search

trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
28.66k stars 2.31k forks source link

No internet after fresh installation #1225

Closed sinkingfeeling closed 5 years ago

sinkingfeeling commented 5 years ago

Describe the bug

Just installed algo on a VPS running Ubuntu 16.04. Enabled the VPN via mobileconfig file and after the VPN connects I have no internet connectivity.

To Reproduce

Enable VPN.

Expected behavior

Expect to reach the world wide web.

Additional context

Add any other context about the problem here.

Full log

(env) root@algo:~/algo-master# ./algo

PLAY [Ask user for the input] **************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]
[pause]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Vultr
    5. Microsoft Azure
    6. Google Compute Engine
    7. Scaleway
    8. OpenStack (DreamCompute optimised)
    9. Install to existing Ubuntu 18.04 server (Advanced)

Enter the number of your desired provider
:
9

TASK [pause] *******************************************************************
ok: [localhost]

TASK [Set facts based on the input] ********************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]
:
y

TASK [pause] *******************************************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]
:
y

TASK [pause] *******************************************************************
ok: [localhost]
[pause]
List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:

TASK [pause] *******************************************************************
ok: [localhost]
[pause]
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]
:
n

TASK [pause] *******************************************************************
ok: [localhost]
[pause]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
n

TASK [pause] *******************************************************************
ok: [localhost]
[pause]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:
y

TASK [pause] *******************************************************************
ok: [localhost]
[pause]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:
n

TASK [pause] *******************************************************************
ok: [localhost]

TASK [Set facts based on the input] ********************************************
ok: [localhost]

PLAY [Provision the server] ****************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Ubuntu 16.04 LTS (Virtualized: kvm)
ZIP file created: 2018-11-27 01:09:33.000000000 -0500
Python 2.7.12
Runtime variables:
    algo_provider "local"
    algo_ondemand_cellular "True"
    algo_ondemand_wifi "True"
    algo_ondemand_wifi_exclude "_null"
    algo_local_dns "False"
    algo_ssh_tunneling "False"
    algo_windows "True"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] **************************************
changed: [localhost -> localhost]

TASK [Install the requirements] ************************************************
changed: [localhost -> localhost]

TASK [Generate the SSH private key] ********************************************
changed: [localhost]

TASK [Generate the SSH public key] *********************************************
changed: [localhost]
[local : pause]
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:
localhost

TASK [local : pause] ***********************************************************
ok: [localhost]

TASK [local : Set the facts] ***************************************************
ok: [localhost]

TASK [local : Set the facts] ***************************************************
ok: [localhost]
[local : pause]
Enter the public IP address of your server: (IMPORTANT! This IP is used to verify the certificate)
[localhost]
:
45.43.21.xxx

TASK [local : pause] ***********************************************************
ok: [localhost]

TASK [local : Set the facts] ***************************************************
ok: [localhost]

TASK [Set subjectAltName as afact] *********************************************
ok: [localhost]

TASK [Add the server to an inventory group] ************************************
changed: [localhost]

TASK [debug] *******************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "45.43.21.xxx"
}
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)

TASK [A short pause, in order to be sure the instance is ready] ****************
ok: [localhost]

PLAY [Configure the server and install required software] **********************

TASK [common : Check the system] ***********************************************
changed: [localhost]

TASK [common : include_tasks] **************************************************
included: /root/algo-master/roles/common/tasks/ubuntu.yml for localhost
ok: [localhost] => (item=[u'python2.7', u'sudo'])

TASK [common : Ubuntu | Install prerequisites] *********************************

TASK [common : Ubuntu | Configure defaults] ************************************
changed: [localhost]

TASK [common : Gather facts] ***************************************************
ok: [localhost]

TASK [common : Install unattended-upgrades] ************************************
changed: [localhost]

TASK [common : Configure unattended-upgrades] **********************************
changed: [localhost]

TASK [common : Periodic upgrades configured] ***********************************
changed: [localhost]

TASK [common : Unattended reboots configured] **********************************
changed: [localhost]
changed: [localhost] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'})
changed: [localhost] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})

TASK [common : Disable MOTD on login and SSHD] *********************************

TASK [common : Loopback for services configured] *******************************
changed: [localhost]
changed: [localhost] => (item=systemd-networkd)
changed: [localhost] => (item=systemd-resolved)

