Linux hostname 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Cloud Provider (where do you deploy Algo to)
Ubuntu 16.04.4 (local installation)
Summary of the problem
I can connect only once (in total, not per device) to the VPN server (from iOS 11.3.1), but there is no connection to the Internet. All subsequent attempts to connect to the algo server fail. Rebooting doesn't help.
NOTE: I have successfully deployed algo to the same VPS before and all tested client devices can connect without issue to another algo server I have.
Steps to reproduce the behavior
Install algo (I've tried both local install and from a macOS Sierra machine)
Connect to server using iOS profile
No Internet connection
Disconnect from algo server
Never able to connect again
Full log
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Scaleway
7. OpenStack (DreamCompute optimised)
8. Install to existing Ubuntu 16.04 server (Advanced)
Enter the number of your desired provider
: 8
Enter the IP address of your server: (or use localhost for local installation)
[localhost]:
What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
[root]:
Enter the public IP address of your server: (IMPORTANT! This IP is used to verify the certificate)
[]: XXX.XXX.XX.XXX
Was this server deployed by Algo previously?
[y/N]:
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]: y
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]: y
List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
: Der Herr der Pinge,UPC6001195
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]: y
Do you want each user to have their own account for SSH tunneling?
[y/N]: y
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]:
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]: y
PLAY [Configure the server] **********************************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************************************
ok: [localhost]
TASK [Local pre-tasks] ***************************************************************************************************************************************
included: /root/algo/playbooks/local.yml for localhost
TASK [Generate the SSH private key] **************************************************************************************************************************
changed: [localhost]
TASK [Generate the SSH public key] ***************************************************************************************************************************
ok: [localhost]
TASK [Change mode for the SSH private key] *******************************************************************************************************************
ok: [localhost]
TASK [Ensure the dynamic inventory exists] *******************************************************************************************************************
changed: [localhost]
TASK [Local pre-tasks] ***************************************************************************************************************************************
skipping: [localhost]
TASK [local : Add the instance to an inventory group] ********************************************************************************************************
skipping: [localhost]
TASK [local : Add the instance to an inventory group] ********************************************************************************************************
changed: [localhost]
TASK [local : set_fact] **************************************************************************************************************************************
ok: [localhost]
TASK [local : Ensure the group local exists in the dynamic inventory file] ***********************************************************************************
changed: [localhost]
TASK [local : Populate the dynamic inventory] ****************************************************************************************************************
changed: [localhost]
PLAY [Configure the server and install required software] ****************************************************************************************************
TASK [Common pre-tasks] **************************************************************************************************************************************
included: /root/algo/playbooks/common.yml for localhost
TASK [Check the system] **************************************************************************************************************************************
changed: [localhost]
TASK [Ubuntu pre-tasks] **************************************************************************************************************************************
included: /root/algo/playbooks/ubuntu.yml for localhost
TASK [Ubuntu | Install prerequisites] ************************************************************************************************************************
changed: [localhost]
TASK [FreeBSD pre-tasks] *************************************************************************************************************************************
skipping: [localhost]
TASK [include_tasks] *****************************************************************************************************************************************
included: /root/algo/playbooks/facts/main.yml for localhost
TASK [Gather Facts] ******************************************************************************************************************************************
ok: [localhost]
TASK [Enable IPv6] *******************************************************************************************************************************************
ok: [localhost]
TASK [Generate password for the CA key] **********************************************************************************************************************
