Darwin nikita-macs-MacBook-Pro.local 17.5.0 Darwin Kernel Version 17.5.0: Mon Mar 5 22:24:32 PST 2018; root:xnu-4570.51.1~1/RELEASE_X86_64 x86_64
Cloud Provider (where do you deploy Algo to)
Azure
Summary of the problem
After successful installation of Algo server on Azure I tried to add user .mobileconfig profile to my Mac. It worked out for the first time. However, after that I encountered some issues with the connection which became unstable for some reason. I removed the installed profile and tried to install it again. Now the error occurs after filling out the p12 password:
An error occurred while trying to import the certificate or identity.
Also, I don't see any Algo VPN in System Preferences -> Network.
I tried to run Algo script again for this server, but nothing helps.
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
Do you want each user to have their own account for SSH tunneling?
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
Do you want to retain the CA key? (required to add users in the future, but less secure)
PLAY [Configure the server] ***
TASK [Gathering Facts] ****
ok: [localhost]
TASK [Local pre-tasks] ****
included: /Users/nikita_mac/vpn/algo-master/playbooks/local.yml for localhost
TASK [Generate the SSH private key] ***
ok: [localhost]
TASK [Generate the SSH public key] ****
ok: [localhost]
TASK [Change mode for the SSH private key] ****
ok: [localhost]
TASK [Ensure the dynamic inventory exists] ****
ok: [localhost]
TASK [cloud-azure : Ensure the group azure exists in the dynamic inventory file] **
ok: [localhost]
TASK [cloud-azure : Populate the dynamic inventory] ***
ok: [localhost]
TASK [Local post-tasks] ***
included: /Users/nikita_mac/vpn/algo-master/playbooks/post.yml for localhost
TASK [Wait until SSH becomes ready...] ****
ok: [localhost]
TASK [A short pause, in order to be sure the instance is ready] ***
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [localhost]
TASK [include_tasks] **
included: /Users/nikita_mac/vpn/algo-master/playbooks/local_ssh.yml for localhost
TASK [Ensure the local ssh directory is exist] ****
ok: [localhost]
TASK [Copy the algo ssh key to the local ssh directory] ***
ok: [localhost]
PLAY [Configure the server and install required software] *****
TASK [Common pre-tasks] ***
included: /Users/nikita_mac/vpn/algo-master/playbooks/common.yml for 52.136.235.170
TASK [Check the system] ***
changed: [52.136.235.170]
TASK [Ubuntu pre-tasks] ***
included: /Users/nikita_mac/vpn/algo-master/playbooks/ubuntu.yml for 52.136.235.170
TASK [debug] **
ok: [52.136.235.170] => {
"msg": [
[
"\"# Congratulations! #\"",
"\"# Your Algo server is running. #\"",
"\"# Config files and certificates are in the ./configs/ directory. #\"",
"\"# Go to https://whoer.net/ after connecting #\"",
"\"# and ensure that all your traffic passes through the VPN. #\"",
"\"# Local DNS resolver 172.16.0.1 #\"",
""
],
" \"# The p12 and SSH keys password for new users is KfoP5kES #\"\n",
" \"# The CA key password is f0c336aaf9ae1c5a907e05c630e9c68f #\"\n",
" \"# Shell access: ssh -i configs/algo.pem ubuntu@52.136.235.170 #\"\n"
]
}
TASK [Delete the CA key] **
skipping: [52.136.235.170]
OS / Environment (where do you run Algo on)
Darwin nikita-macs-MacBook-Pro.local 17.5.0 Darwin Kernel Version 17.5.0: Mon Mar 5 22:24:32 PST 2018; root:xnu-4570.51.1~1/RELEASE_X86_64 x86_64
Cloud Provider (where do you deploy Algo to)
Azure
Summary of the problem
After successful installation of Algo server on Azure I tried to add user .mobileconfig profile to my Mac. It worked out for the first time. However, after that I encountered some issues with the connection which became unstable for some reason. I removed the installed profile and tried to install it again. Now the error occurs after filling out the p12 password:
Also, I don't see any Algo VPN in System Preferences -> Network. I tried to run Algo script again for this server, but nothing helps.
Steps to reproduce the behavior
Full log
What provider would you like to use?
Enter the number of your desired provider : 4
Enter your azure secret id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md) You can skip this step if you want to use your defaults credentials from ~/.azure/credentials [pasted values will not be displayed] [...]:
Enter your azure tenant id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md) You can skip this step if you want to use your defaults credentials from ~/.azure/credentials [pasted values will not be displayed] [...]:
Enter your azure client id (application id) (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md) You can skip this step if you want to use your defaults credentials from ~/.azure/credentials [pasted values will not be displayed] [...]:
Enter your azure subscription id (https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md) You can skip this step if you want to use your defaults credentials from ~/.azure/credentials [pasted values will not be displayed] [...]:
Name the vpn server: [algo]:
What region should the server be located in? (https://azure.microsoft.com/en-us/regions/)
Enter the number of your desired region:
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi) :
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
Do you want each user to have their own account for SSH tunneling?