TASK [common : systemd services enabled and started] ***************************

RUNNING HANDLER [common : restart systemd-networkd] ****************************
changed: [localhost]

TASK [common : Check apparmor support] *****************************************
changed: [localhost]

TASK [common : set_fact] *******************************************************
ok: [localhost]

TASK [common : set_fact] *******************************************************
ok: [localhost]
ok: [localhost] => (item=git)
ok: [localhost] => (item=screen)
changed: [localhost] => (item=apparmor-utils)
ok: [localhost] => (item=uuid-runtime)
ok: [localhost] => (item=coreutils)
changed: [localhost] => (item=iptables-persistent)
changed: [localhost] => (item=cgroup-tools)
ok: [localhost] => (item=openssl)

TASK [common : Install tools] **************************************************
ok: [localhost] => (item=[u'linux-headers-generic', u'linux-headers-4.4.0-21-generic'])

TASK [common : Install headers] ************************************************

TASK [common : Generate password for the CA key] *******************************
changed: [localhost -> localhost]

TASK [common : Generate p12 export password] ***********************************
changed: [localhost -> localhost]

TASK [common : Define facts] ***************************************************
ok: [localhost]

TASK [common : set_fact] *******************************************************
ok: [localhost]

TASK [common : Set IPv6 support as a fact] *************************************
ok: [localhost]
changed: [localhost] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
changed: [localhost] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1})
changed: [localhost] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})

TASK [common : Sysctl tuning] **************************************************

TASK [dns_encryption : Include tasks for Ubuntu] *******************************
included: /root/algo-master/roles/dns_encryption/tasks/ubuntu.yml for localhost

TASK [dns_encryption : Add the repository] *************************************
changed: [localhost]

TASK [dns_encryption : Install dnscrypt-proxy] *********************************
changed: [localhost]

TASK [dns_encryption : Configure unattended-upgrades] **************************
changed: [localhost]

TASK [dns_encryption : Ubuntu | Unbound profile for apparmor configured] *******
changed: [localhost]

TASK [dns_encryption : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ****
ok: [localhost]

TASK [dns_encryption : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ***
changed: [localhost]

TASK [dns_encryption : Ubuntu | Add capabilities to bind ports] ****************
changed: [localhost]

TASK [dns_encryption : dnscrypt-proxy ip-blacklist configured] *****************
changed: [localhost]

TASK [dns_encryption : dnscrypt-proxy configured] ******************************
changed: [localhost]

TASK [dns_encryption : dnscrypt-proxy enabled and started] *********************
ok: [localhost]

RUNNING HANDLER [dns_encryption : restart dnscrypt-proxy] **********************
changed: [localhost]
changed: [localhost -> localhost] => (item=private)
changed: [localhost -> localhost] => (item=public)

TASK [wireguard : Ensure the required directories exist] ***********************

TASK [wireguard : Include tasks for Ubuntu] ************************************
included: /root/algo-master/roles/wireguard/tasks/ubuntu.yml for localhost

TASK [wireguard : WireGuard repository configured] *****************************
changed: [localhost]

TASK [wireguard : WireGuard installed] *****************************************
changed: [localhost]

TASK [wireguard : WireGuard reload-module-on-update] ***************************
changed: [localhost]

TASK [wireguard : Configure unattended-upgrades] *******************************
changed: [localhost]

TASK [wireguard : set_fact] ****************************************************
ok: [localhost]
changed: [localhost] => (item=jordan)
changed: [localhost] => (item=45.43.21.xxx)

TASK [wireguard : Generate private keys] ***************************************
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)

TASK [wireguard : Save private keys] *******************************************
changed: [localhost] => (item=jordan)
changed: [localhost] => (item=45.43.21.xxx)

TASK [wireguard : Touch the lock file] *****************************************
ok: [localhost] => (item=jordan)
ok: [localhost] => (item=45.43.21.xxx)

TASK [wireguard : Generate public keys] ****************************************
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)

TASK [wireguard : Save public keys] ********************************************
changed: [localhost -> localhost] => (item=jordan)

TASK [wireguard : WireGuard user list updated] *********************************

TASK [wireguard : set_fact] ****************************************************
ok: [localhost -> localhost]
changed: [localhost -> localhost] => (item=(0, u'jordan'))

TASK [wireguard : WireGuard users config generated] ****************************
ok: [localhost -> localhost] => (item=(0, u'jordan'))

