search

trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
28.65k stars 2.31k forks source link

TASK [ssh_tunneling : Build ssh private keys #14175

Closed Alif112 closed 3 years ago

Alif112 commented 3 years ago

Full log

(.env) alif@AlifREVE:~/vpn/algo$ sudo ./algo
[sudo] password for alif: 
[WARNING]: Could not match supplied host pattern, ignoring: vpn-host

PLAY [localhost] ***********************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************
ok: [localhost]

TASK [Playbook dir stat] ***************************************************************************************************************
ok: [localhost]

TASK [Ensure Ansible is not being run in a world writable directory] *******************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Ensure the requirements installed] ***********************************************************************************************
ok: [localhost]

TASK [Set required ansible version as a fact] ******************************************************************************************
ok: [localhost] => (item=ansible==2.9.7)

TASK [Verify Python meets Algo VPN requirements] ***************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verify Ansible meets Algo VPN requirements] **************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log

PLAY [Ask user for the input] **********************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Microsoft Azure
    5. Google Compute Engine
    6. Hetzner Cloud
    7. Vultr
    8. Scaleway
    9. OpenStack (DreamCompute optimised)
    10. CloudStack (Exoscale optimised)
    11. Linode
    12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)

Enter the number of your desired provider
:
[[
TASK [Cloud prompt] ********************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] ****************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:
[[
TASK [Cellular On Demand prompt] *******************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
y^M
TASK [Wi-Fi On Demand prompt] **********************************************************************************************************
ok: [localhost]
[[[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:
[[
TASK [Trusted Wi-Fi networks prompt] ***************************************************************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:
[[
TASK [Retain the PKI prompt] ***********************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:
[[
TASK [DNS adblocking prompt] ***********************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
[[
TASK [SSH tunneling prompt] ************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] ****************************************************************************************************
ok: [localhost]

PLAY [Provision the server] ************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Ubuntu 18.04.5 LTS
Created from git clone. Last commit: 70f9f91 Fix typo (#14145)
Python 3.6.9
Runtime variables:
    algo_provider "local"
    algo_ondemand_cellular "True"
    algo_ondemand_wifi "True"
    algo_ondemand_wifi_exclude "eQ=="
    algo_dns_adblocking "True"
    algo_ssh_tunneling "True"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] **********************************************************************************************
changed: [localhost -> localhost]

TASK [Install the requirements] ********************************************************************************************************
ok: [localhost -> localhost]
[local : pause]
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:
[[
TASK [local : pause] *******************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] ***********************************************************************************************************
ok: [localhost]
[local : pause]
Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[localhost]
:
[[
TASK [local : pause] *******************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] ***********************************************************************************************************
ok: [localhost]

TASK [Set subjectAltName as a fact] ****************************************************************************************************
ok: [localhost]

TASK [Add the server to an inventory group] ********************************************************************************************
changed: [localhost]

TASK [debug] ***************************************************************************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "119.148.4.18"
}
[WARNING]: Reset is not implemented for this connection

TASK [Wait 600 seconds for target connection to become reachable/usable] ***************************************************************
ok: [localhost -> localhost] => (item=localhost)

PLAY [Configure the server and install required software] ******************************************************************************

TASK [common : Check the system] *******************************************************************************************************
ok: [localhost]
included: /home/alif/vpn/algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] ***********************************************************************************************************
ok: [localhost]

TASK [common : Install unattended-upgrades] ********************************************************************************************
ok: [localhost]

TASK [common : Configure unattended-upgrades] ******************************************************************************************
ok: [localhost]

TASK [common : Periodic upgrades configured] *******************************************************************************************
ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] *****************************************************************************************
ok: [localhost] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'})
changed: [localhost] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})

TASK [common : Ensure fallback resolvers are set] **************************************************************************************
changed: [localhost]

TASK [common : Loopback for services configured] ***************************************************************************************
changed: [localhost]

TASK [common : systemd services enabled and started] ***********************************************************************************
changed: [localhost] => (item=systemd-networkd)
changed: [localhost] => (item=systemd-resolved)

