search

trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
28.98k stars 2.32k forks source link

Install fails with: "the python pyOpenSSL module is required" #1332

Closed adrianocr closed 5 years ago

adrianocr commented 5 years ago

Describe the bug

Towards the end of the tasks running I get the following failed error:

TASK [vpn : Create links for the private keys] ********************************************************************************************************************************
failed: [51.15.133.61 -> localhost] (item=phone) => {"changed": false, "item": "phone", "msg": "the python pyOpenSSL module is required"}
failed: [51.15.133.61 -> localhost] (item=laptop) => {"changed": false, "item": "laptop", "msg": "the python pyOpenSSL module is required"}
failed: [51.15.133.61 -> localhost] (item=desktop) => {"changed": false, "item": "desktop", "msg": "the python pyOpenSSL module is required"}

I tried both with Scaleway and digitalocean.

To Reproduce

Steps to reproduce the behavior:

  1. Clone current repo.
  2. Run ./algo
  3. Follow prompts.
  4. Wait until it fails.

Expected behavior

I expect it to fully install

Full log

PLAY [Ask user for the input] *************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************
ok: [localhost]
[pause]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Vultr
    5. Microsoft Azure
    6. Google Compute Engine
    7. Scaleway
    8. OpenStack (DreamCompute optimised)
    9. Install to existing Ubuntu 18.04 server (Advanced)

Enter the number of your desired provider
:
7

TASK [pause] ******************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *******************************************************************************************************************************************
ok: [localhost]
[pause]
Name the vpn server
[algo]
:

TASK [pause] ******************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]
:

TASK [pause] ******************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]
:

TASK [pause] ******************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]
:

TASK [pause] ******************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:

TASK [pause] ******************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:
y

TASK [pause] ******************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:
y

TASK [pause] ******************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *******************************************************************************************************************************************
ok: [localhost]

PLAY [Provision the server] ***************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Mac OS X 10.14.3
ZIP file created: Feb 17 15:38:18 2019
Python 2.7.15
Runtime variables:
    algo_provider "scaleway"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "False"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_local_dns "False"
    algo_ssh_tunneling "False"
    algo_windows "True"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] *************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Install the requirements] ***********************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Generate the SSH private key] *******************************************************************************************************************************************
changed: [localhost]

TASK [Generate the SSH public key] ********************************************************************************************************************************************
changed: [localhost]
[cloud-scaleway : pause]
Enter your auth token (https://www.scaleway.com/docs/generate-an-api-token/)
 (output is hidden):

TASK [cloud-scaleway : pause] *************************************************************************************************************************************************
ok: [localhost]
[cloud-scaleway : pause]
Enter your organization name (https://cloud.scaleway.com/#/billing)
:
Adriano Corte Real

TASK [cloud-scaleway : pause] *************************************************************************************************************************************************
ok: [localhost]
[cloud-scaleway : pause]
What region should the server be located in?
    1. par1
    2. ams1

Enter the number of your desired region
[par1]
:
1

TASK [cloud-scaleway : pause] *************************************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Set scaleway facts] ************************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Set disk size] *****************************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Check if server exists] ********************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Get the organization id] *******************************************************************************************************************************
ok: [localhost]
ok: [localhost] => (item=None)

TASK [cloud-scaleway : Set organization id as a fact] *************************************************************************************************************************

TASK [cloud-scaleway : Get total count of images] *****************************************************************************************************************************
ok: [localhost]
ok: [localhost] => (item=1)
ok: [localhost] => (item=2)
ok: [localhost] => (item=3)
ok: [localhost] => (item=4)
ok: [localhost] => (item=5)
ok: [localhost] => (item=6)
ok: [localhost] => (item=7)

TASK [cloud-scaleway : Get images] ********************************************************************************************************************************************