changed: [localhost -> localhost]
TASK [Generate p12 export password] **************************************************************************************************************************
changed: [localhost -> localhost]
TASK [Define password facts] *********************************************************************************************************************************
ok: [localhost]
TASK [Define the commonName] *********************************************************************************************************************************
ok: [localhost]
TASK [common : include_tasks] ********************************************************************************************************************************
included: /root/algo/roles/common/tasks/ubuntu.yml for localhost
TASK [common : Install system specific tools] ****************************************************************************************************************
ok: [localhost] => (item=ifupdown)
TASK [common : Ensure the interfaces directory exists] *******************************************************************************************************
ok: [localhost]
TASK [common : Loopback for services configured] *************************************************************************************************************
changed: [localhost]
TASK [common : Loopback included into the network config] ****************************************************************************************************
changed: [localhost]
RUNNING HANDLER [common : restart loopback] ******************************************************************************************************************
changed: [localhost]
TASK [common : Check apparmor support] ***********************************************************************************************************************
changed: [localhost]
TASK [common : set_fact] *************************************************************************************************************************************
ok: [localhost]
TASK [common : set_fact] *************************************************************************************************************************************
ok: [localhost]
TASK [common : include_tasks] ********************************************************************************************************************************
skipping: [localhost]
TASK [common : Install tools] ********************************************************************************************************************************
ok: [localhost] => (item=git)
ok: [localhost] => (item=screen)
changed: [localhost] => (item=apparmor-utils)
ok: [localhost] => (item=uuid-runtime)
ok: [localhost] => (item=coreutils)
changed: [localhost] => (item=iptables-persistent)
changed: [localhost] => (item=cgroup-tools)
ok: [localhost] => (item=openssl)
TASK [common : Sysctl tuning] ********************************************************************************************************************************
changed: [localhost] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
changed: [localhost] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1})
changed: [localhost] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})
TASK [dns_encryption : Include tasks for Ubuntu] *************************************************************************************************************
included: /root/algo/roles/dns_encryption/tasks/ubuntu.yml for localhost
TASK [dns_encryption : Add the repository] *******************************************************************************************************************
changed: [localhost]
TASK [dns_encryption : Install dnscrypt-proxy] ***************************************************************************************************************
changed: [localhost]
TASK [dns_encryption : Ubuntu | Unbound profile for apparmor configured] *************************************************************************************
changed: [localhost]
TASK [dns_encryption : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] **********************************************************************************
ok: [localhost]
TASK [dns_encryption : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] **********************************************************************
changed: [localhost]
TASK [dns_encryption : Include tasks for FreeBSD] ************************************************************************************************************
skipping: [localhost]
TASK [dns_encryption : dnscrypt-proxy configured] ************************************************************************************************************
changed: [localhost]
TASK [dns_encryption : dnscrypt-proxy enabled and started] ***************************************************************************************************
ok: [localhost]
RUNNING HANDLER [dns_encryption : restart dnscrypt-proxy] ****************************************************************************************************
changed: [localhost]
TASK [dns_adblocking : The DNS tag is defined] ***************************************************************************************************************
ok: [localhost]
TASK [dns_adblocking : Dnsmasq installed] ********************************************************************************************************************
changed: [localhost]
TASK [dns_adblocking : Ensure that the dnsmasq user exist] ***************************************************************************************************
changed: [localhost]
TASK [dns_adblocking : The dnsmasq directory created] ********************************************************************************************************