TASK [wireguard : Generate QR codes] *******************************************

TASK [wireguard : WireGuard configured] ****************************************
changed: [localhost]

TASK [wireguard : WireGuard enabled and started] *******************************
changed: [localhost]

RUNNING HANDLER [wireguard : restart wireguard] ********************************
changed: [localhost]

TASK [vpn : Include WireGuard role] ********************************************
ok: [localhost -> localhost] => (item=private)
ok: [localhost -> localhost] => (item=public)

TASK [wireguard : Ensure the required directories exist] ***********************

TASK [wireguard : Include tasks for Ubuntu] ************************************
included: /root/algo-master/roles/wireguard/tasks/ubuntu.yml for localhost

TASK [wireguard : WireGuard repository configured] *****************************
ok: [localhost]

TASK [wireguard : WireGuard installed] *****************************************
ok: [localhost]

TASK [wireguard : WireGuard reload-module-on-update] ***************************
changed: [localhost]

TASK [wireguard : Configure unattended-upgrades] *******************************
ok: [localhost]

TASK [wireguard : set_fact] ****************************************************
ok: [localhost]
ok: [localhost] => (item=jordan)
ok: [localhost] => (item=45.43.21.xxx)

TASK [wireguard : Generate private keys] ***************************************
ok: [localhost] => (item=jordan)
ok: [localhost] => (item=45.43.21.xxx)

TASK [wireguard : Generate public keys] ****************************************
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)

TASK [wireguard : Save public keys] ********************************************
ok: [localhost -> localhost] => (item=jordan)

TASK [wireguard : WireGuard user list updated] *********************************

TASK [wireguard : set_fact] ****************************************************
ok: [localhost -> localhost]
ok: [localhost -> localhost] => (item=(0, u'jordan'))

TASK [wireguard : WireGuard users config generated] ****************************
ok: [localhost -> localhost] => (item=(0, u'jordan'))

TASK [wireguard : Generate QR codes] *******************************************

TASK [wireguard : WireGuard configured] ****************************************
ok: [localhost]

TASK [wireguard : WireGuard enabled and started] *******************************
ok: [localhost]

TASK [vpn : include_tasks] *****************************************************
included: /root/algo-master/roles/vpn/tasks/ubuntu.yml for localhost

TASK [vpn : set_fact] **********************************************************
ok: [localhost]

TASK [vpn : Ubuntu | Install strongSwan] ***************************************
changed: [localhost]
changed: [localhost] => (item=/usr/lib/ipsec/charon)
changed: [localhost] => (item=/usr/lib/ipsec/lookip)
changed: [localhost] => (item=/usr/lib/ipsec/stroke)

TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] ****************************
ok: [localhost] => (item=apparmor)
ok: [localhost] => (item=strongswan)
ok: [localhost] => (item=netfilter-persistent)

TASK [vpn : Ubuntu | Enable services] ******************************************

TASK [vpn : Ubuntu | Ensure that the strongswan service directory exist] *******
changed: [localhost]

TASK [vpn : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ********
changed: [localhost]

TASK [vpn : include_tasks] *****************************************************
included: /root/algo-master/roles/vpn/tasks/iptables.yml for localhost
changed: [localhost] => (item={u'dest': u'/etc/iptables/rules.v4', u'src': u'rules.v4.j2'})

TASK [vpn : Iptables configured] ***********************************************
changed: [localhost] => (item={u'dest': u'/etc/iptables/rules.v6', u'src': u'rules.v6.j2'})

TASK [vpn : Iptables configured] ***********************************************

TASK [vpn : Ensure that the strongswan user exist] *****************************
ok: [localhost]

TASK [vpn : Install strongSwan] ************************************************
ok: [localhost]
changed: [localhost] => (item={u'dest': u'/etc/strongswan.conf', u'src': u'strongswan.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.conf', u'src': u'ipsec.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.secrets', u'src': u'ipsec.secrets.j2', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})