TASK [cloud-scaleway : Set image id as a fact] ********************************************************************************************************************************
included: /Users/adriano/Desktop/algo-master/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/adriano/Desktop/algo-master/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/adriano/Desktop/algo-master/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/adriano/Desktop/algo-master/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/adriano/Desktop/algo-master/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/adriano/Desktop/algo-master/roles/cloud-scaleway/tasks/image_facts.yml for localhost
included: /Users/adriano/Desktop/algo-master/roles/cloud-scaleway/tasks/image_facts.yml for localhost
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)
ok: [localhost] => (item=None)

TASK [cloud-scaleway : Create a server] ***************************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Set server id as a fact] *******************************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : Power on the server] ***********************************************************************************************************************************
ok: [localhost]
FAILED - RETRYING: Wait for the server to become running (20 retries left).
FAILED - RETRYING: Wait for the server to become running (19 retries left).

TASK [cloud-scaleway : Wait for the server to become running] *****************************************************************************************************************
ok: [localhost]

TASK [cloud-scaleway : set_fact] **********************************************************************************************************************************************
ok: [localhost]

TASK [Set subjectAltName as afact] ********************************************************************************************************************************************
ok: [localhost]

TASK [Add the server to an inventory group] ***********************************************************************************************************************************
changed: [localhost]

TASK [Additional variables for the server] ************************************************************************************************************************************
changed: [localhost]

TASK [Wait until SSH becomes ready...] ****************************************************************************************************************************************
ok: [localhost]

TASK [debug] ******************************************************************************************************************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "51.15.133.61"
}
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)

TASK [A short pause, in order to be sure the instance is ready] ***************************************************************************************************************
ok: [localhost]

PLAY [Configure the server and install required software] *********************************************************************************************************************

TASK [common : Check the system] **********************************************************************************************************************************************
changed: [51.15.133.61]

TASK [common : include_tasks] *************************************************************************************************************************************************
included: /Users/adriano/Desktop/algo-master/roles/common/tasks/ubuntu.yml for 51.15.133.61
changed: [51.15.133.61] => (item=['python2.7', 'sudo'])

TASK [common : Ubuntu | Install prerequisites] ********************************************************************************************************************************

TASK [common : Ubuntu | Configure defaults] ***********************************************************************************************************************************
changed: [51.15.133.61]

TASK [common : Gather facts] **************************************************************************************************************************************************
ok: [51.15.133.61]

TASK [common : Install software updates] **************************************************************************************************************************************
changed: [51.15.133.61]

TASK [common : Check if reboot is required] ***********************************************************************************************************************************
changed: [51.15.133.61]

TASK [common : Reboot] ********************************************************************************************************************************************************
changed: [51.15.133.61]

TASK [common : Wait until SSH becomes ready...] *******************************************************************************************************************************
ok: [51.15.133.61 -> localhost]

TASK [common : Install unattended-upgrades] ***********************************************************************************************************************************
ok: [51.15.133.61]

TASK [common : Configure unattended-upgrades] *********************************************************************************************************************************
changed: [51.15.133.61]

TASK [common : Periodic upgrades configured] **********************************************************************************************************************************
changed: [51.15.133.61]

TASK [common : Unattended reboots configured] *********************************************************************************************************************************
changed: [51.15.133.61]
changed: [51.15.133.61] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'})
changed: [51.15.133.61] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})

TASK [common : Disable MOTD on login and SSHD] ********************************************************************************************************************************

TASK [common : Loopback for services configured] ******************************************************************************************************************************
changed: [51.15.133.61]
changed: [51.15.133.61] => (item=systemd-networkd)
ok: [51.15.133.61] => (item=systemd-resolved)

TASK [common : systemd services enabled and started] **************************************************************************************************************************

RUNNING HANDLER [common : restart systemd-networkd] ***************************************************************************************************************************
changed: [51.15.133.61]

TASK [common : Check apparmor support] ****************************************************************************************************************************************
changed: [51.15.133.61]

TASK [common : set_fact] ******************************************************************************************************************************************************
ok: [51.15.133.61]