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
Do you want to retain the CA key? (required to add users in the future, but less secure)
PLAY [Configure the server] ***
TASK [Gathering Facts] **** ok: [localhost]
TASK [Local pre-tasks] **** included: /Users/nikita_mac/vpn/algo-master/playbooks/local.yml for localhost
TASK [Generate the SSH private key] *** ok: [localhost]
TASK [Generate the SSH public key] **** ok: [localhost]
TASK [Change mode for the SSH private key] **** ok: [localhost]
TASK [Ensure the dynamic inventory exists] **** ok: [localhost]
TASK [cloud-azure : set_fact] ***** ok: [localhost]
TASK [cloud-azure : Create a resource group] ** ok: [localhost]
TASK [cloud-azure : Create a virtual network] ***** ok: [localhost]
TASK [cloud-azure : Create a security group] ** ok: [localhost]
TASK [cloud-azure : Create a subnet] ** ok: [localhost]
TASK [cloud-azure : Create an instance] *** ok: [localhost]
TASK [cloud-azure : set_fact] ***** ok: [localhost]
TASK [cloud-azure : Ensure the network interface includes all required parameters] **** ok: [localhost]
TASK [cloud-azure : Add the instance to an inventory group] *** changed: [localhost]
TASK [cloud-azure : set_fact] ***** ok: [localhost]
TASK [cloud-azure : Ensure the group azure exists in the dynamic inventory file] ** ok: [localhost]
TASK [cloud-azure : Populate the dynamic inventory] *** ok: [localhost]
TASK [Local post-tasks] *** included: /Users/nikita_mac/vpn/algo-master/playbooks/post.yml for localhost
TASK [Wait until SSH becomes ready...] **** ok: [localhost]
TASK [A short pause, in order to be sure the instance is ready] *** Pausing for 20 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [localhost]
TASK [include_tasks] ** included: /Users/nikita_mac/vpn/algo-master/playbooks/local_ssh.yml for localhost
TASK [Ensure the local ssh directory is exist] **** ok: [localhost]
TASK [Copy the algo ssh key to the local ssh directory] *** ok: [localhost]
PLAY [Configure the server and install required software] *****
TASK [Common pre-tasks] *** included: /Users/nikita_mac/vpn/algo-master/playbooks/common.yml for 52.136.235.170
TASK [Check the system] *** changed: [52.136.235.170]
TASK [Ubuntu pre-tasks] *** included: /Users/nikita_mac/vpn/algo-master/playbooks/ubuntu.yml for 52.136.235.170
TASK [Ubuntu | Install prerequisites] ***** changed: [52.136.235.170]
TASK [Ubuntu | Configure defaults] **** changed: [52.136.235.170]
TASK [FreeBSD pre-tasks] ** skipping: [52.136.235.170]
TASK [include_tasks] ** included: /Users/nikita_mac/vpn/algo-master/playbooks/facts/main.yml for 52.136.235.170
TASK [Gather Facts] *** ok: [52.136.235.170]
TASK [Ensure the algo ssh key exist on the server] **** ok: [52.136.235.170]
TASK [Enable IPv6] **** skipping: [52.136.235.170]
TASK [Set facts if the deployment in a cloud] ***** ok: [52.136.235.170]
TASK [Generate password for the CA key] *** changed: [52.136.235.170 -> localhost]
TASK [Generate p12 export password] *** changed: [52.136.235.170 -> localhost]
TASK [Define password facts] ** ok: [52.136.235.170]
TASK [Define the commonName] ** ok: [52.136.235.170]
TASK [common : include_tasks] ***** included: /Users/nikita_mac/vpn/algo-master/roles/common/tasks/ubuntu.yml for 52.136.235.170
TASK [common : Install software updates] ** changed: [52.136.235.170]
TASK [common : Check if reboot is required] *** changed: [52.136.235.170]
TASK [common : Reboot] **** changed: [52.136.235.170]
TASK [common : Wait until SSH becomes ready...] *** ok: [52.136.235.170 -> localhost]
TASK [common : Include unatteded upgrades configuration] ** included: /Users/nikita_mac/vpn/algo-master/roles/common/tasks/unattended-upgrades.yml for 52.136.235.170
TASK [common : Install unattended-upgrades] *** ok: [52.136.235.170]
TASK [common : Configure unattended-upgrades] ***** ok: [52.136.235.170]
TASK [common : Periodic upgrades configured] ** ok: [52.136.235.170]
TASK [common : Disable MOTD on login and SSHD] **** ok: [52.136.235.170] => (item={u'regexp': u'^session.optional.pam_motd.so.', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'}) ok: [52.136.235.170] => (item={u'regexp': u'^session.optional.pam_motd.so.', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})