changed: [localhost]
TASK [dns_adblocking : include_tasks] ************************************************************************************************************************
included: /root/algo/roles/dns_adblocking/tasks/ubuntu.yml for localhost
TASK [dns_adblocking : Ubuntu | Dnsmasq profile for apparmor configured] *************************************************************************************
changed: [localhost]
TASK [dns_adblocking : Ubuntu | Enforce the dnsmasq AppArmor policy] *****************************************************************************************
changed: [localhost]
TASK [dns_adblocking : Ubuntu | Ensure that the dnsmasq service directory exist] *****************************************************************************
changed: [localhost]
TASK [dns_adblocking : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ***************************************************************************
changed: [localhost]
TASK [dns_adblocking : include_tasks] ************************************************************************************************************************
skipping: [localhost]
TASK [dns_adblocking : Dnsmasq configured] *******************************************************************************************************************
changed: [localhost]
TASK [dns_adblocking : Adblock script created] ***************************************************************************************************************
changed: [localhost]
TASK [dns_adblocking : Adblock script added to cron] *********************************************************************************************************
changed: [localhost]
TASK [dns_adblocking : Update adblock hosts] *****************************************************************************************************************
changed: [localhost]
RUNNING HANDLER [dns_adblocking : restart dnsmasq] ***********************************************************************************************************
changed: [localhost]
RUNNING HANDLER [vpn : daemon-reload] ************************************************************************************************************************
changed: [localhost]
TASK [dns_adblocking : Dnsmasq enabled and started] **********************************************************************************************************
ok: [localhost]
TASK [ssh_tunneling : Ensure that the sshd_config file has desired options] **********************************************************************************
changed: [localhost]
TASK [ssh_tunneling : Ensure that the algo group exist] ******************************************************************************************************
changed: [localhost]
TASK [ssh_tunneling : Ensure that the jail directory exist] **************************************************************************************************
changed: [localhost]
TASK [ssh_tunneling : Ensure that the SSH users exist] *******************************************************************************************************
changed: [localhost] => (item=earl)
changed: [localhost] => (item=mclovin)
changed: [localhost] => (item=don-cazzo)
changed: [localhost] => (item=spanish-harlan)
TASK [ssh_tunneling : The authorized keys file created] ******************************************************************************************************
changed: [localhost] => (item=earl)
changed: [localhost] => (item=mclovin)
changed: [localhost] => (item=don-cazzo)
changed: [localhost] => (item=spanish-harlan)
TASK [ssh_tunneling : Generate SSH fingerprints] *************************************************************************************************************
changed: [localhost]
TASK [ssh_tunneling : Fetch users SSH private keys] **********************************************************************************************************
changed: [localhost] => (item=earl)
changed: [localhost] => (item=mclovin)
changed: [localhost] => (item=don-cazzo)
changed: [localhost] => (item=spanish-harlan)
TASK [ssh_tunneling : Change mode for SSH private keys] ******************************************************************************************************
changed: [localhost -> localhost] => (item=earl)
changed: [localhost -> localhost] => (item=mclovin)
changed: [localhost -> localhost] => (item=don-cazzo)
changed: [localhost -> localhost] => (item=spanish-harlan)
TASK [ssh_tunneling : Fetch the known_hosts file] ************************************************************************************************************
changed: [localhost -> localhost]
TASK [ssh_tunneling : Build the client ssh config] ***********************************************************************************************************
changed: [localhost -> localhost] => (item=earl)
changed: [localhost -> localhost] => (item=mclovin)
changed: [localhost -> localhost] => (item=don-cazzo)
changed: [localhost -> localhost] => (item=spanish-harlan)
TASK [ssh_tunneling : SSH | Get active system users] *********************************************************************************************************
skipping: [localhost]
TASK [ssh_tunneling : SSH | Delete non-existing users] *******************************************************************************************************
skipping: [localhost] => (item=null)
TASK [vpn : Ensure that the strongswan group exist] **********************************************************************************************************
changed: [localhost]
TASK [vpn : Ensure that the strongswan user exist] ***********************************************************************************************************
changed: [localhost]