TASK [common : Generate password for the CA key] ******************************************************************************************************************************
changed: [51.15.133.61 -> localhost]

TASK [common : Generate p12 export password] **********************************************************************************************************************************
changed: [51.15.133.61 -> localhost]

TASK [common : Define facts] **************************************************************************************************************************************************
ok: [51.15.133.61]

TASK [common : set_fact] ******************************************************************************************************************************************************
ok: [51.15.133.61]

TASK [common : Set IPv6 support as a fact] ************************************************************************************************************************************
ok: [51.15.133.61]

TASK [common : Check size of MTU] *********************************************************************************************************************************************
ok: [51.15.133.61]

TASK [common : set_fact] ******************************************************************************************************************************************************
ok: [51.15.133.61]
ok: [51.15.133.61] => (item=git)
ok: [51.15.133.61] => (item=screen)
changed: [51.15.133.61] => (item=apparmor-utils)
ok: [51.15.133.61] => (item=uuid-runtime)
ok: [51.15.133.61] => (item=coreutils)
changed: [51.15.133.61] => (item=iptables-persistent)
changed: [51.15.133.61] => (item=cgroup-tools)
ok: [51.15.133.61] => (item=openssl)

TASK [common : Install tools] *************************************************************************************************************************************************
changed: [51.15.133.61] => (item=['linux-headers-generic', 'linux-headers-4.15.0-20-generic'])

TASK [common : Install headers] ***********************************************************************************************************************************************
changed: [51.15.133.61] => (item={'item': 'net.ipv4.ip_forward', 'value': 1})
changed: [51.15.133.61] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})
changed: [51.15.133.61] => (item={'item': 'net.ipv6.conf.all.forwarding', 'value': 1})

TASK [common : Sysctl tuning] *************************************************************************************************************************************************

TASK [dns_encryption : Include tasks for Ubuntu] ******************************************************************************************************************************
included: /Users/adriano/Desktop/algo-master/roles/dns_encryption/tasks/ubuntu.yml for 51.15.133.61

TASK [dns_encryption : Add the repository] ************************************************************************************************************************************
changed: [51.15.133.61]

TASK [dns_encryption : Install dnscrypt-proxy] ********************************************************************************************************************************
changed: [51.15.133.61]

TASK [dns_encryption : Configure unattended-upgrades] *************************************************************************************************************************
changed: [51.15.133.61]

TASK [dns_encryption : Ubuntu | Unbound profile for apparmor configured] ******************************************************************************************************
changed: [51.15.133.61]

TASK [dns_encryption : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ***************************************************************************************************
ok: [51.15.133.61]

TASK [dns_encryption : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ***************************************************************************************
changed: [51.15.133.61]

TASK [dns_encryption : Ubuntu | Add capabilities to bind ports] ***************************************************************************************************************
changed: [51.15.133.61]

TASK [dns_encryption : dnscrypt-proxy ip-blacklist configured] ****************************************************************************************************************
changed: [51.15.133.61]

TASK [dns_encryption : dnscrypt-proxy configured] *****************************************************************************************************************************
changed: [51.15.133.61]

TASK [dns_encryption : dnscrypt-proxy enabled and started] ********************************************************************************************************************
ok: [51.15.133.61]

RUNNING HANDLER [dns_encryption : restart dnscrypt-proxy] *********************************************************************************************************************
changed: [51.15.133.61]
changed: [51.15.133.61 -> localhost] => (item=private)
changed: [51.15.133.61 -> localhost] => (item=public)

TASK [wireguard : Ensure the required directories exist] **********************************************************************************************************************

TASK [wireguard : Include tasks for Ubuntu] ***********************************************************************************************************************************
included: /Users/adriano/Desktop/algo-master/roles/wireguard/tasks/ubuntu.yml for 51.15.133.61

TASK [wireguard : WireGuard repository configured] ****************************************************************************************************************************
changed: [51.15.133.61]

