notthebee / ansible-easy-vpn Goto Github PK

An Ansible playbook that sets up a Wireguard server with ad blocking, DNS-over-HTTPS, and a WebUI with 2FA

License: Other

Shell 50.36% Jinja 24.92% Dockerfile 8.85% Python 15.88%

2fa adguard ansible authelia ubuntu vpn wireguard

ansible-easy-vpn's Introduction

Hi! My name is Wolfgang and I do a lot of DevOps and Ansible stuff (IaC, roles, playbooks, Docker, etc.).

My biggest project is the home server Ansible playbook, which is supposed to set up my entire homelab infrastructure from scratch, but is rewritten too often to be of any use 😁

I also maintain ansible-easy-vpn, which lets you set up a Wireguard server with reasonable security and 2FA from scratch on a cloud VM of your choice.

I also have a YouTube channel where I make videos about technology, home servers, self-hosting and other stuff.

You can follow me on Mastodon or support my projects on Patreon

ansible-easy-vpn's People

Contributors

Stargazers

Watchers

Forkers

px44b9rx9050 wolfakiss omodaka9375 dandleon cancel-cloud lwliq tymoxa indritix propheta gorveenn crleekwc mehmetsinc mrakoplas-sk flash170 dm9tr0 githuan ballpumpe devops-ua matomoj jmfer1 idris3396 0x0645 girishmahabir in2gee affinityv cifer-sudo smessages marcheiden thowaah akvilonz ictus4u torainodor crabix kfmdmn tazimrbk wilbernight arsaces7 matin-nmv mateuxlucax dynimighti gustavdias kyurishin heangratha 6d617274696e73 dnlrsr o3t1w bilalinamdar automationkit venikx eg1424 rollin-cat aminaramoon tlpbu nelsonkrisanto franciscomsilva nikitenich jasmohee magicjf tosunkaya irishgordo raymow97 keystroke3 shoefap binod0233 dashmage akashbkochure jstock524 waseem-iqbal ricardovcore rishodev egarim jxkhn cryptospider simpsonnth palilulac monfanfu js98947 ivanskodje reno1314 skbaji6 flavio-fernandes zvyzu avert yagee aaron-imbrock marauderin sf-cinema macduff23 sys-fail reda2200 vietnguyengit vpeopleonatank gokulkannant the-o-man futuretea ngonkalves vpiskunou idgeorge blondeliste djonko

ansible-easy-vpn's Issues

Email Address?

Good afternoon,

Just discovered this, set up a VPS, went through the process and I am now at the Authelia login screen. I set up email to send via Mailgun, so I entered all of the credentials when asked, but at no time did it ask me for my (a recipient) email address. So when I click register device on the Authelia screen, it says it sends an email, but I am not sure to where.

And since I added email crews, the show_2fa command shows a "file not found" type error.

Any ideas? Or just rebuild the whole thing without email?

Syntax error while loading YAML

this is just me following the tutorial and while running the playbook it gives me the error below:

any solution? thanks in advance

Debian Support

Hello,

I use Debian on most of my servers and this playbook runs quite well without many modifications.
So I decided to add Debian's support to it.

I will try to fork and work on it,

Kind Regards,
Girish Mahabir

scp command issue

scp command end up in error

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED255xx key sent by the remote host is
SHA256:f+eYH81SoDsuAgdbSfnkTAQQeYkdY0UH+axUzUvhuvg.
Please contact your system administrator.
Add correct host key in /home/xxxxxxxxx/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/xxxxxxxxx/.ssh/known_hosts:7
Host key for xxxxxxxxxxxx has changed and you have requested strict checking.
Host key verification failed.
scp: Connection closed

add gui to existing wg instance

I already have wireguard server installed on debian 10

I tried to use this script and it failed (i disabled os check)

Here is error messages i got:

downloading role 'roles', owned by
[WARNING]: - roles was NOT installed successfully: Content has no field named 'owner'

ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

Error to run playhook


The error appears to be in '/root/ansible-easy-vpn/roles/ufw/tasks/main.yml': line 6, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Enable UFW logging
  ^ here

i use Linux Ubuntu 20.04 X86 64

Authelia container crashes "Failure running the storage provider startup check: the encryption key is not valid against the schema check value"

time="2022-07-23T14:38:26Z" level=info msg="Authelia v4.36.2 is starting"
time="2022-07-23T14:38:26Z" level=info msg="Log severity set to debug"
time="2022-07-23T14:38:26Z" level=info msg="Storage schema is being checked for updates"
time="2022-07-23T14:38:26Z" level=error msg="Failure running the storage provider startup check: the encryption key is not valid against the schema check value" stack="github.com/authelia/authelia/v4/internal/commands/root.go:149 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:77  cmdRootRun\ngithub.com/spf13/[email protected]/command.go:876                  (*Command).execute\ngithub.com/spf13/[email protected]/command.go:990                  (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:918                  (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10       main\nruntime/proc.go:250                                           main\nruntime/asm_amd64.s:1571                                      goexit"
time="2022-07-23T14:38:26Z" level=fatal msg="The following providers had fatal failures during startup: storage" stack="github.com/authelia/authelia/v4/internal/commands/root.go:177 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:77  cmdRootRun\ngithub.com/spf13/[email protected]/command.go:876                  (*Command).execute\ngithub.com/spf13/[email protected]/command.go:990                  (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:918                  (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10       main\nruntime/proc.go:250                                           main\nruntime/asm_amd64.s:1571                                      goexit"

Tried to generate new storage_encryption_key in secret.yml, still no luck.

Port forwarding

I have a web service running on a local machine. With my previous VPN provider I had it setup so that the nginx would translate external VPN provided ports to the local port. This allowed me to access this service from anywhere while my server was using the VPN. I have now switched to using this script (really awesome so far thanks for making this and the video tutorial) and would like to continue doing things in a similar way. I tried to set it up in a way I thought would work, but nginx doesn't like the bunkerweb docker container that is using ports 80 and 443 (not sure why). I have no need to override these ports, I just want my port forwarding to co-exist with them. I am not very familiar with docker, and haven't used bunkerweb before so I'm not sure of the fix myself.

no ssl certificates

Bunkerweb just stops after searching for the certificates.

[2022-07-24 15:07:13] ENTRYPOINT - ℹ️ - Generating configuration ...
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Generator started ...
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Settings : /opt/bunkerweb/settings.json
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Templates : /opt/bunkerweb/confs
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Core : /opt/bunkerweb/core
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Plugins : /opt/bunkerweb/plugins
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Output : /etc/nginx
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Target : /etc/nginx
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Variables : /tmp/variables.env
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Checking arguments ...
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Computing config ...
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Removing old files ...
[2022-07-24 15:07:13] GENERATOR - ℹ️ - Rendering templates ...
[2022-07-24 15:07:14] GENERATOR - ℹ️ - Generator successfully executed !
[2022-07-24 15:07:14] ENTRYPOINT - ℹ️ - Generator is successful
[2022-07-24 15:07:14] ENTRYPOINT - ℹ️ - Executing job scheduler ...
[2022-07-24 15:07:14] ENTRYPOINT - ℹ️ - Starting nginx ...
2022/07/24 15:07:14 [emerg] 50#50: cannot load certificate "/etc/letsencrypt/live/auth.autisten.party/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/auth.autisten.party/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/auth.autisten.party/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/auth.autisten.party/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
[2022-07-24 15:07:14] ENTRYPOINT - ℹ️ - BunkerWeb stopped

Error install

`TASK [authelia : Add a 2FA alias to .bashrc] ***************************************************************************
fatal: [localhost]: FAILED! => changed=false
msg: Path /home/root/.bashrc does not exist !
rc: 257

RUNNING HANDLER [fail2ban : Restart fail2ban] **************************************************************************

RUNNING HANDLER [restart authelia] *************************************************************************************

PLAY RECAP *************************************************************************************************************
localhost : ok=41 changed=24 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0

root@openvpnrusge:~#`
Shows this error and stops. Please tell me the reason for this error.
VPS KVM Ubuntu 20.04

Prompt not showing, SSH key is missing.