RUNNING HANDLER [common : restart systemd-networkd] ************************************************************************************
changed: [localhost]

RUNNING HANDLER [common : restart systemd-resolved] ************************************************************************************
changed: [localhost]

TASK [common : Check apparmor support] *************************************************************************************************
ok: [localhost]

TASK [common : Set fact if apparmor enabled] *******************************************************************************************
ok: [localhost]

TASK [common : Define facts] ***********************************************************************************************************
ok: [localhost]

TASK [common : Set facts] **************************************************************************************************************
ok: [localhost]

TASK [common : Set IPv6 support as a fact] *********************************************************************************************
ok: [localhost]

TASK [common : Check size of MTU] ******************************************************************************************************
ok: [localhost]

TASK [common : Set OS specific facts] **************************************************************************************************
ok: [localhost]

TASK [common : Install tools] **********************************************************************************************************
changed: [localhost]
included: /home/alif/vpn/algo/roles/common/tasks/iptables.yml for localhost

TASK [common : Iptables configured] ****************************************************************************************************
changed: [localhost] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})

TASK [common : Sysctl tuning] **********************************************************************************************************
changed: [localhost] => (item={'item': 'net.ipv4.ip_forward', 'value': 1})
changed: [localhost] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})

RUNNING HANDLER [common : restart iptables] ********************************************************************************************
changed: [localhost]
included: /home/alif/vpn/algo/roles/dns/tasks/ubuntu.yml for localhost

TASK [dns : Add the repository] ********************************************************************************************************
changed: [localhost]

TASK [dns : Configure unattended-upgrades] *********************************************************************************************
changed: [localhost]

TASK [dns : Install dnscrypt-proxy] ****************************************************************************************************
changed: [localhost]

TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] *********************************************************************
changed: [localhost]

TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ***********************************************************************
ok: [localhost]

TASK [dns : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ***********************************************************
changed: [localhost]

TASK [dns : Ubuntu | Add custom requirements to successfully start the unit] ***********************************************************
changed: [localhost]

TASK [dns : dnscrypt-proxy ip-blacklist configured] ************************************************************************************
changed: [localhost]

TASK [dns : dnscrypt-proxy configured] *************************************************************************************************
changed: [localhost]

TASK [dns : Adblock script created] ****************************************************************************************************
changed: [localhost]

TASK [dns : Adblock script added to cron] **********************************************************************************************
changed: [localhost]

TASK [dns : Update adblock hosts] ******************************************************************************************************
ok: [localhost]
[WARNING]: flush_handlers task does not support when conditional

RUNNING HANDLER [dns : restart dnscrypt-proxy] *****************************************************************************************
changed: [localhost]

TASK [dns : dnscrypt-proxy enabled and started] ****************************************************************************************
ok: [localhost]

TASK [wireguard : Ensure the required directories exist] *******************************************************************************
changed: [localhost -> localhost] => (item=configs/119.148.4.18/wireguard//.pki//preshared)
changed: [localhost -> localhost] => (item=configs/119.148.4.18/wireguard//.pki//private)
changed: [localhost -> localhost] => (item=configs/119.148.4.18/wireguard//.pki//public)
changed: [localhost -> localhost] => (item=configs/119.148.4.18/wireguard//apple/ios)
changed: [localhost -> localhost] => (item=configs/119.148.4.18/wireguard//apple/macos)
included: /home/alif/vpn/algo/roles/wireguard/tasks/ubuntu.yml for localhost

TASK [wireguard : WireGuard installed] *************************************************************************************************
changed: [localhost]

TASK [wireguard : Set OS specific facts] ***********************************************************************************************
ok: [localhost]

TASK [wireguard : Generate private keys] ***********************************************************************************************
changed: [localhost] => (item=phone)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)
changed: [localhost] => (item=119.148.4.18)

TASK [wireguard : Save private keys] ***************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [wireguard : Touch the lock file] *************************************************************************************************
changed: [localhost] => (item=phone)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)
changed: [localhost] => (item=119.148.4.18)