TASK [vpn : Setup the config files from our templates] *************************

TASK [vpn : Get loaded plugins] ************************************************
changed: [localhost]
changed: [localhost] => (item=dnskey)
changed: [localhost] => (item=agent)
changed: [localhost] => (item=gmp)
changed: [localhost] => (item=attr)
changed: [localhost] => (item=rc2)
changed: [localhost] => (item=sshkey)
changed: [localhost] => (item=md4)
changed: [localhost] => (item=updown)
changed: [localhost] => (item=md5)
changed: [localhost] => (item=resolve)
changed: [localhost] => (item=fips-prf)
changed: [localhost] => (item=test-vectors)
changed: [localhost] => (item=connmark)
changed: [localhost] => (item=xcbc)
changed: [localhost] => (item=pkcs1)
changed: [localhost] => (item=sha1)
changed: [localhost] => (item=constraints)
changed: [localhost] => (item=pkcs12)
changed: [localhost] => (item=random)
changed: [localhost] => (item=pem)
changed: [localhost] => (item=pkcs8)
changed: [localhost] => (item=pkcs7)
changed: [localhost] => (item=gcm)
changed: [localhost] => (item=revocation)
changed: [localhost] => (item=pubkey)
changed: [localhost] => (item=openssl)
changed: [localhost] => (item=sha2)
changed: [localhost] => (item=socket-default)
changed: [localhost] => (item=pgp)
changed: [localhost] => (item=x509)
changed: [localhost] => (item=kernel-netlink)
changed: [localhost] => (item=aes)
changed: [localhost] => (item=stroke)
changed: [localhost] => (item=nonce)
changed: [localhost] => (item=hmac)

TASK [vpn : Set subjectAltName as a fact] **************************************
ok: [localhost -> localhost]
changed: [localhost -> localhost] => (item=ecparams)
changed: [localhost -> localhost] => (item=certs)
changed: [localhost -> localhost] => (item=crl)
changed: [localhost -> localhost] => (item=newcerts)
changed: [localhost -> localhost] => (item=private)
changed: [localhost -> localhost] => (item=public)
changed: [localhost -> localhost] => (item=reqs)

TASK [vpn : Ensure the pki directories exist] **********************************
changed: [localhost -> localhost] => (item=.rnd)
changed: [localhost -> localhost] => (item=private/.rnd)
changed: [localhost -> localhost] => (item=index.txt)
changed: [localhost -> localhost] => (item=index.txt.attr)
changed: [localhost -> localhost] => (item=serial)

TASK [vpn : Ensure the files exist] ********************************************

TASK [vpn : Generate the openssl server configs] *******************************
changed: [localhost -> localhost]

TASK [vpn : Build the CA pair] *************************************************
changed: [localhost -> localhost]

TASK [vpn : Copy the CA certificate] *******************************************
changed: [localhost -> localhost]

TASK [vpn : Generate the serial number] ****************************************
changed: [localhost -> localhost]

TASK [vpn : Build the server pair] *********************************************
changed: [localhost -> localhost]
changed: [localhost -> localhost] => (item=jordan)

TASK [vpn : Build the client's pair] *******************************************
changed: [localhost -> localhost] => (item=jordan)

TASK [vpn : Create links for the private keys] *********************************
changed: [localhost -> localhost] => (item=jordan)

TASK [vpn : Build openssh public keys] *****************************************
changed: [localhost -> localhost] => (item=jordan)

TASK [vpn : Build the client's p12] ********************************************
changed: [localhost -> localhost] => (item=jordan)

TASK [vpn : Copy the p12 certificates] *****************************************

TASK [vpn : Get active users] **************************************************
changed: [localhost -> localhost]
changed: [localhost] => (item={u'dest': u'/etc/ipsec.d/cacerts/ca.crt', u'src': u'configs/45.43.21.xxx/pki/cacert.pem', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.d/certs/45.43.21.xxx.crt', u'src': u'configs/45.43.21.xxx/pki/certs/45.43.21.xxx.crt', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.d/private/45.43.21.xxx.key', u'src': u'configs/45.43.21.xxx/pki/private/45.43.21.xxx.key', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})

TASK [vpn : Copy the keys to the strongswan directory] *************************
changed: [localhost -> localhost] => (item=jordan)

TASK [vpn : Register p12 PayloadContent] ***************************************

TASK [vpn : Set facts for mobileconfigs] ***************************************
ok: [localhost -> localhost]
changed: [localhost] => (item=None)

TASK [vpn : Build the mobileconfigs] *******************************************
changed: [localhost -> localhost] => (item=jordan)

TASK [vpn : Build the client ipsec config file] ********************************
changed: [localhost -> localhost] => (item=jordan)