TASK [wireguard : WireGuard installed] ****************************************************************************************************************************************
changed: [51.15.133.61]

TASK [wireguard : WireGuard reload-module-on-update] **************************************************************************************************************************
changed: [51.15.133.61]

TASK [wireguard : Configure unattended-upgrades] ******************************************************************************************************************************
changed: [51.15.133.61]

TASK [wireguard : set_fact] ***************************************************************************************************************************************************
ok: [51.15.133.61]
changed: [51.15.133.61] => (item=phone)
changed: [51.15.133.61] => (item=laptop)
changed: [51.15.133.61] => (item=desktop)
changed: [51.15.133.61] => (item=51.15.133.61)

TASK [wireguard : Generate private keys] **************************************************************************************************************************************
changed: [51.15.133.61] => (item=None)
changed: [51.15.133.61] => (item=None)
changed: [51.15.133.61] => (item=None)
changed: [51.15.133.61] => (item=None)

TASK [wireguard : Save private keys] ******************************************************************************************************************************************
changed: [51.15.133.61] => (item=phone)
changed: [51.15.133.61] => (item=laptop)
changed: [51.15.133.61] => (item=desktop)
changed: [51.15.133.61] => (item=51.15.133.61)

TASK [wireguard : Touch the lock file] ****************************************************************************************************************************************
ok: [51.15.133.61] => (item=phone)
ok: [51.15.133.61] => (item=laptop)
ok: [51.15.133.61] => (item=desktop)
ok: [51.15.133.61] => (item=51.15.133.61)

TASK [wireguard : Generate public keys] ***************************************************************************************************************************************
changed: [51.15.133.61] => (item=None)
changed: [51.15.133.61] => (item=None)
changed: [51.15.133.61] => (item=None)
changed: [51.15.133.61] => (item=None)

TASK [wireguard : Save public keys] *******************************************************************************************************************************************
changed: [51.15.133.61 -> localhost] => (item=phone)
changed: [51.15.133.61 -> localhost] => (item=laptop)
changed: [51.15.133.61 -> localhost] => (item=desktop)

TASK [wireguard : WireGuard user list updated] ********************************************************************************************************************************

TASK [wireguard : set_fact] ***************************************************************************************************************************************************
ok: [51.15.133.61 -> localhost]
changed: [51.15.133.61 -> localhost] => (item=(0, 'phone'))
changed: [51.15.133.61 -> localhost] => (item=(1, 'laptop'))
changed: [51.15.133.61 -> localhost] => (item=(2, 'desktop'))

TASK [wireguard : WireGuard users config generated] ***************************************************************************************************************************
ok: [51.15.133.61 -> localhost] => (item=(0, 'phone'))
ok: [51.15.133.61 -> localhost] => (item=(1, 'laptop'))
ok: [51.15.133.61 -> localhost] => (item=(2, 'desktop'))

TASK [wireguard : Generate QR codes] ******************************************************************************************************************************************

TASK [wireguard : WireGuard configured] ***************************************************************************************************************************************
changed: [51.15.133.61]

TASK [wireguard : WireGuard enabled and started] ******************************************************************************************************************************
changed: [51.15.133.61]

RUNNING HANDLER [wireguard : restart wireguard] *******************************************************************************************************************************
changed: [51.15.133.61]

TASK [vpn : Include WireGuard role] *******************************************************************************************************************************************
ok: [51.15.133.61 -> localhost] => (item=private)
ok: [51.15.133.61 -> localhost] => (item=public)

TASK [wireguard : Ensure the required directories exist] **********************************************************************************************************************

TASK [wireguard : Include tasks for Ubuntu] ***********************************************************************************************************************************
included: /Users/adriano/Desktop/algo-master/roles/wireguard/tasks/ubuntu.yml for 51.15.133.61

TASK [wireguard : WireGuard repository configured] ****************************************************************************************************************************
ok: [51.15.133.61]

TASK [wireguard : WireGuard installed] ****************************************************************************************************************************************
ok: [51.15.133.61]

