Created a new Lightsail instance with empty Ubuntu 18.04, picked option '10' (already existing ubuntu server) in algo setup process, all options left unchanged, only provided server IP and username. Ansible did the job successfully.
Two problems arise:
1) I can't connect to IPSec through my mac / iphone (tried wi-fi and LTE). "The vpn server did not respond" after certain timeout, though I can ssh into it. Both on mac and on iphone I installed profiles generated by algo in /configs/ dir. I can even ping everything from inside ssh while being on Ubuntu machine.
2) WireGuard both on mac and iphone successfully connects to the server, but there is no internet after vpn connection established.
I suppose these problems are interconnected somehow. The thing is, I have everything by default, picked most popular way to setup and still got into problems.
Steps to reproduce the behavior:
Prepare clean Ubuntu 18.04 vps on AWS Lightsail
Install algo, providing IP and username of the host.
ubuntu@ip-172-26-13-174:~$ sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-1021-aws, x86_64):
uptime: 10 minutes, since Aug 29 23:39:20 2019
malloc: sbrk 1339392, mmap 0, used 425552, free 913840
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes sha2 random nonce x509 revocation pubkey pkcs7 pkcs8 pkcs12 pgp pem openssl hmac gcm kernel-netlink socket-default stroke
Virtual IP pools (size/online/offline):
10.19.48.0/24: 254/0/0
fd9d:bc11:4020::/48: 2147483646/0/0
Listening IP addresses:
172.26.13.174
10.19.49.1
Connections:
ikev2-pubkey: %any...%any IKEv2, dpddelay=35s
ikev2-pubkey: local: [35.180.38.177] uses public key authentication
ikev2-pubkey: cert: "CN=35.180.38.177"
ikev2-pubkey: remote: uses public key authentication
ikev2-pubkey: child: 0.0.0.0/0 ::/0 === dynamic TUNNEL, dpdaction=clear
Security Associations (0 up, 0 connecting):
none
ubuntu@ip-172-26-13-174:~$ service dnscrypt-proxy status
● dnscrypt-proxy.service - DNSCrypt-proxy client
Loaded: loaded (/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/dnscrypt-proxy.service.d
└─99-algo.conf
Active: active (running) since Thu 2019-08-29 23:39:20 UTC; 10min ago
Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
Main PID: 779 (dnscrypt-proxy)
Tasks: 7 (limit: 547)
CGroup: /system.slice/dnscrypt-proxy.service
└─779 /usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: Source [/tmp/public-resolvers.md] loaded
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: dnscrypt-proxy 2.0.25
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: Loading the set of IP blocking rules from [ip-blacklist.txt]
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: Now listening to 172.25.84.2:53 [UDP]
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: Now listening to 172.25.84.2:53 [TCP]
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: Wiring systemd TCP socket #0, dnscrypt-proxy.socket, 127.0.2.1:53
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: Wiring systemd UDP socket #1, dnscrypt-proxy.socket, 127.0.2.1:53
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: [cloudflare] OK (DoH) - rtt: 6ms
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: Server with the lowest initial latency: cloudflare (rtt: 6ms)
Aug 29 23:39:21 ip-172-26-13-174 dnscrypt-proxy[779]: dnscrypt-proxy is ready - live servers: 1
Created a new Lightsail instance with empty Ubuntu 18.04, picked option '10' (already existing ubuntu server) in algo setup process, all options left unchanged, only provided server IP and username. Ansible did the job successfully.
Two problems arise: 1) I can't connect to IPSec through my mac / iphone (tried wi-fi and LTE). "The vpn server did not respond" after certain timeout, though I can
ssh
into it. Both on mac and on iphone I installed profiles generated by algo in/configs/
dir. I can even ping everything from insidessh
while being on Ubuntu machine.2) WireGuard both on mac and iphone successfully connects to the server, but there is no internet after vpn connection established.
I suppose these problems are interconnected somehow. The thing is, I have everything by default, picked most popular way to setup and still got into problems.
Steps to reproduce the behavior:
Full log