TASK [vpn : Build the client ipsec secret file] ********************************
changed: [localhost -> localhost] => (item=[u'jordan', {'_ansible_parsed': True, 'stderr_lines': [], u'cmd': u'cat private/jordan.p12 | base64', u'end': u'2018-11-28 17:38:58.127483', '_ansible_no_log': False, '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'changed': True, u'stdout': u'MIIEgwIBAzCCBEkGCSqGSIb3DQEHAaCCBDoEggQ2MIIEMjCCAtcGCSqGSIb3DQEHBqCCAsgwggLE\nAgEAMIICvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIAP0tHJPMhDcCAggAgIICkNnD+xSo\ntZQO1hk6buM0WPunwbRdif7jz+tk/WAX4l6XuylkL+gZvNLh04MJYFVco5o8HGlx/Kebpb2XvoVT\nbCpCAnBVVUb++pIqoXxXZSwff9HOk3et7CAuTgzhPRgHLx3VPyqmCBB8lWkrPNXUzo7i8wyfckws\nblbACW84ncJgdKdNcZHkzINJs2lvItFNp9ZHDINRMQGzxdxeLy6xKJoUDgJ3h33ZCxqvjLuC1gkA\n6ODCtXsi/bdqrke4pEyKlBmdKueWGHNycIgnXLDbFLzPXDqemH5PWRdb07iKtF80/Z6XuecBjIl6\nvHta2rXuXCE6MmlTZD4no6qjTmxvW1dd18ep6MdG7MGdWfiV7rZWZ1rDe9xKRKyfmlz4ExjgRJAi\npRHV9eavys0aRYoHpqfYWQ95JVSdOgb1bw7lDUSU3fh50NW7/kzws80G8E7MfIQ5L/cSxIXX42g3\nvd8SwalAdToYiuKJOBN3GNKoMLXK8d6b0replxitc+MMzmbjhQhn13U55iRY1KQe5UppR5uOApO+\nb90xUWktbuDbXq0pV3SnrsEKfRDccw48bd0bSrXCRFYQjy/GMvIKwp5GUP5aeni8LL7tiDZFbRey\nWC6lLCQ4/DqZ8GNM7u8cT8sNz2viMY0wL88SbSWlHm/QxOF7WpsW5qoBkcBAR3BzPhI8vFnLJiqn\nrQ+xmcrxmH0/kliuluH2rJ+lI4h7i/4q9xJdgFoULWP0L0FfgEnRqx3Sp4ZtaEq1Ddf3+gXll8mG\naj1Vxnq3Ou/9uHk7FeMiG6s59nDvcSNpfudrF2xzQOkmp/vlBJz2E4o8OgopztDME3yIqsfb62Wp\nR0VNthGP25+1pwLDjvxM2gA1EdHC57ilMIIBUwYJKoZIhvcNAQcBoIIBRASCAUAwggE8MIIBOAYL\nKoZIhvcNAQwKAQKggeQwgeEwHAYKKoZIhvcNAQwBAzAOBAiZM5XIO3fvbgICCAAEgcBi4nLeWjCg\ngTCo3sKDxAfVBYZI8qTqAybLi1oefFBniOGVbEvXqgRZEXjTqr2hmy8xW4G5Ev9FzMbJOu1nFDde\nJu1QebvC2IQfk0HyPGWMRpsD5pFy1MspgZZlZsoElfATkEr6XthX+dfcw4r69UdBuwLhSHGFiXvU\nCFyPDRbhRVIFmnPyIsYcHouJqhw212LwFejYoIg0hDx6EbsC670qWNW41c2/k4Sw+0VtBGOL6Fxu\nzCpe/MnkjDG2E0/iEc4xQjAbBgkqhkiG9w0BCRQxDh4MAGoAbwByAGQAYQBuMCMGCSqGSIb3DQEJ\nFTEWBBQ+trOC1P4kCTUEr1vBmOgcY1uZQzAxMCEwCQYFKw4DAhoFAAQUqJDAFTXA7/gmjhwwPKNY\nq3itdu4ECBVrILpSetT/AgIIAA==', 