TASK [wireguard : WireGuard reload-module-on-update] **************************************************************************************************************************
changed: [51.15.133.61]

TASK [wireguard : Configure unattended-upgrades] ******************************************************************************************************************************
ok: [51.15.133.61]

TASK [wireguard : set_fact] ***************************************************************************************************************************************************
ok: [51.15.133.61]
ok: [51.15.133.61] => (item=phone)
ok: [51.15.133.61] => (item=laptop)
ok: [51.15.133.61] => (item=desktop)
ok: [51.15.133.61] => (item=51.15.133.61)

TASK [wireguard : Generate private keys] **************************************************************************************************************************************
ok: [51.15.133.61] => (item=phone)
ok: [51.15.133.61] => (item=laptop)
ok: [51.15.133.61] => (item=desktop)
ok: [51.15.133.61] => (item=51.15.133.61)

TASK [wireguard : Generate public keys] ***************************************************************************************************************************************
ok: [51.15.133.61] => (item=None)
ok: [51.15.133.61] => (item=None)
ok: [51.15.133.61] => (item=None)
ok: [51.15.133.61] => (item=None)

TASK [wireguard : Save public keys] *******************************************************************************************************************************************
ok: [51.15.133.61 -> localhost] => (item=phone)
ok: [51.15.133.61 -> localhost] => (item=laptop)
ok: [51.15.133.61 -> localhost] => (item=desktop)

TASK [wireguard : WireGuard user list updated] ********************************************************************************************************************************

TASK [wireguard : set_fact] ***************************************************************************************************************************************************
ok: [51.15.133.61 -> localhost]
ok: [51.15.133.61 -> localhost] => (item=(0, 'phone'))
ok: [51.15.133.61 -> localhost] => (item=(1, 'laptop'))
ok: [51.15.133.61 -> localhost] => (item=(2, 'desktop'))

TASK [wireguard : WireGuard users config generated] ***************************************************************************************************************************
ok: [51.15.133.61 -> localhost] => (item=(0, 'phone'))
ok: [51.15.133.61 -> localhost] => (item=(1, 'laptop'))
ok: [51.15.133.61 -> localhost] => (item=(2, 'desktop'))

TASK [wireguard : Generate QR codes] ******************************************************************************************************************************************

TASK [wireguard : WireGuard configured] ***************************************************************************************************************************************
ok: [51.15.133.61]

TASK [wireguard : WireGuard enabled and started] ******************************************************************************************************************************
ok: [51.15.133.61]

TASK [vpn : include_tasks] ****************************************************************************************************************************************************
included: /Users/adriano/Desktop/algo-master/roles/vpn/tasks/ubuntu.yml for 51.15.133.61

TASK [vpn : set_fact] *********************************************************************************************************************************************************
ok: [51.15.133.61]

TASK [vpn : Ubuntu | Install strongSwan] **************************************************************************************************************************************
changed: [51.15.133.61]
changed: [51.15.133.61] => (item=/usr/lib/ipsec/charon)
changed: [51.15.133.61] => (item=/usr/lib/ipsec/lookip)
changed: [51.15.133.61] => (item=/usr/lib/ipsec/stroke)

TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] ***************************************************************************************************************************
ok: [51.15.133.61] => (item=apparmor)
ok: [51.15.133.61] => (item=strongswan)
ok: [51.15.133.61] => (item=netfilter-persistent)

TASK [vpn : Ubuntu | Enable services] *****************************************************************************************************************************************

TASK [vpn : Ubuntu | Ensure that the strongswan service directory exist] ******************************************************************************************************
changed: [51.15.133.61]

TASK [vpn : Ubuntu | Setup the cgroup limitations for the ipsec daemon] *******************************************************************************************************
changed: [51.15.133.61]

TASK [vpn : include_tasks] ****************************************************************************************************************************************************
included: /Users/adriano/Desktop/algo-master/roles/vpn/tasks/iptables.yml for 51.15.133.61
changed: [51.15.133.61] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})