TASK [vpn : include_tasks] ***********************************************************************************************************************************
included: /root/algo/roles/vpn/tasks/ubuntu.yml for localhost
TASK [vpn : set_fact] ****************************************************************************************************************************************
ok: [localhost]
TASK [vpn : Ubuntu | Install strongSwan] *********************************************************************************************************************
changed: [localhost]
TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] **********************************************************************************************************
changed: [localhost] => (item=/usr/lib/ipsec/charon)
changed: [localhost] => (item=/usr/lib/ipsec/lookip)
changed: [localhost] => (item=/usr/lib/ipsec/stroke)
TASK [vpn : Ubuntu | Enable services] ************************************************************************************************************************
ok: [localhost] => (item=apparmor)
ok: [localhost] => (item=strongswan)
ok: [localhost] => (item=netfilter-persistent)
TASK [vpn : Ubuntu | Ensure that the strongswan service directory exist] *************************************************************************************
changed: [localhost]
TASK [vpn : Ubuntu | Setup the cgroup limitations for the ipsec daemon] **************************************************************************************
changed: [localhost]
TASK [vpn : include_tasks] ***********************************************************************************************************************************
included: /root/algo/roles/vpn/tasks/iptables.yml for localhost
TASK [vpn : Iptables configured] *****************************************************************************************************************************
changed: [localhost] => (item={u'dest': u'/etc/iptables/rules.v4', u'src': u'rules.v4.j2'})
TASK [vpn : Iptables configured] *****************************************************************************************************************************
changed: [localhost] => (item={u'dest': u'/etc/iptables/rules.v6', u'src': u'rules.v6.j2'})
TASK [vpn : include_tasks] ***********************************************************************************************************************************
skipping: [localhost]
TASK [vpn : Install strongSwan] ******************************************************************************************************************************
ok: [localhost]
TASK [vpn : include_tasks] ***********************************************************************************************************************************
included: /root/algo/roles/vpn/tasks/ipec_configuration.yml for localhost
TASK [vpn : Setup the config files from our templates] *******************************************************************************************************
changed: [localhost] => (item={u'dest': u'/etc/strongswan.conf', u'src': u'strongswan.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.conf', u'src': u'ipsec.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.secrets', u'src': u'ipsec.secrets.j2', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
TASK [vpn : Get loaded plugins] ******************************************************************************************************************************
changed: [localhost]
TASK [vpn : Disable unneeded plugins] ************************************************************************************************************************
skipping: [localhost] => (item=pubkey)
changed: [localhost] => (item=constraints)
changed: [localhost] => (item=updown)
skipping: [localhost] => (item=revocation)
changed: [localhost] => (item=dnskey)
changed: [localhost] => (item=attr)
changed: [localhost] => (item=sshkey)
skipping: [localhost] => (item=pgp)
skipping: [localhost] => (item=aes)
skipping: [localhost] => (item=pkcs8)
skipping: [localhost] => (item=stroke)
changed: [localhost] => (item=md4)
skipping: [localhost] => (item=gcm)
skipping: [localhost] => (item=hmac)
changed: [localhost] => (item=sha1)
skipping: [localhost] => (item=nonce)
skipping: [localhost] => (item=pkcs12)
skipping: [localhost] => (item=kernel-netlink)
changed: [localhost] => (item=test-vectors)
changed: [localhost] => (item=md5)
changed: [localhost] => (item=resolve)
changed: [localhost] => (item=fips-prf)
skipping: [localhost] => (item=pkcs7)
skipping: [localhost] => (item=sha2)
skipping: [localhost] => (item=random)
changed: [localhost] => (item=rc2)
changed: [localhost] => (item=connmark)
skipping: [localhost] => (item=openssl)
changed: [localhost] => (item=gmp)
changed: [localhost] => (item=xcbc)
skipping: [localhost] => (item=pem)
skipping: [localhost] => (item=socket-default)
skipping: [localhost] => (item=x509)
changed: [localhost] => (item=pkcs1)
changed: [localhost] => (item=agent)
TASK [vpn : Ensure that required plugins are enabled] ********************************************************************************************************
changed: [localhost] => (item=pubkey)
skipping: [localhost] => (item=constraints)
skipping: [localhost] => (item=updown)
changed: [localhost] => (item=revocation)
skipping: [localhost] => (item=dnskey)
skipping: [localhost] => (item=attr)
skipping: [localhost] => (item=sshkey)
changed: [localhost] => (item=pgp)
changed: [localhost] => (item=aes)
changed: [localhost] => (item=pkcs8)
changed: [localhost] => (item=stroke)
skipping: [localhost] => (item=md4)
changed: [localhost] => (item=gcm)
changed: [localhost] => (item=hmac)
skipping: [localhost] => (item=sha1)
changed: [localhost] => (item=nonce)
changed: [localhost] => (item=pkcs12)
changed: [localhost] => (item=kernel-netlink)