'item': u'jordan', u'delta': u'0:00:00.002899', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': True, u'_raw_params': u'cat private/jordan.p12 | base64', u'removes': None, u'creates': None, u'chdir': u'configs/45.43.21.xxx/pki/', u'stdin': None}}, 'stdout_lines': [u'MIIEgwIBAzCCBEkGCSqGSIb3DQEHAaCCBDoEggQ2MIIEMjCCAtcGCSqGSIb3DQEHBqCCAsgwggLE', u'AgEAMIICvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIAP0tHJPMhDcCAggAgIICkNnD+xSo', u'tZQO1hk6buM0WPunwbRdif7jz+tk/WAX4l6XuylkL+gZvNLh04MJYFVco5o8HGlx/Kebpb2XvoVT', u'bCpCAnBVVUb++pIqoXxXZSwff9HOk3et7CAuTgzhPRgHLx3VPyqmCBB8lWkrPNXUzo7i8wyfckws', u'blbACW84ncJgdKdNcZHkzINJs2lvItFNp9ZHDINRMQGzxdxeLy6xKJoUDgJ3h33ZCxqvjLuC1gkA', u'6ODCtXsi/bdqrke4pEyKlBmdKueWGHNycIgnXLDbFLzPXDqemH5PWRdb07iKtF80/Z6XuecBjIl6', u'vHta2rXuXCE6MmlTZD4no6qjTmxvW1dd18ep6MdG7MGdWfiV7rZWZ1rDe9xKRKyfmlz4ExjgRJAi', u'pRHV9eavys0aRYoHpqfYWQ95JVSdOgb1bw7lDUSU3fh50NW7/kzws80G8E7MfIQ5L/cSxIXX42g3', u'vd8SwalAdToYiuKJOBN3GNKoMLXK8d6b0replxitc+MMzmbjhQhn13U55iRY1KQe5UppR5uOApO+', u'b90xUWktbuDbXq0pV3SnrsEKfRDccw48bd0bSrXCRFYQjy/GMvIKwp5GUP5aeni8LL7tiDZFbRey', u'WC6lLCQ4/DqZ8GNM7u8cT8sNz2viMY0wL88SbSWlHm/QxOF7WpsW5qoBkcBAR3BzPhI8vFnLJiqn', u'rQ+xmcrxmH0/kliuluH2rJ+lI4h7i/4q9xJdgFoULWP0L0FfgEnRqx3Sp4ZtaEq1Ddf3+gXll8mG', u'aj1Vxnq3Ou/9uHk7FeMiG6s59nDvcSNpfudrF2xzQOkmp/vlBJz2E4o8OgopztDME3yIqsfb62Wp', u'R0VNthGP25+1pwLDjvxM2gA1EdHC57ilMIIBUwYJKoZIhvcNAQcBoIIBRASCAUAwggE8MIIBOAYL', u'KoZIhvcNAQwKAQKggeQwgeEwHAYKKoZIhvcNAQwBAzAOBAiZM5XIO3fvbgICCAAEgcBi4nLeWjCg', u'gTCo3sKDxAfVBYZI8qTqAybLi1oefFBniOGVbEvXqgRZEXjTqr2hmy8xW4G5Ev9FzMbJOu1nFDde', u'Ju1QebvC2IQfk0HyPGWMRpsD5pFy1MspgZZlZsoElfATkEr6XthX+dfcw4r69UdBuwLhSHGFiXvU', u'CFyPDRbhRVIFmnPyIsYcHouJqhw212LwFejYoIg0hDx6EbsC670qWNW41c2/k4Sw+0VtBGOL6Fxu', u'zCpe/MnkjDG2E0/iEc4xQjAbBgkqhkiG9w0BCRQxDh4MAGoAbwByAGQAYQBuMCMGCSqGSIb3DQEJ', u'FTEWBBQ+trOC1P4kCTUEr1vBmOgcY1uZQzAxMCEwCQYFKw4DAhoFAAQUqJDAFTXA7/gmjhwwPKNY', u'q3itdu4ECBVrILpSetT/AgIIAA=='], u'start': u'2018-11-28 17:38:58.124584', '_ansible_ignore_errors': None, 'failed': False}])