TASK [wireguard : Generate preshared keys] *********************************************************************************************
changed: [localhost] => (item=phone)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)
changed: [localhost] => (item=119.148.4.18)

TASK [wireguard : Save preshared keys] *************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [wireguard : Touch the preshared lock file] ***************************************************************************************
changed: [localhost] => (item=phone)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)
changed: [localhost] => (item=119.148.4.18)

TASK [wireguard : Generate public keys] ************************************************************************************************
ok: [localhost] => (item=phone)
ok: [localhost] => (item=laptop)
ok: [localhost] => (item=desktop)
ok: [localhost] => (item=119.148.4.18)

TASK [wireguard : Save public keys] ****************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [wireguard : WireGuard user list updated] *****************************************************************************************
changed: [localhost -> localhost] => (item=phone)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [wireguard : set_fact] ************************************************************************************************************
ok: [localhost -> localhost]

TASK [wireguard : WireGuard users config generated] ************************************************************************************
changed: [localhost -> localhost] => (item=[0, 'phone'])
changed: [localhost -> localhost] => (item=[1, 'laptop'])
changed: [localhost -> localhost] => (item=[2, 'desktop'])
included: /home/alif/vpn/algo/roles/wireguard/tasks/mobileconfig.yml for localhost
included: /home/alif/vpn/algo/roles/wireguard/tasks/mobileconfig.yml for localhost

TASK [wireguard : WireGuard apple mobileconfig generated] ******************************************************************************
changed: [localhost -> localhost] => (item=[0, 'phone'])
changed: [localhost -> localhost] => (item=[1, 'laptop'])
changed: [localhost -> localhost] => (item=[2, 'desktop'])

TASK [wireguard : WireGuard apple mobileconfig generated] ******************************************************************************
changed: [localhost -> localhost] => (item=[0, 'phone'])
changed: [localhost -> localhost] => (item=[1, 'laptop'])
changed: [localhost -> localhost] => (item=[2, 'desktop'])

TASK [wireguard : Generate QR codes] ***************************************************************************************************
ok: [localhost -> localhost] => (item=[0, 'phone'])
ok: [localhost -> localhost] => (item=[1, 'laptop'])
ok: [localhost -> localhost] => (item=[2, 'desktop'])

TASK [wireguard : WireGuard configured] ************************************************************************************************
changed: [localhost]

TASK [wireguard : WireGuard enabled and started] ***************************************************************************************
changed: [localhost]

RUNNING HANDLER [wireguard : restart wireguard] ****************************************************************************************
changed: [localhost]
included: /home/alif/vpn/algo/roles/strongswan/tasks/ubuntu.yml for localhost

TASK [strongswan : Set OS specific facts] **********************************************************************************************
ok: [localhost]

TASK [strongswan : Ubuntu | Install strongSwan] ****************************************************************************************
changed: [localhost]

TASK [strongswan : Ubuntu | Charon profile for apparmor configured] ********************************************************************
changed: [localhost]

TASK [strongswan : Ubuntu | Enforcing ipsec with apparmor] *****************************************************************************
ok: [localhost] => (item=/usr/lib/ipsec/charon)
ok: [localhost] => (item=/usr/lib/ipsec/lookip)
ok: [localhost] => (item=/usr/lib/ipsec/stroke)

TASK [strongswan : Ubuntu | Enable services] *******************************************************************************************
ok: [localhost] => (item=apparmor)
ok: [localhost] => (item=strongswan)
ok: [localhost] => (item=netfilter-persistent)

TASK [strongswan : Ubuntu | Ensure that the strongswan service directory exists] *******************************************************
changed: [localhost]

TASK [strongswan : Ubuntu | Setup the cgroup limitations for the ipsec daemon] *********************************************************
changed: [localhost]

TASK [strongswan : Ensure that the strongswan user exists] *****************************************************************************
ok: [localhost]

TASK [strongswan : Install strongSwan] *************************************************************************************************
ok: [localhost]