TASK [common : Install system specific tools] ***** ok: [52.136.235.170] => (item=ifupdown)
TASK [common : Ensure the interfaces directory exists] **** ok: [52.136.235.170]
TASK [common : Loopback for services configured] ** ok: [52.136.235.170]
TASK [common : Loopback included into the network config] ***** ok: [52.136.235.170]
TASK [common : Check apparmor support] **** changed: [52.136.235.170]
TASK [common : set_fact] ** ok: [52.136.235.170]
TASK [common : set_fact] ** ok: [52.136.235.170]
TASK [common : include_tasks] ***** skipping: [52.136.235.170]
TASK [common : Install tools] ***** ok: [52.136.235.170] => (item=git) ok: [52.136.235.170] => (item=screen) ok: [52.136.235.170] => (item=apparmor-utils) ok: [52.136.235.170] => (item=uuid-runtime) ok: [52.136.235.170] => (item=coreutils) ok: [52.136.235.170] => (item=iptables-persistent) ok: [52.136.235.170] => (item=cgroup-tools) ok: [52.136.235.170] => (item=openssl)
TASK [common : Sysctl tuning] ***** ok: [52.136.235.170] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1}) ok: [52.136.235.170] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1}) ok: [52.136.235.170] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})
TASK [dns_adblocking : The DNS tag is defined] **** ok: [52.136.235.170]
TASK [dns_adblocking : Dnsmasq installed] ***** ok: [52.136.235.170]
TASK [dns_adblocking : Ensure that the dnsmasq user exist] **** ok: [52.136.235.170]
TASK [dns_adblocking : The dnsmasq directory created] ***** ok: [52.136.235.170]
TASK [dns_adblocking : include_tasks] ***** included: /Users/nikita_mac/vpn/algo-master/roles/dns_adblocking/tasks/ubuntu.yml for 52.136.235.170
TASK [dns_adblocking : Ubuntu | Dnsmasq profile for apparmor configured] ** ok: [52.136.235.170]
TASK [dns_adblocking : Ubuntu | Enforce the dnsmasq AppArmor policy] ** changed: [52.136.235.170]
TASK [dns_adblocking : Ubuntu | Ensure that the dnsmasq service directory exist] ** ok: [52.136.235.170]
TASK [dns_adblocking : Ubuntu | Setup the cgroup limitations for the ipsec daemon] **** ok: [52.136.235.170]
TASK [dns_adblocking : include_tasks] ***** skipping: [52.136.235.170]
TASK [dns_adblocking : Dnsmasq configured] **** ok: [52.136.235.170]
TASK [dns_adblocking : Adblock script created] **** ok: [52.136.235.170]
TASK [dns_adblocking : Adblock script added to cron] ** ok: [52.136.235.170]
TASK [dns_adblocking : Update adblock hosts] ** changed: [52.136.235.170]
TASK [dns_adblocking : Dnsmasq enabled and started] *** ok: [52.136.235.170]
TASK [ssh_tunneling : Ensure that the sshd_config file has desired options] *** ok: [52.136.235.170]
TASK [ssh_tunneling : Ensure that the algo group exist] *** ok: [52.136.235.170]
TASK [ssh_tunneling : Ensure that the jail directory exist] *** ok: [52.136.235.170]
TASK [ssh_tunneling : Ensure that the SSH users exist] **** ok: [52.136.235.170] => (item=dan) ok: [52.136.235.170] => (item=jack) ok: [52.136.235.170] => (item=bob)
TASK [ssh_tunneling : The authorized keys file created] *** ok: [52.136.235.170] => (item=dan) ok: [52.136.235.170] => (item=jack) ok: [52.136.235.170] => (item=bob)
TASK [ssh_tunneling : Generate SSH fingerprints] ** changed: [52.136.235.170]
TASK [ssh_tunneling : Fetch users SSH private keys] *** ok: [52.136.235.170] => (item=dan) ok: [52.136.235.170] => (item=jack) ok: [52.136.235.170] => (item=bob)
TASK [ssh_tunneling : Change mode for SSH private keys] *** ok: [52.136.235.170 -> localhost] => (item=dan) ok: [52.136.235.170 -> localhost] => (item=jack) ok: [52.136.235.170 -> localhost] => (item=bob)
TASK [ssh_tunneling : Fetch the known_hosts file] ***** ok: [52.136.235.170 -> localhost]
TASK [ssh_tunneling : Build the client ssh config] **** ok: [52.136.235.170 -> localhost] => (item=dan) ok: [52.136.235.170 -> localhost] => (item=jack) ok: [52.136.235.170 -> localhost] => (item=bob)
TASK [ssh_tunneling : SSH | Get active system users] ** skipping: [52.136.235.170]
TASK [ssh_tunneling : SSH | Delete non-existing users] **** skipping: [52.136.235.170] => (item=null)
TASK [vpn : Ensure that the strongswan group exist] *** ok: [52.136.235.170]
TASK [vpn : Ensure that the strongswan user exist] **** ok: [52.136.235.170]