TASK [vpn : Build the windows client powershell script] ************************
changed: [localhost -> localhost] => (item=configs/45.43.21.xxx)

TASK [vpn : Restrict permissions for the local private directories] ************

TASK [vpn : strongSwan started] ************************************************
ok: [localhost]

RUNNING HANDLER [dns_adblocking : restart apparmor] ****************************

RUNNING HANDLER [vpn : restart strongswan] *************************************
changed: [localhost]

RUNNING HANDLER [vpn : daemon-reload] ******************************************
changed: [localhost]

RUNNING HANDLER [vpn : restart iptables] ***************************************
changed: [localhost]

TASK [Delete the CA key] *******************************************************
changed: [localhost -> localhost]

TASK [Dump the configuration] **************************************************
changed: [localhost -> localhost]

TASK [Create a symlink if deploying to localhost] ******************************
changed: [localhost]

TASK [debug] *******************************************************************
ok: [localhost] => {
    "msg": [
        [
            "\"#                          Congratulations!                            #\"", 
            "\"#                     Your Algo server is running.                     #\"", 
            "\"#    Config files and certificates are in the ./configs/ directory.    #\"", 
            "\"#              Go to https://whoer.net/ after connecting               #\"", 
            "\"#        and ensure that all your traffic passes through the VPN.      #\"", 
            "\"#                     Local DNS resolver 172.16.0.1                    #\"", 
            ""
        ], 
        "    \"#        The p12 and SSH keys password for new users is dJDZF@i5       #\"\n", 
        "    ", 
        "    "
    ]
}

PLAY RECAP *********************************************************************
localhost                  : ok=142  changed=80   unreachable=0    failed=0

(env) root@algo:~# sudo wg sudo: unable to resolve host algo interface: wg0 public key: witJHpenMSDyLA80XBmLa41G2b5d9CS+BfMeJSvaDyw= private key: (hidden) listening port: 51820

peer: u3DMk/XzShAqcEChd78y31iU3NIAZIl8KE9DrUGDRms= allowed ips: 10.19.49.3/32, fd9d:bc11:4021::3/128

(env) root@algo:~# sudo ipsec statusall sudo: unable to resolve host algo Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-21-generic, x86_64): uptime: 14 minutes, since Nov 28 17:39:01 2018 malloc: sbrk 1486848, mmap 0, used 311536, free 1175312 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0 loaded plugins: charon aes sha2 random nonce x509 revocation pubkey pkcs7 pkcs8 pkcs12 pgp pem openssl hmac gcm kernel-netlink socket-default stroke Virtual IP pools (size/online/offline): 10.19.48.0/24: 254/0/1 fd9d:bc11:4020::/48: 2147483646/0/1 Listening IP addresses: 45.43.21.xxx 2605:fb80:e000:50b8::1 10.19.49.1 fd9d:bc11:4021::1 Connections: ikev2-pubkey: %any...%any IKEv2, dpddelay=35s ikev2-pubkey: local: [45.43.21.xxx] uses public key authentication ikev2-pubkey: cert: "CN=45.43.21.xxx" ikev2-pubkey: remote: uses public key authentication ikev2-pubkey: child: 0.0.0.0/0 ::/0 === dynamic TUNNEL, dpdaction=clear Security Associations (0 up, 0 connecting): none

(env) root@algo:~# service dnscrypt-proxy status ● dnscrypt-proxy.service - DNSCrypt-proxy client Loaded: loaded (/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/dnscrypt-proxy.service.d └─99-capabilities.conf Active: failed (Result: exit-code) since Wed 2018-11-28 17:37:23 EST; 16min ago Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki Main PID: 24657 (code=exited, status=255)

Nov 28 17:38:35 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:13] Unknown lvalue 'Pr Nov 28 17:38:35 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:14] Unknown lvalue 'Pr Nov 28 17:38:35 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:19] Unknown lvalue 'Dy Nov 28 17:38:35 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:20] Unknown lvalue 'Ca Nov 28 17:38:35 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:21] Unknown lvalue 'Lo Nov 28 17:39:01 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:13] Unknown lvalue 'Pr Nov 28 17:39:01 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:14] Unknown lvalue 'Pr Nov 28 17:39:01 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:19] Unknown lvalue 'Dy Nov 28 17:39:01 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:20] Unknown lvalue 'Ca Nov 28 17:39:01 algo systemd[1]: [/lib/systemd/system/dnscrypt-proxy.service:21] Unknown lvalue 'Lo lines 1-18/18 (END)

davidemyers commented 5 years ago 
9. Install to existing Ubuntu 18.04 server (Advanced)

Not 16.04.

sinkingfeeling commented 5 years ago 
9. Install to existing Ubuntu 18.04 server (Advanced)

Not 16.04.

Whoops. Didn't realize this was 18.04 only. I'll try again with a fresh install!

TC1977 commented 5 years ago

The most recent python 2.7.x version is 2.7.15, also.