TASK [vpn : Iptables configured] **********************************************************************************************************************************************
changed: [51.15.133.61] => (item={'src': 'rules.v6.j2', 'dest': '/etc/iptables/rules.v6'})

TASK [vpn : Iptables configured] **********************************************************************************************************************************************

TASK [vpn : Ensure that the strongswan user exist] ****************************************************************************************************************************
ok: [51.15.133.61]

TASK [vpn : Install strongSwan] ***********************************************************************************************************************************************
ok: [51.15.133.61]
changed: [51.15.133.61] => (item={'src': 'strongswan.conf.j2', 'dest': '/etc/strongswan.conf', 'owner': 'root', 'group': 'root', 'mode': '0644'})
changed: [51.15.133.61] => (item={'src': 'ipsec.conf.j2', 'dest': '/etc/ipsec.conf', 'owner': 'root', 'group': 'root', 'mode': '0644'})
changed: [51.15.133.61] => (item={'src': 'ipsec.secrets.j2', 'dest': '/etc/ipsec.secrets', 'owner': 'strongswan', 'group': 'root', 'mode': '0600'})

TASK [vpn : Setup the config files from our templates] ************************************************************************************************************************

TASK [vpn : Get loaded plugins] ***********************************************************************************************************************************************
changed: [51.15.133.61]
changed: [51.15.133.61] => (item=sha1)
changed: [51.15.133.61] => (item=pkcs1)
changed: [51.15.133.61] => (item=agent)
changed: [51.15.133.61] => (item=resolve)
changed: [51.15.133.61] => (item=eap-mschapv2)
changed: [51.15.133.61] => (item=gmp)
changed: [51.15.133.61] => (item=dnskey)
changed: [51.15.133.61] => (item=xcbc)
changed: [51.15.133.61] => (item=rc2)
changed: [51.15.133.61] => (item=sshkey)
changed: [51.15.133.61] => (item=updown)
changed: [51.15.133.61] => (item=bypass-lan)
changed: [51.15.133.61] => (item=xauth-generic)
changed: [51.15.133.61] => (item=attr)
changed: [51.15.133.61] => (item=md5)
changed: [51.15.133.61] => (item=constraints)
changed: [51.15.133.61] => (item=md4)
changed: [51.15.133.61] => (item=connmark)
changed: [51.15.133.61] => (item=mgf1)
changed: [51.15.133.61] => (item=counters)
changed: [51.15.133.61] => (item=fips-prf)
changed: [51.15.133.61] => (item=aesni)
changed: [51.15.133.61] => (item=pem)
changed: [51.15.133.61] => (item=gcm)
changed: [51.15.133.61] => (item=aes)
changed: [51.15.133.61] => (item=pkcs8)
changed: [51.15.133.61] => (item=random)
changed: [51.15.133.61] => (item=sha2)
changed: [51.15.133.61] => (item=pgp)
changed: [51.15.133.61] => (item=revocation)
changed: [51.15.133.61] => (item=pubkey)
changed: [51.15.133.61] => (item=kernel-netlink)
changed: [51.15.133.61] => (item=openssl)
changed: [51.15.133.61] => (item=stroke)
changed: [51.15.133.61] => (item=nonce)
changed: [51.15.133.61] => (item=pkcs12)
changed: [51.15.133.61] => (item=socket-default)
changed: [51.15.133.61] => (item=pkcs7)
changed: [51.15.133.61] => (item=x509)
changed: [51.15.133.61] => (item=hmac)

TASK [vpn : Set subjectAltName as a fact] *************************************************************************************************************************************
ok: [51.15.133.61 -> localhost]
changed: [51.15.133.61 -> localhost] => (item=ecparams)
changed: [51.15.133.61 -> localhost] => (item=certs)
changed: [51.15.133.61 -> localhost] => (item=crl)
changed: [51.15.133.61 -> localhost] => (item=newcerts)
changed: [51.15.133.61 -> localhost] => (item=private)
changed: [51.15.133.61 -> localhost] => (item=public)
changed: [51.15.133.61 -> localhost] => (item=reqs)