TASK [vpn : include_tasks] **** included: /Users/nikita_mac/vpn/algo-master/roles/vpn/tasks/ubuntu.yml for 52.136.235.170
TASK [vpn : set_fact] ***** ok: [52.136.235.170]
TASK [vpn : Ubuntu | Install strongSwan] ** ok: [52.136.235.170]
TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] *** changed: [52.136.235.170] => (item=/usr/lib/ipsec/charon) changed: [52.136.235.170] => (item=/usr/lib/ipsec/lookip) changed: [52.136.235.170] => (item=/usr/lib/ipsec/stroke)
TASK [vpn : Ubuntu | Enable services] ***** ok: [52.136.235.170] => (item=apparmor) ok: [52.136.235.170] => (item=strongswan) ok: [52.136.235.170] => (item=netfilter-persistent)
TASK [vpn : Ubuntu | Ensure that the strongswan service directory exist] ** ok: [52.136.235.170]
TASK [vpn : Ubuntu | Setup the cgroup limitations for the ipsec daemon] *** ok: [52.136.235.170]
TASK [vpn : include_tasks] **** included: /Users/nikita_mac/vpn/algo-master/roles/vpn/tasks/iptables.yml for 52.136.235.170
TASK [vpn : Iptables configured] ** ok: [52.136.235.170] => (item={u'dest': u'/etc/iptables/rules.v4', u'src': u'rules.v4.j2'})
TASK [vpn : Iptables configured] ** skipping: [52.136.235.170] => (item={u'dest': u'/etc/iptables/rules.v6', u'src': u'rules.v6.j2'})
TASK [vpn : include_tasks] **** skipping: [52.136.235.170]
TASK [vpn : Install strongSwan] *** ok: [52.136.235.170]
TASK [vpn : include_tasks] **** included: /Users/nikita_mac/vpn/algo-master/roles/vpn/tasks/ipec_configuration.yml for 52.136.235.170
TASK [vpn : Setup the config files from our templates] **** ok: [52.136.235.170] => (item={u'dest': u'/etc/strongswan.conf', u'src': u'strongswan.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'}) ok: [52.136.235.170] => (item={u'dest': u'/etc/ipsec.conf', u'src': u'ipsec.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'}) ok: [52.136.235.170] => (item={u'dest': u'/etc/ipsec.secrets', u'src': u'ipsec.secrets.j2', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
TASK [vpn : Get loaded plugins] *** changed: [52.136.235.170]
TASK [vpn : Disable unneeded plugins] ***** ok: [52.136.235.170] => (item=updown) skipping: [52.136.235.170] => (item=pem) ok: [52.136.235.170] => (item=dnskey) ok: [52.136.235.170] => (item=gmp) skipping: [52.136.235.170] => (item=x509) ok: [52.136.235.170] => (item=agent) ok: [52.136.235.170] => (item=test-vectors) ok: [52.136.235.170] => (item=sshkey) ok: [52.136.235.170] => (item=rc2) ok: [52.136.235.170] => (item=resolve) skipping: [52.136.235.170] => (item=gcm) ok: [52.136.235.170] => (item=attr) ok: [52.136.235.170] => (item=md4) skipping: [52.136.235.170] => (item=random) skipping: [52.136.235.170] => (item=pkcs8) ok: [52.136.235.170] => (item=sha1) skipping: [52.136.235.170] => (item=pubkey) skipping: [52.136.235.170] => (item=pkcs12) skipping: [52.136.235.170] => (item=pgp) ok: [52.136.235.170] => (item=fips-prf) ok: [52.136.235.170] => (item=connmark) skipping: [52.136.235.170] => (item=pkcs7) skipping: [52.136.235.170] => (item=stroke) skipping: [52.136.235.170] => (item=aes) skipping: [52.136.235.170] => (item=openssl) ok: [52.136.235.170] => (item=pkcs1) skipping: [52.136.235.170] => (item=kernel-netlink) skipping: [52.136.235.170] => (item=socket-default) ok: [52.136.235.170] => (item=md5) skipping: [52.136.235.170] => (item=hmac) ok: [52.136.235.170] => (item=xcbc) skipping: [52.136.235.170] => (item=revocation) skipping: [52.136.235.170] => (item=nonce) ok: [52.136.235.170] => (item=constraints) skipping: [52.136.235.170] => (item=sha2)
TASK [vpn : Ensure that required plugins are enabled] ***** skipping: [52.136.235.170] => (item=updown) ok: [52.136.235.170] => (item=pem) skipping: [52.136.235.170] => (item=dnskey) skipping: [52.136.235.170] => (item=gmp) ok: [52.136.235.170] => (item=x509) skipping: [52.136.235.170] => (item=agent) skipping: [52.136.235.170] => (item=test-vectors) skipping: [52.136.235.170] => (item=sshkey) skipping: [52.136.235.170] => (item=rc2) skipping: [52.136.235.170] => (item=resolve) ok: [52.136.235.170] => (item=gcm) skipping: [52.136.235.170] => (item=attr) skipping: [52.136.235.170] => (item=md4) ok: [52.136.235.170] => (item=random) ok: [52.136.235.170] => (item=pkcs8) skipping: [52.136.235.170] => (item=sha1) ok: [52.136.235.170] => (item=pubkey) ok: [52.136.235.170] => (item=pkcs12) ok: [52.136.235.170] => (item=pgp) skipping: [52.136.235.170] => (item=fips-prf) skipping: [52.136.235.170] => (item=connmark) ok: [52.136.235.170] => (item=pkcs7) ok: [52.136.235.170] => (item=stroke) ok: [52.136.235.170] => (item=aes) ok: [52.136.235.170] => (item=openssl) skipping: [52.136.235.170] => (item=pkcs1) ok: [52.136.235.170] => (item=kernel-netlink) ok: [52.136.235.170] => (item=socket-default) skipping: [52.136.235.170] => (item=md5) ok: [52.136.235.170] => (item=hmac) skipping: [52.136.235.170] => (item=xcbc) ok: [52.136.235.170] => (item=revocation) ok: [52.136.235.170] => (item=nonce) skipping: [52.136.235.170] => (item=constraints) ok: [52.136.235.170] => (item=sha2)
TASK [vpn : include_tasks] **** included: /Users/nikita_mac/vpn/algo-master/roles/vpn/tasks/openssl.yml for 52.136.235.170
TASK [vpn : Ensure the pki directory does not exist] ** skipping: [52.136.235.170]
TASK [vpn : Ensure the pki directories exist] ***** ok: [52.136.235.170 -> localhost] => (item=ecparams) ok: [52.136.235.170 -> localhost] => (item=certs) ok: [52.136.235.170 -> localhost] => (item=crl) ok: [52.136.235.170 -> localhost] => (item=newcerts) ok: [52.136.235.170 -> localhost] => (item=private) ok: [52.136.235.170 -> localhost] => (item=reqs)
TASK [vpn : Ensure the files exist] *** changed: [52.136.235.170 -> localhost] => (item=.rnd) changed: [52.136.235.170 -> localhost] => (item=private/.rnd) changed: [52.136.235.170 -> localhost] => (item=index.txt) changed: [52.136.235.170 -> localhost] => (item=index.txt.attr) changed: [52.136.235.170 -> localhost] => (item=serial)
TASK [vpn : Generate the openssl server configs] ** ok: [52.136.235.170 -> localhost]
TASK [vpn : Build the CA pair] **** ok: [52.136.235.170 -> localhost]
TASK [vpn : Copy the CA certificate] ** ok: [52.136.235.170 -> localhost]
TASK [vpn : Generate the serial number] *** ok: [52.136.235.170 -> localhost]
TASK [vpn : Build the server pair] **** ok: [52.136.235.170 -> localhost]
TASK [vpn : Build the client's pair] ** ok: [52.136.235.170 -> localhost] => (item=dan) ok: [52.136.235.170 -> localhost] => (item=jack) ok: [52.136.235.170 -> localhost] => (item=bob)
TASK [vpn : Build the client's p12] *** changed: [52.136.235.170 -> localhost] => (item=dan) changed: [52.136.235.170 -> localhost] => (item=jack) changed: [52.136.235.170 -> localhost] => (item=bob)
TASK [vpn : Copy the p12 certificates] **** changed: [52.136.235.170 -> localhost] => (item=dan) changed: [52.136.235.170 -> localhost] => (item=jack) changed: [52.136.235.170 -> localhost] => (item=bob)
TASK [vpn : Get active users] ***** changed: [52.136.235.170 -> localhost]
TASK [vpn : Revoke non-existing users] **** skipping: [52.136.235.170] => (item=dan) skipping: [52.136.235.170] => (item=jack) skipping: [52.136.235.170] => (item=bob)
TASK [vpn : Genereate new CRL file] *** skipping: [52.136.235.170]
TASK [vpn : Copy the CRL to the vpn server] *** skipping: [52.136.235.170]
TASK [vpn : include_tasks] **** included: /Users/nikita_mac/vpn/algo-master/roles/vpn/tasks/distribute_keys.yml for 52.136.235.170
TASK [vpn : Copy the keys to the strongswan directory] **** ok: [52.136.235.170] => (item={u'dest': u'/etc/ipsec.d/cacerts/ca.crt', u'src': u'configs/52.136.235.170/pki/cacert.pem', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'}) ok: [52.136.235.170] => (item={u'dest': u'/etc/ipsec.d/certs/52.136.235.170.crt', u'src': u'configs/52.136.235.170/pki/certs/52.136.235.170.crt', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'}) ok: [52.136.235.170] => (item={u'dest': u'/etc/ipsec.d/private/52.136.235.170.key', u'src': u'configs/52.136.235.170/pki/private/52.136.235.170.key', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
TASK [vpn : include_tasks] **** included: /Users/nikita_mac/vpn/algo-master/roles/vpn/tasks/client_configs.yml for 52.136.235.170
TASK [vpn : Register p12 PayloadContent] ** changed: [52.136.235.170 -> localhost] => (item=dan) changed: [52.136.235.170 -> localhost] => (item=jack) changed: [52.136.235.170 -> localhost] => (item=bob)
TASK [vpn : Set facts for mobileconfigs] ** ok: [52.136.235.170 -> localhost]
TASK [vpn : Build the mobileconfigs] ** changed: [52.136.235.170] => (item=None) changed: [52.136.235.170] => (item=None) changed: [52.136.235.170] => (item=None)
