search

trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
28.78k stars 2.32k forks source link

Failed install on ubuntu 17.04 #567

Closed zoonderkins closed 7 years ago

zoonderkins commented 7 years ago

OS / Environment

Ubuntu 17.04 64bit

Ansible version

2.1,<2.2.1

Summary of the problem

I updated to 5.5.2-0ubuntu1~zesty (strongswan version) it failed

The way of deployment (cloud or local)

local

Full log

PLAY [Configure the server] ****

TASK [setup] *** ok: [localhost]

TASK [Generate the SSH private key] **** ok: [localhost]

TASK [Generate the SSH public key] ***** ok: [localhost]

TASK [Change mode for the SSH private key] ***** ok: [localhost]

TASK [Ensure the dynamic inventory exists] ***** ok: [localhost]

TASK [Ensure the local ssh directory is exist] ***** ok: [localhost]

TASK [Copy the algo ssh key to the local ssh directory] **** ok: [localhost]

TASK [local : Add the instance to an inventory group] ** changed: [localhost]

TASK [local : Add the instance to an inventory group] ** skipping: [localhost]

TASK [local : set_fact] **** ok: [localhost]

TASK [local : Ensure the group local exists in the dynamic inventory file] ***** ok: [localhost]

TASK [local : Populate the dynamic inventory] ** ok: [localhost]

PLAY [Configure the server and install required software] **

TASK [Check the system] **** changed: [0.0.0.0]

TASK [Ubuntu | Install prerequisites] ** changed: [0.0.0.0]

TASK [FreeBSD / HardenedBSD | Install prerequisites] *** skipping: [0.0.0.0]

TASK [FreeBSD / HardenedBSD | Configure defaults] ** skipping: [0.0.0.0]

TASK [set_fact] **** skipping: [0.0.0.0]

TASK [Gather Facts] **** ok: [0.0.0.0]

TASK [Enable IPv6] ***** ok: [0.0.0.0]

TASK [Generate password for the CA key] **** changed: [0.0.0.0 -> localhost]

TASK [Define password facts] *** ok: [0.0.0.0]

TASK [Define the commonName] *** ok: [0.0.0.0]

TASK [common : Loopback for services configured] *** ok: [0.0.0.0]

TASK [common : Loopback included into the network config] ** ok: [0.0.0.0]

TASK [common : set_fact] *** ok: [0.0.0.0]

TASK [common : set_fact] *** skipping: [0.0.0.0]

TASK [common : Loopback included into the rc config] *** skipping: [0.0.0.0]

TASK [common : Enable the gateway features] **** skipping: [0.0.0.0] => (item={u'value': u'"YES"', u'param': u'firewall_enable'}) skipping: [0.0.0.0] => (item={u'value': u'"open"', u'param': u'firewall_type'}) skipping: [0.0.0.0] => (item={u'value': u'"YES"', u'param': u'gateway_enable'}) skipping: [0.0.0.0] => (item={u'value': u'"YES"', u'param': u'natd_enable'}) skipping: [0.0.0.0] => (item={u'value': u'""', u'param': u'natd_interface'}) skipping: [0.0.0.0] => (item={u'value': u'"-dynamic -m"', u'param': u'natd_flags'})

TASK [common : Install tools] ** ok: [0.0.0.0] => (item=[u'git', u'screen', u'apparmor-utils', u'uuid-runtime', u'coreutils', u'sendmail', u'iptables-persistent', u'cgroup-tools', u'openssl'])

TASK [common : Sysctl tuning] ** ok: [0.0.0.0] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1}) ok: [0.0.0.0] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1}) ok: [0.0.0.0] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})

TASK [vpn : Ensure that the strongswan group exist] **** ok: [0.0.0.0]

TASK [vpn : Ensure that the strongswan user exist] ***** ok: [0.0.0.0]

TASK [vpn : set_fact] ** ok: [0.0.0.0]

TASK [vpn : Configure apt to use the Xenial release by default] **** skipping: [0.0.0.0]

TASK [vpn : Configure packages preferences] **** skipping: [0.0.0.0]

TASK [vpn : Configure the Ubuntu Zesty repository] ***** skipping: [0.0.0.0]

TASK [vpn : Ubuntu | Install strongSwan] *** changed: [0.0.0.0]

TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] **** skipping: [0.0.0.0] => (item=/usr/lib/ipsec/charon) skipping: [0.0.0.0] => (item=/usr/lib/ipsec/lookip) skipping: [0.0.0.0] => (item=/usr/lib/ipsec/stroke)

TASK [vpn : Ubuntu | Enable services] ** ok: [0.0.0.0] => (item=apparmor) failed: [0.0.0.0] (item=strongswan) => {"failed": true, "item": "strongswan", "msg": "Unable to enable service strongswan: Failed to enable unit: Unit file /etc/systemd/system/strongswan.service is masked.\n"} ok: [0.0.0.0] => (item=netfilter-persistent)

TASK [vpn : debug] ***** ok: [0.0.0.0] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }

TASK [vpn : fail] ** fatal: [0.0.0.0]: FAILED! => {"changed": false, "failed": true, "msg": "Failed as requested from task"}

dguido commented 7 years ago

We don't officially support 17.04. Only 16.04 for servers.