PS C:\Users\user> scp -P 22 [email protected]:/tmp/id_ssh_ed25519 ~/.ssh/id_vpn_user
~/.ssh/id_vpn_user: No such file or directory

task ssh failed

TASK [ssh : Update SSH configuration to be more secure] **************************************************************************************************
ok: [localhost] => (item={'regexp': '^PasswordAuthentication', 'line': 'PasswordAuthentication no'})
ok: [localhost] => (item={'regexp': '^PermitRootLogin', 'line': 'PermitRootLogin no'})
failed: [localhost] (item={'regexp': '^Port', 'line': 'Port 22'}) => changed=false
ansible_loop_var: item
item:
line: Port 22
regexp: ^Port
msg: |-
failed to validate: rc:255 error:/root/.ansible/tmp/ansible-tmp-1658779648.3071914-342945-79180311113602/tmpzfbob8dh line 135: Directive 'Port' is not allowed within a Match block
ok: [localhost] => (item={'regexp': '^PermitEmptyPasswords', 'line': 'PermitEmptyPasswords no'})
ok: [localhost] => (item={'regexp': '^X11Forwarding', 'line': 'X11Forwarding no'})
PLAY RECAP ***********************************************************************************************************************************************
localhost : ok=50 changed=8 unreachable=0 failed=1 skipped=14 rescued=0 ignored=0

ssh connection failed

after accessing authelia my ssh session just froze and after that i cannot login with ssh back it always show error like
ssh: connect to host 1xx.xxx.xxx.xxx port 22: Connection refused and im using digital ocean and i can only access it with new user that script made and i have to access it through web console from digital ocean itself

source .bashrc fails

RUNNING HANDLER [authelia : source .bashrc] ********************************************************************************************************************************************
fatal: [localhost]: FAILED! => changed=true 
  cmd: source $HOME/.bashrc
  delta: '0:00:00.006717'
  end: '2022-07-24 08:29:14.556962'
  msg: non-zero return code
  rc: 127
  start: '2022-07-24 08:29:14.550245'
  stderr: '/bin/sh: 1: source: not found'
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>

I believe it's from there: https://github.com/notthebee/ansible-easy-vpn/blob/main/roles/authelia/handlers/main.yml

Fails on Ubuntu 20.04 and 22.04 from Hetzner 🥲

I run the script first thing after I ssh'd into a server as root

Custom DNS Servers in wg-easy

How to use custom DNS servers with wg-easy?

I tried to add the WG_DEFAULT_DNS variable in the WireGuard task file but that change wasn't reflected when I ran the playbook.

I am new to Ansible. Is there a way to set custom DNS servers using the inventory.yml file?

I plan to use AdGuard DNS instead of the default 1.1.1.1.

Thanks!

Missing dependency for `dig`

The script should install dnsutils before using dig

bootstrap.sh: line 104: dig: command not found

Error while run playbook

root@somevps~/ansible-easy-vpn# ansible-playbook run.yml
Vault password:
ERROR! couldn't resolve module/action 'openssh_keypair'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '/root/ansible-easy-vpn/roles/ssh/tasks/main.yml': line 23, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

block:
- name: Generate an SSH key pair
^ here

tired #34 and weareinteractive/ansible-ufw#26 with no results

check your script apache2

Running certbot in dry-run mode to test the validity of the domain...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

apache is running on port 80 by default

AWS EC2 instance.

I have a Vultr VPS that I'm trying to use for this, but when it's time to setup the SSH keys it reads:

Looks like you're running this script on an AWS EC2 instance.
Please use the SSH keys defined in the Management Console to log in to the server after running the playbook.

After running the playbook:

Almost done! Make sure to test your SSH connection in a new terminal window:
ssh -p 22 [email protected] -i ~/.ssh/path-to-your-key

If I direct it to a key that I generated it fails and tries to connect with the password. I really have no idea what is happening...

The domain vpn.xxx.xxx.xxx does not resolve to the public IP

Domain name: vpn.xxx.xxx

The domain vpn.xxx,.xxx does not resolve to the public IP of this server (firewall ip)

Authelia fails to start?