TASK [vpn : Build the strongswan app android config] ** changed: [52.136.235.170] => (item=None) changed: [52.136.235.170] => (item=None) changed: [52.136.235.170] => (item=None)
TASK [vpn : Build the android helper html] **** ok: [52.136.235.170] => (item=None) ok: [52.136.235.170] => (item=None) ok: [52.136.235.170] => (item=None)
TASK [vpn : Build the client ipsec config file] *** changed: [52.136.235.170 -> localhost] => (item=dan) changed: [52.136.235.170 -> localhost] => (item=jack) changed: [52.136.235.170 -> localhost] => (item=bob)
TASK [vpn : Build the client ipsec secret file] *** ok: [52.136.235.170 -> localhost] => (item=dan) ok: [52.136.235.170 -> localhost] => (item=jack) ok: [52.136.235.170 -> localhost] => (item=bob)
TASK [vpn : Create the windows check file] **** changed: [52.136.235.170 -> localhost]
TASK [vpn : Check if the windows check file exists] *** ok: [52.136.235.170 -> localhost]
TASK [vpn : Build the windows client powershell script] *** changed: [52.136.235.170 -> localhost] => (item=[u'dan', {'_ansible_parsed': True, 'stderr_lines': [], u'cmd': u'cat private/dan.p12 | base64', u'end': u'2018-04-24 15:40:45.482873', '_ansible_no_log': False, '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'changed': True, u'stdout': u'MIIEDQIBAzCCA9MGCSqGSIb3DQEHAaCCA8QEggPAMIIDvDCCApcGCSqGSIb3DQEHBqCCAogwggKEAgEAMIICfQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQITVGgr5AYwXwCAggAgIICUCMPVJwcr1rCWEm2LC2HotahS6hm6SYItBxlzAA1CB2ZVW17ISnlgglcXDEnLY4U8bhu+V+XVgj/LgejP3ztlyN2cd18OVn5bnMIbfWkv4lNPY0M4zINQC/qisVOpqzCWzrL9VSKlfN8VDr51RrsQobOuKAN+0Y+3l1yPfDeGGiTtwtc0O67jaqy0F4eEO1R+mVP47noi8OTaNURytEkhnzAWbWv6tHoeMy2axHCZF0TvpawPYLIkUIrqVgl546HsfS3Tg2hjOTwTKuIEJWFComK9+yOQVpoQU9PezxBebUzt1ydOGSRzniMRq2hYux5d/cWmskNUe1qNg9nnZ95IH3yRFQu8H+i9d4eTXFlQqCUisnAtjm1XFxSB60I54JfghGkRPs+cjPxeK/q2O+PCtwumbALKDCs6R/QGO+UzlsPY3K0fKAclDgZ4EAkMj0bAMHUJrg/bE2wVgQRWJ8BMQWSWLKt90fe9KspNMifD8UPy0RfPy+mo4TQ+IzWv8ILqxD0AchiXGDAiHbBzRzk3t2HwvD40ypVnYKJToVj9FxOOYGJ92Ki02KbpTs0HrZ+bDJmHy6dEvHESvHNcm7rJFP0iwoSeuYxINb6r8uA/7ai3TZgw4yQQDchUJaXtaE7l47j+BaOEGCd8Mi7xjqkqkhakefKg7xodSjqNLCjSQuon1I/V3915KU6v1QAu7YzxrHW8+/p4zpLesyoeT8EUcLTiXO4OYpSIOkf7/OsT98TLLfi1nQEffNACtUZ6DssExew4lVyCQS2CZkcWPc2JiUwggEdBgkqhkiG9w0BBwGgggEOBIIBCjCCAQYwggECBgsqhkiG9w0BDAoBAqCBtDCBsTAcBgoqhkiG9w0BDAEDMA4ECMEfDESxAF+/AgIIAASBkKaQHVv1hzHW7qMwBCkxhXnYkSiQhy62d2hAfVxZhGOOta+5keYsx+DqiEG6Zv2gHW24nBlMbXOBk+O618o0PXXmgHb5X7bsIGy5Xg6mscJbh8UhikqwYbzXF6nwumPDl5odiK85qrtH7Xj+0l/mAD8MAT2jBeOJpe8kJ/UuYp2Ye4MUNjE75Za3OqBPHDroPjE8MBUGCSqGSIb3DQEJFDEIHgYAZABhAG4wIwYJKoZIhvcNAQkVMRYEFLZ5N6X1+/u6Zd7RS7p3vouJa6FWMDEwITAJBgUrDgMCGgUABBR2sccN4Y067GrQMxw9y7t+gjoyWwQI1Phe9H6Htw0CAggA', 'item': u'dan', u'delta': u'0:00:00.012687', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'warn': True, u'executable': None, u'chdir': u'configs/52.136.235.170/pki/', u'_raw_params': u'cat private/dan.p12 | base64', u'removes': None, u'creates': None, u'_uses_shell': True, u'stdin': None}}, 'stdout_lines': [u'MIIEDQIBAzCCA9MGCSqGSIb3DQEHAaCCA8QEggPAMIIDvDCCApcGCSqGSIb3DQEHBqCCAogwggKEAgEAMIICfQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQITVGgr5AYwXwCAggAgIICUCMPVJwcr1rCWEm2LC2HotahS6hm6SYItBxlzAA1CB2ZVW17ISnlgglcXDEnLY4U8bhu+V+XVgj/LgejP3ztlyN2cd18OVn5bnMIbfWkv4lNPY0M4zINQC/qisVOpqzCWzrL9VSKlfN8VDr51RrsQobOuKAN+0Y+3l1yPfDeGGiTtwtc0O67jaqy0F4eEO1R+mVP47noi8OTaNURytEkhnzAWbWv6tHoeMy2axHCZF0TvpawPYLIkUIrqVgl546HsfS3Tg2hjOTwTKuIEJWFComK9+yOQVpoQU9PezxBebUzt1ydOGSRzniMRq2hYux5d/cWmskNUe1qNg9nnZ95IH3yRFQu8H+i9d4eTXFlQqCUisnAtjm1XFxSB60I54JfghGkRPs+cjPxeK/q2O+PCtwumbALKDCs6R/QGO+UzlsPY3K0fKAclDgZ4EAkMj0bAMHUJrg/bE2wVgQRWJ8BMQWSWLKt90fe9KspNMifD8UPy0RfPy+mo4TQ+IzWv8ILqxD0AchiXGDAiHbBzRzk3t2HwvD40ypVnYKJToVj9FxOOYGJ92Ki02KbpTs0HrZ+bDJmHy6dEvHESvHNcm7rJFP0iwoSeuYxINb6r8uA/7ai3TZgw4yQQDchUJaXtaE7l47j+BaOEGCd8Mi7xjqkqkhakefKg7xodSjqNLCjSQuon1I/V3915KU6v1QAu7YzxrHW8+/p4zpLesyoeT8EUcLTiXO4OYpSIOkf7/OsT98TLLfi1nQEffNACtUZ6DssExew4lVyCQS2CZkcWPc2JiUwggEdBgkqhkiG9w0BBwGgggEOBIIBCjCCAQYwggECBgsqhkiG9w0BDAoBAqCBtDCBsTAcBgoqhkiG9w0BDAEDMA4ECMEfDESxAF+/AgIIAASBkKaQHVv1hzHW7qMwBCkxhXnYkSiQhy62d2hAfVxZhGOOta+5keYsx+DqiEG6Zv2gHW24nBlMbXOBk+O618o0PXXmgHb5X7bsIGy5Xg6mscJbh8UhikqwYbzXF6nwumPDl5odiK85qrtH7Xj+0l/mAD8MAT2jBeOJpe8kJ/UuYp2Ye4MUNjE75Za3OqBPHDroPjE8MBUGCSqGSIb3DQEJFDEIHgYAZABhAG4wIwYJKoZIhvcNAQkVMRYEFLZ5N6X1+/u6Zd7RS7p3vouJa6FWMDEwITAJBgUrDgMCGgUABBR2sccN4Y067GrQMxw9y7t+gjoyWwQI1Phe9H6Htw0CAggA'], u'start': u'2018-04-24 