TASK [strongswan : Setup the config files from our templates] **************************************************************************
changed: [localhost] => (item={'src': 'strongswan.conf.j2', 'dest': 'strongswan.conf', 'owner': 'root', 'group': 'root', 'mode': '0644'})
changed: [localhost] => (item={'src': 'ipsec.conf.j2', 'dest': 'ipsec.conf', 'owner': 'root', 'group': 'root', 'mode': '0644'})
changed: [localhost] => (item={'src': 'ipsec.secrets.j2', 'dest': 'ipsec.secrets', 'owner': 'strongswan', 'group': 'root', 'mode': '0600'})
changed: [localhost] => (item={'src': 'charon.conf.j2', 'dest': 'strongswan.d/charon.conf', 'owner': 'root', 'group': 'root', 'mode': '0644'})

TASK [strongswan : Get loaded plugins] *************************************************************************************************
ok: [localhost]

TASK [strongswan : Disable unneeded plugins] *******************************************************************************************
changed: [localhost] => (item=xauth-generic)
changed: [localhost] => (item=md5)
changed: [localhost] => (item=connmark)
changed: [localhost] => (item=bypass-lan)
changed: [localhost] => (item=attr)
changed: [localhost] => (item=agent)
changed: [localhost] => (item=updown)
changed: [localhost] => (item=resolve)
changed: [localhost] => (item=constraints)
changed: [localhost] => (item=md4)
changed: [localhost] => (item=counters)
changed: [localhost] => (item=xcbc)
changed: [localhost] => (item=sha1)
changed: [localhost] => (item=dnskey)
changed: [localhost] => (item=sshkey)
changed: [localhost] => (item=rc2)
changed: [localhost] => (item=fips-prf)
changed: [localhost] => (item=gmp)
changed: [localhost] => (item=eap-mschapv2)
changed: [localhost] => (item=aesni)
changed: [localhost] => (item=pkcs1)
changed: [localhost] => (item=mgf1)

TASK [strongswan : Ensure that required plugins are enabled] ***************************************************************************
changed: [localhost] => (item=hmac)
changed: [localhost] => (item=revocation)
changed: [localhost] => (item=random)
changed: [localhost] => (item=pkcs12)
changed: [localhost] => (item=pkcs7)
changed: [localhost] => (item=pkcs8)
changed: [localhost] => (item=pubkey)
changed: [localhost] => (item=sha2)
changed: [localhost] => (item=kernel-netlink)
changed: [localhost] => (item=stroke)
changed: [localhost] => (item=x509)
changed: [localhost] => (item=nonce)
changed: [localhost] => (item=openssl)
changed: [localhost] => (item=aes)
changed: [localhost] => (item=socket-default)
changed: [localhost] => (item=pem)
changed: [localhost] => (item=gcm)
changed: [localhost] => (item=pgp)

TASK [strongswan : debug] **************************************************************************************************************
ok: [localhost -> localhost] => {
    "subjectAltName": "IP:119.148.4.18"
}

TASK [strongswan : Ensure the pki directories exist] ***********************************************************************************
changed: [localhost -> localhost] => (item=ecparams)
changed: [localhost -> localhost] => (item=certs)
changed: [localhost -> localhost] => (item=crl)
changed: [localhost -> localhost] => (item=newcerts)
changed: [localhost -> localhost] => (item=private)
changed: [localhost -> localhost] => (item=public)
changed: [localhost -> localhost] => (item=reqs)

TASK [strongswan : Ensure the config directories exist] ********************************************************************************
changed: [localhost -> localhost] => (item=apple)
changed: [localhost -> localhost] => (item=manual)

TASK [strongswan : Ensure the files exist] *********************************************************************************************
changed: [localhost -> localhost] => (item=.rnd)
changed: [localhost -> localhost] => (item=private/.rnd)
changed: [localhost -> localhost] => (item=index.txt)
changed: [localhost -> localhost] => (item=index.txt.attr)
changed: [localhost -> localhost] => (item=serial)