skipping: [localhost] => (item=test-vectors)
skipping: [localhost] => (item=md5)
skipping: [localhost] => (item=resolve)
skipping: [localhost] => (item=fips-prf)
changed: [localhost] => (item=pkcs7)
changed: [localhost] => (item=sha2)
changed: [localhost] => (item=random)
skipping: [localhost] => (item=rc2)
skipping: [localhost] => (item=connmark)
changed: [localhost] => (item=openssl)
skipping: [localhost] => (item=gmp)
skipping: [localhost] => (item=xcbc)
changed: [localhost] => (item=pem)
changed: [localhost] => (item=socket-default)
changed: [localhost] => (item=x509)
skipping: [localhost] => (item=pkcs1)
skipping: [localhost] => (item=agent)
TASK [vpn : include_tasks] ***********************************************************************************************************************************
included: /root/algo/roles/vpn/tasks/openssl.yml for localhost
TASK [vpn : Set subjectAltName as a fact] ********************************************************************************************************************
ok: [localhost -> localhost]
TASK [vpn : Ensure the pki directory does not exist] *********************************************************************************************************
skipping: [localhost]
TASK [vpn : Ensure the pki directories exist] ****************************************************************************************************************
changed: [localhost -> localhost] => (item=ecparams)
changed: [localhost -> localhost] => (item=certs)
changed: [localhost -> localhost] => (item=crl)
changed: [localhost -> localhost] => (item=newcerts)
changed: [localhost -> localhost] => (item=private)
changed: [localhost -> localhost] => (item=reqs)
TASK [vpn : Ensure the files exist] **************************************************************************************************************************
changed: [localhost -> localhost] => (item=.rnd)
changed: [localhost -> localhost] => (item=private/.rnd)
changed: [localhost -> localhost] => (item=index.txt)
changed: [localhost -> localhost] => (item=index.txt.attr)
changed: [localhost -> localhost] => (item=serial)
TASK [vpn : Generate the openssl server configs] *************************************************************************************************************
changed: [localhost -> localhost]
TASK [vpn : Build the CA pair] *******************************************************************************************************************************
changed: [localhost -> localhost]
TASK [vpn : Copy the CA certificate] *************************************************************************************************************************
changed: [localhost -> localhost]
TASK [vpn : Generate the serial number] **********************************************************************************************************************
changed: [localhost -> localhost]
TASK [vpn : Build the server pair] ***************************************************************************************************************************
changed: [localhost -> localhost]
TASK [vpn : Build the client's pair] *************************************************************************************************************************
changed: [localhost -> localhost] => (item=earl)
changed: [localhost -> localhost] => (item=mclovin)
changed: [localhost -> localhost] => (item=don-cazzo)
changed: [localhost -> localhost] => (item=spanish-harlan)
TASK [vpn : Build the client's p12] **************************************************************************************************************************
changed: [localhost -> localhost] => (item=earl)
changed: [localhost -> localhost] => (item=mclovin)
changed: [localhost -> localhost] => (item=don-cazzo)
changed: [localhost -> localhost] => (item=spanish-harlan)
TASK [vpn : Copy the p12 certificates] ***********************************************************************************************************************
changed: [localhost -> localhost] => (item=earl)
changed: [localhost -> localhost] => (item=mclovin)
changed: [localhost -> localhost] => (item=don-cazzo)
changed: [localhost -> localhost] => (item=spanish-harlan)
TASK [vpn : Get active users] ********************************************************************************************************************************
changed: [localhost -> localhost]
TASK [vpn : Revoke non-existing users] ***********************************************************************************************************************
skipping: [localhost] => (item=earl)
skipping: [localhost] => (item=mclovin)
skipping: [localhost] => (item=don-cazzo)
skipping: [localhost] => (item=spanish-harlan)
TASK [vpn : Genereate new CRL file] **************************************************************************************************************************
skipping: [localhost]
TASK [vpn : Copy the CRL to the vpn server] ******************************************************************************************************************
skipping: [localhost]
TASK [vpn : include_tasks] ***********************************************************************************************************************************
included: /root/algo/roles/vpn/tasks/distribute_keys.yml for localhost
TASK [vpn : Copy the keys to the strongswan directory] *******************************************************************************************************
changed: [localhost] => (item={u'dest': u'/etc/ipsec.d/cacerts/ca.crt', u'src': u'configs/XXX.XXX.XX.XXX/pki/cacert.pem', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.d/certs/XXX.XXX.XX.XXX.crt', u'src': u'configs/XXX.XXX.XX.XXX/pki/certs/XXX.XXX.XX.XXX.crt', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.d/private/XXX.XXX.XX.XXX.key', u'src': u'configs/XXX.XXX.XX.XXX/pki/private/XXX.XXX.XX.XXX.key', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