15:40:45.470186', '_ansible_ignore_errors': None, 'failed': False}]) changed: [52.136.235.170 -> localhost] => (item=[u'jack', {'_ansible_parsed': True, 'stderr_lines': [], u'cmd': u'cat private/jack.p12 | base64', u'end': u'2018-04-24 15:40:45.679160', '_ansible_no_log': False, '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'changed': True, u'stdout': u'MIIEDwIBAzCCA9UGCSqGSIb3DQEHAaCCA8YEggPCMIIDvjCCApcGCSqGSIb3DQEHBqCCAogwggKEAgEAMIICfQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQILGkaq7/NOTwCAggAgIICUFUc20qcCNIWsEX4IB4LZQwHiUzNookuOBRGofeRDLdpOwVNmWJA5fBJJm8OB6EWZVe51gbhHZVS9NFa81Ka53tj1rnzMfVAvPIfsX9PZYnfpiE81+/hhORqniHCyCDLnan6zJ+yJo+CghTl9aAkD2reDNiCatvI+W9/o709Q9CapnQ0wVbGXEtZeS8AvmmQTaAonqUX6IOhs300Dn+G4OJck61P5zpKQVt2cYDLJSn02kw6B9fleXDxtns/X2/VVdv7VHOjWlkWa6X+uWRbEnNYMAY5NJEJCTCY8HkX3CT0ntDlAXPqQeEtULEoUyXP23KYuOIl32ymAhpikr0FvIkhh76RKKSY9f8RGG+ar4FQ3qwohJ5edznd7D9u15k9Ww48q+dnRE36GRFIb304syJVNHG9AHGt9tUC82FsxzCn8cnjs8fOVQX/bo9we1Mm3tpjpkbKmKJv/HemUTR5EEPCPlVdm62M+QpCzeUxxwcMa/LmghYe0HbpCFICjM4BL6ocpG8wpzcS/IMzDIO+YzNnd06eUbQM97ho3lLczyzY0aDlDLyn8mz+HLgwdt0705IrObt1Voj0dcO6ZVHYGflPRxeJhFItwJG9maUGtxlOlPRD40qgkvfSbuA+BpIloo2QhrxCW0ewVXQcoUi6OhZ/Iz84edF3nrPkPTMbqwgLxHZ6YXGJaFQZRee0h91zxFss3wzm/DH79/YKKdWyAjeNAtWEByUXpS275WSxsMSavs/1UY2LxneA+AChQzsWBrtdafQeLWW4GyWUvrlH6qEwggEfBgkqhkiG9w0BBwGgggEQBIIBDDCCAQgwggEEBgsqhkiG9w0BDAoBAqCBtDCBsTAcBgoqhkiG9w0BDAEDMA4ECA8yoiUSNXU/AgIIAASBkFNs4sLVo5cFFkYDPA+xVxzSlhPbelgB29H25DPYyPtZa5p8leorHisWqApUiND4nEf1bE076B9hyHRkTFsvoAkO5A36s9iSf1euMD4ZaC4XIFmEsIjVb6B53TP3STRsox40HhJEDexg6A7yFVbUVUiCtz5456fMAYN3XBTljxoZ/55h+KyKo7kowTOaMG3aSzE+MBcGCSqGSIb3DQEJFDEKHggAagBhAGMAazAjBgkqhkiG9w0BCRUxFgQUcd4OPuoo7o2+cneweTgKNKKI/pUwMTAhMAkGBSsOAwIaBQAEFNFRJAkv0xQEpjRc530N/alqKWPrBAje7U8M/mqucAICCAA=', 'item': u'jack', u'delta': u'0:00:00.012200', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'warn': True, u'executable': None, u'chdir': u'configs/52.136.235.170/pki/', u'_raw_params': u'cat private/jack.p12 | base64', u'removes': None, u'creates': None, u'_uses_shell': True, u'stdin': None}}, 'stdout_lines': [u'MIIEDwIBAzCCA9UGCSqGSIb3DQEHAaCCA8YEggPCMIIDvjCCApcGCSqGSIb3DQEHBqCCAogwggKEAgEAMIICfQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQILGkaq7/NOTwCAggAgIICUFUc20qcCNIWsEX4IB4LZQwHiUzNookuOBRGofeRDLdpOwVNmWJA5fBJJm8OB6EWZVe51gbhHZVS9NFa81Ka53tj1rnzMfVAvPIfsX9PZYnfpiE81+/hhORqniHCyCDLnan6zJ+yJo+CghTl9aAkD2reDNiCatvI+W9/o709Q9CapnQ0wVbGXEtZeS8AvmmQTaAonqUX6IOhs300Dn+G4OJck61P5zpKQVt2cYDLJSn02kw6B9fleXDxtns/X2/VVdv7VHOjWlkWa6X+uWRbEnNYMAY5NJEJCTCY8HkX3CT0ntDlAXPqQeEtULEoUyXP23KYuOIl32ymAhpikr0FvIkhh76RKKSY9f8RGG+ar4FQ3qwohJ5edznd7D9u15k9Ww48q+dnRE36GRFIb304syJVNHG9AHGt9tUC82FsxzCn8cnjs8fOVQX/bo9we1Mm3tpjpkbKmKJv/HemUTR5EEPCPlVdm62M+QpCzeUxxwcMa/LmghYe0HbpCFICjM4BL6ocpG8wpzcS/IMzDIO+YzNnd06eUbQM97ho3lLczyzY0aDlDLyn8mz+HLgwdt0705IrObt1Voj0dcO6ZVHYGflPRxeJhFItwJG9maUGtxlOlPRD40qgkvfSbuA+BpIloo2QhrxCW0ewVXQcoUi6OhZ/Iz84edF3nrPkPTMbqwgLxHZ6YXGJaFQZRee0h91zxFss3wzm/DH79/YKKdWyAjeNAtWEByUXpS275WSxsMSavs/1UY2LxneA+AChQzsWBrtdafQeLWW4GyWUvrlH6qEwggEfBgkqhkiG9w0BBwGgggEQBIIBDDCCAQgwggEEBgsqhkiG9w0BDAoBAqCBtDCBsTAcBgoqhkiG9w0BDAEDMA4ECA8yoiUSNXU/AgIIAASBkFNs4sLVo5cFFkYDPA+xVxzSlhPbelgB29H25DPYyPtZa5p8leorHisWqApUiND4nEf1bE076B9hyHRkTFsvoAkO5A36s9iSf1euMD4ZaC4XIFmEsIjVb6B53TP3STRsox40HhJEDexg6A7yFVbUVUiCtz5456fMAYN3XBTljxoZ/55h+KyKo7kowTOaMG3aSzE+MBcGCSqGSIb3DQEJFDEKHggAagBhAGMAazAjBgkqhkiG9w0BCRUxFgQUcd4OPuoo7o2+cneweTgKNKKI/pUwMTAhMAkGBSsOAwIaBQAEFNFRJAkv0xQEpjRc530N/alqKWPrBAje7U8M/mqucAICCAA='], u'start': u'2018-04-24 15:40:45.666960', '_ansible_ignore_errors': None, 'failed': False}]) changed: [52.136.235.170 -> localhost] => (item=[u'bob', {'_ansible_parsed': True, 'stderr_lines': [], u'cmd': u'cat private/bob.p12 | base64', u'end': u'2018-04-24 