
FAILED - RETRYING: Add the repository (10 retries left).
FAILED - RETRYING: Add the repository (9 retries left).
FAILED - RETRYING: Add the repository (8 retries left).

TASK [dns_encryption : Add the repository] **************************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_encryption : Install dnscrypt-proxy] **********************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_encryption : Configure unattended-upgrades] ***************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_encryption : Ubuntu | Unbound profile for apparmor configured] ********************************************************************************************
changed: [51.158.74.146]

TASK [dns_encryption : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] *****************************************************************************************
ok: [51.158.74.146]

TASK [dns_encryption : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] *****************************************************************************
changed: [51.158.74.146]

TASK [dns_encryption : Ubuntu | Add capabilities to bind ports] *****************************************************************************************************
changed: [51.158.74.146]

TASK [dns_encryption : dnscrypt-proxy ip-blacklist configured] ******************************************************************************************************
changed: [51.158.74.146]

TASK [dns_encryption : dnscrypt-proxy configured] *******************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_encryption : dnscrypt-proxy enabled and started] **********************************************************************************************************
ok: [51.158.74.146]

RUNNING HANDLER [dns_encryption : restart dnscrypt-proxy] ***********************************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : Dnsmasq installed] ***************************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : The dnsmasq directory created] ***************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : include_tasks] *******************************************************************************************************************************
included: /Users/dserodio/code/algo/roles/dns_adblocking/tasks/ubuntu.yml for 51.158.74.146

TASK [dns_adblocking : Ubuntu | Dnsmasq profile for apparmor configured] ********************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : Ubuntu | Enforce the dnsmasq AppArmor policy] ************************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : Ubuntu | Ensure that the dnsmasq service directory exist] ************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : Ubuntu | Setup the cgroup limitations for the ipsec daemon] **********************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : Dnsmasq configured] **************************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : Adblock script created] **********************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : Adblock script added to cron] ****************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : Update adblock hosts] ************************************************************************************************************************
changed: [51.158.74.146]

RUNNING HANDLER [dns_adblocking : restart dnsmasq] ******************************************************************************************************************
changed: [51.158.74.146]

RUNNING HANDLER [vpn : daemon-reload] *******************************************************************************************************************************
changed: [51.158.74.146]

TASK [dns_adblocking : Dnsmasq enabled and started] *****************************************************************************************************************
ok: [51.158.74.146]

TASK [ssh_tunneling : Ensure that the sshd_config file has desired options] *****************************************************************************************
changed: [51.158.74.146]

TASK [ssh_tunneling : Ensure that the algo group exist] *************************************************************************************************************
changed: [51.158.74.146]

TASK [ssh_tunneling : Ensure that the jail directory exist] *********************************************************************************************************
changed: [51.158.74.146]
changed: [51.158.74.146] => (item=dserodio)

TASK [ssh_tunneling : Ensure that the SSH users exist] **************************************************************************************************************
changed: [51.158.74.146] => (item=dserodio)

TASK [ssh_tunneling : The authorized keys file created] *************************************************************************************************************

TASK [ssh_tunneling : Generate SSH fingerprints] ********************************************************************************************************************
changed: [51.158.74.146]
changed: [51.158.74.146] => (item=dserodio)

TASK [ssh_tunneling : Fetch users SSH private keys] *****************************************************************************************************************

TASK [ssh_tunneling : Fetch the known_hosts file] *******************************************************************************************************************
changed: [51.158.74.146 -> localhost]
changed: [51.158.74.146 -> localhost] => (item=dserodio)

TASK [ssh_tunneling : Build the client ssh config] ******************************************************************************************************************

TASK [ssh_tunneling : SSH | Get active system users] ****************************************************************************************************************
changed: [51.158.74.146]

TASK [vpn : Include WireGuard role] *********************************************************************************************************************************

TASK [wireguard : WireGuard repository configured] ******************************************************************************************************************
changed: [51.158.74.146]