TASK [strongswan : Generate the openssl server configs] ********************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Build the CA pair] **************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Copy the CA certificate] ********************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Generate the serial number] *****************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Build the server pair] **********************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Build the client's pair] ********************************************************************************************
changed: [localhost -> localhost] => (item=phone)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build openssh public keys] ******************************************************************************************
changed: [localhost -> localhost] => (item=phone)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the client's p12] *********************************************************************************************
changed: [localhost -> localhost] => (item=phone)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the client's p12 with the CA cert included] *******************************************************************
changed: [localhost -> localhost] => (item=phone)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Copy the p12 certificates] ******************************************************************************************
changed: [localhost -> localhost] => (item=phone)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Get active users] ***************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Copy the keys to the strongswan directory] **************************************************************************
changed: [localhost] => (item={'src': 'cacert.pem', 'dest': 'cacerts/ca.crt', 'owner': 'strongswan', 'group': 'root', 'mode': '0600'})
changed: [localhost] => (item={'src': 'certs/119.148.4.18.crt', 'dest': 'certs/119.148.4.18.crt', 'owner': 'strongswan', 'group': 'root', 'mode': '0600'})
changed: [localhost] => (item={'src': 'private/119.148.4.18.key', 'dest': 'private/119.148.4.18.key', 'owner': 'strongswan', 'group': 'root', 'mode': '0600'})

TASK [strongswan : Register p12 PayloadContent] ****************************************************************************************
ok: [localhost -> localhost] => (item=phone)
ok: [localhost -> localhost] => (item=laptop)
ok: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Set facts for mobileconfigs] ****************************************************************************************
ok: [localhost -> localhost]

TASK [strongswan : Build the mobileconfigs] ********************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [strongswan : Build the client ipsec config file] *********************************************************************************
changed: [localhost -> localhost] => (item=phone)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the client ipsec secret file] *********************************************************************************
changed: [localhost -> localhost] => (item=phone)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Restrict permissions for the local private directories] *************************************************************
ok: [localhost -> localhost]

TASK [strongswan : strongSwan started] *************************************************************************************************
ok: [localhost]

RUNNING HANDLER [strongswan : restart strongswan] **************************************************************************************
changed: [localhost]

RUNNING HANDLER [strongswan : daemon-reload] *******************************************************************************************
ok: [localhost]

TASK [ssh_tunneling : Ensure that the sshd_config file has desired options] ************************************************************
changed: [localhost]

TASK [ssh_tunneling : Ensure that the algo group exist] ********************************************************************************
changed: [localhost]

TASK [ssh_tunneling : Ensure that the jail directory exist] ****************************************************************************
changed: [localhost]

TASK [ssh_tunneling : Ensure that the SSH users exist] *********************************************************************************
changed: [localhost] => (item=phone)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)

TASK [ssh_tunneling : Ensure the config directories exist] *****************************************************************************
changed: [localhost -> localhost]

TASK [ssh_tunneling : Check if the private keys exist] *********************************************************************************
ok: [localhost -> localhost] => (item=phone)
ok: [localhost -> localhost] => (item=laptop)
ok: [localhost -> localhost] => (item=desktop)

TASK [ssh_tunneling : Build ssh private keys] ******************************************************************************************
failed: [localhost -> localhost] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
failed: [localhost -> localhost] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
failed: [localhost -> localhost] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
fatal: [localhost]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
included: /home/alif/vpn/algo/playbooks/rescue.yml for localhost

TASK [debug] ***************************************************************************************************************************
ok: [localhost] => {
    "fail_hint": [
        "Sorry, but something went wrong!",
        "Please check the troubleshooting guide.",
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}

TASK [Fail the installation] ***********************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP *****************************************************************************************************************************
localhost                  : ok=137  changed=70   unreachable=0    failed=1    skipped=36   rescued=1    ignored=0
SixFourSeven-2077 commented 3 years ago

This is caused by the SSH tunneling setting, looks like an Ansible error. Try disabling that setting for now.

TheNomad11 commented 2 years ago

this has not been fixed it the meantime, it seems, had same error on fresh ubuntu 20

wquadb commented 1 month ago

still get the error