15:40:45.878530', '_ansible_no_log': False, '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'changed': True, u'stdout': u'MIIEDQIBAzCCA9MGCSqGSIb3DQEHAaCCA8QEggPAMIIDvDCCApcGCSqGSIb3DQEHBqCCAogwggKEAgEAMIICfQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIegflervEpnYCAggAgIICUL/Pj+0AN5BvV4bWNpUiq/uar3un+u7tqt/o999BYJCLID59wcdTSRDfErng55nRAHYxL2VVUbh/V4R1UGJ1vgkKwQZetZVUUjaGIkSHUKtLCF0ncRRv76XMK6Jjmig2uQeMtqaipKVzmyXxtBq0+Zin9wZB+hsHGEDUb0ja1zJr7vSw3D7YJdRYZiwe07NmFinih464CtZOfae0WvoXUWiR7yNCPD421njJjrQVP6KuIt3d83pVo2zKGdhrZhPjcmFtEyQPsfn4VOvjCBip1y1cImLC6aDnoSwZ7bu9xtwcBVtcT4UTNoh4TlQIu1bwUwKIczPQwCqRRNv87LHXbqaiWAI4B+X2020KcAIYUGOorMZAZ3d2uGT0ULTzTinMKB4STyubbJvsNaP/pJQWu8sYfxa5eI/36YtlznfDO/HXqdD7KHi9C8dhrhRLmexezQQvkv4iN2zX3XfW1o6iu8axVasZTRpFkzl1lWzGONkqhagMSHFt9QpL0CHRZscbrAUiikpYoQKMf9lstWzmd69AkQF/72wpmEMOHUvHwzlE2L9e8LeqfkUn5iujXYhATtHMDbpTrLqyRJv2+eY1lS9LSyPo+6EOGiZjRYZeWPN7sfLVnlRHA7KjT8WcC0eDZf5RrTgfOj4XxiIFQkJmOVPaWiQrOtzfgJ3Og5rP0SRA9K8GLQvM6HrDdmTO0umhsoegIsIvPt9zfAUmkcJOlCKYQqqJZJGWktVVXOFL7PWYE8+76XMlvqOC8SNi5T/lRHRe1wf1TGiPPBn3mR7glnowggEdBgkqhkiG9w0BBwGgggEOBIIBCjCCAQYwggECBgsqhkiG9w0BDAoBAqCBtDCBsTAcBgoqhkiG9w0BDAEDMA4ECCPSaCReJ4hrAgIIAASBkEHPfeYJh/ar80iEt7ku4jBVGEEddLPpTA0GEzZzbg430Ycv3Rx+aq/voujjK90ZvOwxGXDZIx5+uBtdf7+qKv3V9AypIbaB/sAfiEpmmR3aLlAMAvXcrxqTzUx27OkInhnjXlTDjoxl0MZrWPsp7YOGHkGm45jizNcayGfNmWSkBVj47TaDO/UNyh+4plJMjTE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcNAQkVMRYEFOLl56rgCphWuYVnwReNukjd3z9LMDEwITAJBgUrDgMCGgUABBTr/MTkLm2ZB3T7r7VgDxggO8cBoAQIbJyqE++hCXoCAggA', 'item': u'bob', u'delta': u'0:00:00.012088', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'warn': True, u'executable': None, u'chdir': u'configs/52.136.235.170/pki/', u'_raw_params': u'cat private/bob.p12 | base64', u'removes': None, u'creates': None, u'_uses_shell': True, u'stdin': None}}, 'stdout_lines': [u'MIIEDQIBAzCCA9MGCSqGSIb3DQEHAaCCA8QEggPAMIIDvDCCApcGCSqGSIb3DQEHBqCCAogwggKEAgEAMIICfQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIegflervEpnYCAggAgIICUL/Pj+0AN5BvV4bWNpUiq/uar3un+u7tqt/o999BYJCLID59wcdTSRDfErng55nRAHYxL2VVUbh/V4R1UGJ1vgkKwQZetZVUUjaGIkSHUKtLCF0ncRRv76XMK6Jjmig2uQeMtqaipKVzmyXxtBq0+Zin9wZB+hsHGEDUb0ja1zJr7vSw3D7YJdRYZiwe07NmFinih464CtZOfae0WvoXUWiR7yNCPD421njJjrQVP6KuIt3d83pVo2zKGdhrZhPjcmFtEyQPsfn4VOvjCBip1y1cImLC6aDnoSwZ7bu9xtwcBVtcT4UTNoh4TlQIu1bwUwKIczPQwCqRRNv87LHXbqaiWAI4B+X2020KcAIYUGOorMZAZ3d2uGT0ULTzTinMKB4STyubbJvsNaP/pJQWu8sYfxa5eI/36YtlznfDO/HXqdD7KHi9C8dhrhRLmexezQQvkv4iN2zX3XfW1o6iu8axVasZTRpFkzl1lWzGONkqhagMSHFt9QpL0CHRZscbrAUiikpYoQKMf9lstWzmd69AkQF/72wpmEMOHUvHwzlE2L9e8LeqfkUn5iujXYhATtHMDbpTrLqyRJv2+eY1lS9LSyPo+6EOGiZjRYZeWPN7sfLVnlRHA7KjT8WcC0eDZf5RrTgfOj4XxiIFQkJmOVPaWiQrOtzfgJ3Og5rP0SRA9K8GLQvM6HrDdmTO0umhsoegIsIvPt9zfAUmkcJOlCKYQqqJZJGWktVVXOFL7PWYE8+76XMlvqOC8SNi5T/lRHRe1wf1TGiPPBn3mR7glnowggEdBgkqhkiG9w0BBwGgggEOBIIBCjCCAQYwggECBgsqhkiG9w0BDAoBAqCBtDCBsTAcBgoqhkiG9w0BDAEDMA4ECCPSaCReJ4hrAgIIAASBkEHPfeYJh/ar80iEt7ku4jBVGEEddLPpTA0GEzZzbg430Ycv3Rx+aq/voujjK90ZvOwxGXDZIx5+uBtdf7+qKv3V9AypIbaB/sAfiEpmmR3aLlAMAvXcrxqTzUx27OkInhnjXlTDjoxl0MZrWPsp7YOGHkGm45jizNcayGfNmWSkBVj47TaDO/UNyh+4plJMjTE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcNAQkVMRYEFOLl56rgCphWuYVnwReNukjd3z9LMDEwITAJBgUrDgMCGgUABBTr/MTkLm2ZB3T7r7VgDxggO8cBoAQIbJyqE++hCXoCAggA'], u'start': u'2018-04-24 15:40:45.866442', '_ansible_ignore_errors': None, 'failed': False}])
TASK [vpn : Restrict permissions for the local private directories] *** ok: [52.136.235.170 -> localhost] => (item=configs/52.136.235.170)
RUNNING HANDLER [dns_adblocking : restart apparmor] *** changed: [52.136.235.170]
TASK [vpn : strongSwan started] *** ok: [52.136.235.170]
TASK [debug] ** ok: [52.136.235.170] => { "msg": [ [ "\"# Congratulations! #\"", "\"# Your Algo server is running. #\"", "\"# Config files and certificates are in the ./configs/ directory. #\"", "\"# Go to https://whoer.net/ after connecting #\"", "\"# and ensure that all your traffic passes through the VPN. #\"", "\"# Local DNS resolver 172.16.0.1 #\"", "" ], " \"# The p12 and SSH keys password for new users is KfoP5kES #\"\n", " \"# The CA key password is f0c336aaf9ae1c5a907e05c630e9c68f #\"\n", " \"# Shell access: ssh -i configs/algo.pem ubuntu@52.136.235.170 #\"\n" ] }
TASK [Delete the CA key] ** skipping: [52.136.235.170]
PLAY RECAP **** 52.136.235.170 : ok=102 changed=25 unreachable=0 failed=0
localhost : ok=24 changed=1 unreachable=0 failed=0