TASK [vpn : include_tasks] ***********************************************************************************************************************************
included: /root/algo/roles/vpn/tasks/client_configs.yml for localhost
TASK [vpn : Register p12 PayloadContent] *********************************************************************************************************************
changed: [localhost -> localhost] => (item=earl)
changed: [localhost -> localhost] => (item=mclovin)
changed: [localhost -> localhost] => (item=don-cazzo)
changed: [localhost -> localhost] => (item=spanish-harlan)
TASK [vpn : Set facts for mobileconfigs] *********************************************************************************************************************
ok: [localhost -> localhost]
TASK [vpn : Build the mobileconfigs] *************************************************************************************************************************
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)
TASK [vpn : Build the strongswan app android config] *********************************************************************************************************
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)
TASK [vpn : Build the android helper html] *******************************************************************************************************************
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)
changed: [localhost] => (item=None)
TASK [vpn : Build the client ipsec config file] **************************************************************************************************************
changed: [localhost -> localhost] => (item=earl)
changed: [localhost -> localhost] => (item=mclovin)
changed: [localhost -> localhost] => (item=don-cazzo)
changed: [localhost -> localhost] => (item=spanish-harlan)
TASK [vpn : Build the client ipsec secret file] **************************************************************************************************************
changed: [localhost -> localhost] => (item=earl)
changed: [localhost -> localhost] => (item=mclovin)
changed: [localhost -> localhost] => (item=don-cazzo)
changed: [localhost -> localhost] => (item=spanish-harlan)
TASK [vpn : Create the windows check file] *******************************************************************************************************************
skipping: [localhost]
TASK [vpn : Check if the windows check file exists] **********************************************************************************************************
ok: [localhost -> localhost]
TASK [vpn : Build the windows client powershell script] ******************************************************************************************************
skipping: [localhost] => <CERTS REDACTED>
TASK [vpn : Restrict permissions for the local private directories] ******************************************************************************************
changed: [localhost -> localhost] => (item=configs/XXX.XXX.XX.XXX)
RUNNING HANDLER [dns_adblocking : restart apparmor] **********************************************************************************************************
changed: [localhost]
RUNNING HANDLER [ssh_tunneling : restart ssh] ****************************************************************************************************************
changed: [localhost]
RUNNING HANDLER [vpn : restart strongswan] *******************************************************************************************************************
changed: [localhost]
RUNNING HANDLER [vpn : daemon-reload] ************************************************************************************************************************
changed: [localhost]
RUNNING HANDLER [vpn : restart iptables] *********************************************************************************************************************
changed: [localhost]
TASK [vpn : strongSwan started] ******************************************************************************************************************************
ok: [localhost]
TASK [debug] *************************************************************************************************************************************************
ok: [localhost] => {
"msg": [
[
"\"# Congratulations! #\"",
"\"# Your Algo server is running. #\"",
"\"# Config files and certificates are in the ./configs/ directory. #\"",
"\"# Go to https://whoer.net/ after connecting #\"",
"\"# and ensure that all your traffic passes through the VPN. #\"",
"\"# Local DNS resolver 172.16.0.1 #\"",
""
],
" \"# The p12 and SSH keys password for new users is REDACTED #\"\n",
" \"# The CA key password is REDACTED #\"\n",
" "
]
}
TASK [Delete the CA key] *************************************************************************************************************************************
skipping: [localhost]
PLAY RECAP ***************************************************************************************************************************************************
localhost : ok=117 changed=80 unreachable=0 failed=0
OS / Environment (where do you run Algo on)
Cloud Provider (where do you deploy Algo to)
Summary of the problem
I can connect only once (in total, not per device) to the VPN server (from iOS 11.3.1), but there is no connection to the Internet. All subsequent attempts to connect to the algo server fail. Rebooting doesn't help.
NOTE: I have successfully deployed algo to the same VPS before and all tested client devices can connect without issue to another algo server I have.
Steps to reproduce the behavior
Full log