TASK [wireguard : WireGuard installed] ******************************************************************************************************************************
changed: [51.158.74.146]

TASK [wireguard : Configure unattended-upgrades] ********************************************************************************************************************
changed: [51.158.74.146]
changed: [51.158.74.146 -> localhost] => (item=private)
changed: [51.158.74.146 -> localhost] => (item=public)

TASK [wireguard : Ensure the required directories exist] ************************************************************************************************************
changed: [51.158.74.146] => (item=dserodio)
changed: [51.158.74.146] => (item=51.158.74.146)

TASK [wireguard : Generate private keys] ****************************************************************************************************************************
changed: [51.158.74.146] => (item=None)
changed: [51.158.74.146] => (item=None)

TASK [wireguard : Save private keys] ********************************************************************************************************************************
changed: [51.158.74.146] => (item=dserodio)
changed: [51.158.74.146] => (item=51.158.74.146)

TASK [wireguard : Touch the lock file] ******************************************************************************************************************************
ok: [51.158.74.146] => (item=dserodio)
ok: [51.158.74.146] => (item=51.158.74.146)

TASK [wireguard : Generate public keys] *****************************************************************************************************************************
changed: [51.158.74.146] => (item=None)
changed: [51.158.74.146] => (item=None)

TASK [wireguard : Save public keys] *********************************************************************************************************************************

TASK [wireguard : WireGuard configured] *****************************************************************************************************************************
changed: [51.158.74.146]

TASK [wireguard : WireGuard reload-module-on-update] ****************************************************************************************************************
changed: [51.158.74.146]
changed: [51.158.74.146 -> localhost] => (item=(0, u'dserodio'))

TASK [wireguard : WireGuard users config generated] *****************************************************************************************************************

TASK [wireguard : WireGuard enabled and started] ********************************************************************************************************************
fatal: [51.158.74.146]: FAILED! => {"changed": false, "msg": "Unable to start service wg-quick@wg0: Job for wg-quick@wg0.service failed because the control process exited with error code.\nSee \"systemctl status wg-quick@wg0.service\" and \"journalctl -xe\" for details.\n"}

TASK [vpn : debug] **************************************************************************************************************************************************
ok: [51.158.74.146] => {
    "fail_hint": [
        "Sorry, but something went wrong!",
        "Please check the troubleshooting guide.",
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}

TASK [vpn : fail] ***************************************************************************************************************************************************
fatal: [51.158.74.146]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

RUNNING HANDLER [ssh_tunneling : restart ssh] ***********************************************************************************************************************

RUNNING HANDLER [wireguard : restart wireguard] *********************************************************************************************************************

PLAY RECAP **********************************************************************************************************************************************************
51.158.74.146              : ok=75   changed=60   unreachable=0    failed=2
localhost                  : ok=48   changed=3    unreachable=0    failed=0
$  ssh root@51.158.74.146
Warning: Permanently added '51.158.74.146' (ECDSA) to the list of known hosts.
Last login: Thu Sep 20 03:36:25 2018 from 179.95.159.241
root@algo# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 172.16.0.1/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 fcaa::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether de:1a:2c:12:e0:0a brd ff:ff:ff:ff:ff:ff
    inet 10.16.112.147/31 brd 10.16.112.147 scope global ens2
       valid_lft forever preferred_lft forever
    inet6 2001:bc8:4400:2c00::10:113/127 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::dc1a:2cff:fe12:e00a/64 scope link
       valid_lft forever preferred_lft forever
root@algo:~# systemctl start wg-quick@wg0
Job for wg-quick@wg0.service failed because the control process exited with error code.
See "systemctl status wg-quick@wg0.service" and "journalctl -xe" for details.
root@algo:~# systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; indirect; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2018-09-20 03:41:20 UTC; 13s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
  Process: 6515 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=1/FAILURE)
 Main PID: 6515 (code=exited, status=1/FAILURE)