TASK [vpn : Ensure the pki directories exist] *********************************************************************************************************************************
changed: [51.15.133.61 -> localhost] => (item=.rnd)
changed: [51.15.133.61 -> localhost] => (item=private/.rnd)
changed: [51.15.133.61 -> localhost] => (item=index.txt)
changed: [51.15.133.61 -> localhost] => (item=index.txt.attr)
changed: [51.15.133.61 -> localhost] => (item=serial)

TASK [vpn : Ensure the files exist] *******************************************************************************************************************************************

TASK [vpn : Generate the openssl server configs] ******************************************************************************************************************************
changed: [51.15.133.61 -> localhost]

TASK [vpn : Build the CA pair] ************************************************************************************************************************************************
changed: [51.15.133.61 -> localhost]

TASK [vpn : Copy the CA certificate] ******************************************************************************************************************************************
changed: [51.15.133.61 -> localhost]

TASK [vpn : Generate the serial number] ***************************************************************************************************************************************
changed: [51.15.133.61 -> localhost]

TASK [vpn : Build the server pair] ********************************************************************************************************************************************
changed: [51.15.133.61 -> localhost]
changed: [51.15.133.61 -> localhost] => (item=phone)
changed: [51.15.133.61 -> localhost] => (item=laptop)
changed: [51.15.133.61 -> localhost] => (item=desktop)

TASK [vpn : Build the client's pair] ******************************************************************************************************************************************
changed: [51.15.133.61 -> localhost] => (item=phone)
changed: [51.15.133.61 -> localhost] => (item=laptop)
changed: [51.15.133.61 -> localhost] => (item=desktop)

TASK [vpn : Create links for the private keys] ********************************************************************************************************************************
failed: [51.15.133.61 -> localhost] (item=phone) => {"changed": false, "item": "phone", "msg": "the python pyOpenSSL module is required"}
failed: [51.15.133.61 -> localhost] (item=laptop) => {"changed": false, "item": "laptop", "msg": "the python pyOpenSSL module is required"}
failed: [51.15.133.61 -> localhost] (item=desktop) => {"changed": false, "item": "desktop", "msg": "the python pyOpenSSL module is required"}

TASK [vpn : Build openssh public keys] ****************************************************************************************************************************************

TASK [vpn : debug] ************************************************************************************************************************************************************
ok: [51.15.133.61] => {
    "fail_hint": [
        "Sorry, but something went wrong!",
        "Please check the troubleshooting guide.",
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}

TASK [vpn : fail] *************************************************************************************************************************************************************
fatal: [51.15.133.61]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

RUNNING HANDLER [dns_adblocking : restart apparmor] ***************************************************************************************************************************

RUNNING HANDLER [vpn : restart strongswan] ************************************************************************************************************************************

RUNNING HANDLER [vpn : daemon-reload] *****************************************************************************************************************************************

RUNNING HANDLER [vpn : restart iptables] **************************************************************************************************************************************

PLAY RECAP ********************************************************************************************************************************************************************
51.15.133.61               : ok=103  changed=62   unreachable=0    failed=2
localhost                  : ok=47   changed=6    unreachable=0    failed=0
davidemyers commented 5 years ago

Your version of Python is different than mine for some reason. Is it possible you have a Python virtual environment already activated before you run ./algo? If so, be sure to deactivate it first.

jackivanov commented 5 years ago

Something wrong in your environment. Try to clean up everything or just download Algo to a new empty folder and start from scratch.

alassek commented 5 years ago

Note for others: this happened to me because I had both python versions installed via homebrew on macOS, and while it was running under the correct python version, the pip command was linked to pip3.

The resolution is, replace python -m pip with pip2