Sep 20 03:41:20 algo systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Sep 20 03:41:20 algo wg-quick[6515]: [#] ip link add wg0 type wireguard
Sep 20 03:41:20 algo wg-quick[6515]: RTNETLINK answers: Operation not supported
Sep 20 03:41:20 algo wg-quick[6515]: [#] ip link delete dev wg0
Sep 20 03:41:20 algo wg-quick[6515]: Cannot find device "wg0"
Sep 20 03:41:20 algo systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=1/FAILURE
Sep 20 03:41:20 algo systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Sep 20 03:41:20 algo systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
TC1977 commented 6 years ago

See #1002. There's a workaround suggested there which succeeded.

jackivanov commented 6 years ago

Probably a duplicate of https://github.com/trailofbits/algo/issues/1103

stonedreamforest commented 5 years ago

@jackivanov @TC1977 LOG.txt

TC1977 commented 5 years ago

@jackivanov @TC1977 LOG.txt

So did you try the workaround in #1002?

stonedreamforest commented 5 years ago

@jackivanov @ TC1977 LOG.txt

所以你在#1002中尝试了解决方法吗?

yes i did it: new LOG.txt

stonedreamforest commented 5 years ago

If you need to reproduce the environment. I can give you the vps service password. and give me your e-mail

TC1977 commented 5 years ago

Well this is a local installation, so it’s not quite the same issue. The error says wg0 is already up. Can you simply sudo wg-quick down and try again?

stonedreamforest commented 5 years ago

there is syntax error? can't run:

root@wireguardVpn:/home/wireguard/algo# sudo wg-quick down
Usage: wg-quick [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ]

  CONFIG_FILE is a configuration file, whose filename is the interface name
  followed by `.conf'. Otherwise, INTERFACE is an interface name, with
  configuration found at /etc/wireguard/INTERFACE.conf. It is to be readable
  by wg(8)'s `setconf' sub-command, with the exception of the following additions
  to the [Interface] section, which are handled by wg-quick:

  - Address: may be specified one or more times and contains one or more
    IP addresses (with an optional CIDR mask) to be set for the interface.
  - DNS: an optional DNS server to use while the device is up.
  - MTU: an optional MTU for the interface; if unspecified, auto-calculated.
  - Table: an optional routing table to which routes will be added; if
    unspecified or `auto', the default table is used. If `off', no routes
    are added.
  - PreUp, PostUp, PreDown, PostDown: script snippets which will be executed
    by bash(1) at the corresponding phases of the link, most commonly used
    to configure DNS. The string `%i' is expanded to INTERFACE.
  - SaveConfig: if set to `true', the configuration is saved from the current
    state of the interface upon shutdown.

See wg-quick(8) for more info and examples.
stonedreamforest commented 5 years ago

any simple script to run it ? such as outline , it‘s so easy but can't pass my company Firewall, v2ray can pass Firewall, but i want try algo, algo Seems Safer And Faster 👍

TC1977 commented 5 years ago

Sorry, sudo wg-quick down wg0. Then try to run ./algo.

stonedreamforest commented 5 years ago

the same error message: new LOG 2.txt

TC1977 commented 5 years ago

That's not the same error message. You essentially finished, it just choked at the last part because you already had a directory there.

I think at least part of your problem is you're running ./algo repeatedly on a local install, and it's running into the leftover remnants of the previous failed installs. Also I don't know if it makes a difference, but you're not in a virtualenv.

How about sudo wg-quick down wg0, to turn Wireguard off again, sudo rm -r configs/localhost to remove that directory, then source env/bin/activate and the other commands listed in step 4, then ./algo.

stonedreamforest commented 5 years ago

it's wrong😂. new LOG 3.txt

TC1977 commented 5 years ago

I don't know why you were trying to install a virtualenv on top of a virtualenv 😅 , but you almost made it all the way through. Now the error you're getting is in the troubleshooting guide, and definitely related to the debris from your previous installs. Remove the lock files, run ./algo again (from within the virtualenv) and hopefully you'll be home free.