I had run the script twice because of the password error I encountered in #4
After the first time failed, I deleted all docker containers and images and removed /root/ansible-easy-vpn

Now the wg subdomain shows 500 Internal Server Error

docker logs authelia shows

time="2022-07-23T14:42:18Z" level=info msg="Authelia v4.36.2 is starting"
time="2022-07-23T14:42:18Z" level=info msg="Log severity set to debug"
time="2022-07-23T14:42:19Z" level=info msg="Storage schema is being checked for updates"
time="2022-07-23T14:42:19Z" level=error msg="Failure running the storage provider startup check: the encryption key is not valid against the schema check value" stack="github.com/authelia/authelia/v4/internal/commands/root.go:149 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:77  cmdRootRun\ngithub.com/spf13/[email protected]/command.go:876                  (*Command).execute\ngithub.com/spf13/[email protected]/command.go:990                  (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:918                  (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10       main\nruntime/proc.go:250                                           main\nruntime/asm_amd64.s:1571                                      goexit"
time="2022-07-23T14:42:19Z" level=fatal msg="The following providers had fatal failures during startup: storage" stack="github.com/authelia/authelia/v4/internal/commands/root.go:177 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:77  cmdRootRun\ngithub.com/spf13/[email protected]/command.go:876                  (*Command).execute\ngithub.com/spf13/[email protected]/command.go:990                  (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:918                  (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10       main\nruntime/proc.go:250                                           main\nruntime/asm_amd64.s:1571

Can't access the internet after successful connection

I finished the setup process and my VPN instance is up, but I can't use the internet after the connection is active.
I am using AWS EC2
what I see on my PC browser

the connection on my phone

No Internet connection/DNS resolution despite successful connection

After a successful installation with your script on Ubuntu 22.04.1 LTS I created two clients within the Wireguard GUI.

I can connect with my iPhone (both LTE and WIFI) and my iMac (LAN) and it shows the green status "Active". Can't ping anything. Name resolution and internet access isn't working, so I watched into the wireguard logs and the handshake fails.

2022-09-23 20:36:28.444411: [APP] Tunnel 'iMac' connection status changed to 'disconnected'
2022-09-23 20:42:48.633826: [APP] startActivation: Entering (tunnel: iMac)
2022-09-23 20:42:48.634295: [APP] startActivation: Starting tunnel
2022-09-23 20:42:48.634512: [APP] startActivation: Success
2022-09-23 20:42:48.637437: [APP] Tunnel 'iMac' connection status changed to 'connecting'
2022-09-23 20:42:48.700214: [NET] App version: 1.0.15 (26)
2022-09-23 20:42:48.700361: [NET] Starting tunnel from the app
2022-09-23 20:42:53.437929: [NET] DNS64: mapped xxx.xxx.xxx.xxx to itself.
2022-09-23 20:42:53.438345: [NET] Attaching to interface
2022-09-23 20:42:53.438723: [NET] UAPI: Updating private key
2022-09-23 20:42:53.438757: [NET] Routine: handshake worker 1 - started
2022-09-23 20:42:53.438754: [NET] Routine: encryption worker 1 - started
2022-09-23 20:42:53.438822: [NET] Routine: decryption worker 1 - started
2022-09-23 20:42:53.438870: [NET] Routine: decryption worker 3 - started
2022-09-23 20:42:53.438870: [NET] UAPI: Removing all peers
2022-09-23 20:42:53.439027: [NET] Routine: decryption worker 2 - started
2022-09-23 20:42:53.439065: [NET] Routine: handshake worker 2 - started
2022-09-23 20:42:53.439082: [NET] Routine: event worker - started
2022-09-23 20:42:53.439111: [NET] Routine: decryption worker 4 - started
2022-09-23 20:42:53.439218: [NET] Routine: encryption worker 2 - started
2022-09-23 20:42:53.439218: [NET] Routine: encryption worker 3 - started
2022-09-23 20:42:53.439263: [NET] Routine: TUN reader - started
2022-09-23 20:42:53.439270: [NET] Routine: handshake worker 4 - started
2022-09-23 20:42:53.439282: [NET] Routine: handshake worker 3 - started
2022-09-23 20:42:53.439284: [NET] Routine: encryption worker 4 - started
2022-09-23 20:42:53.439499: [NET] peer(s42J…7r2g) - UAPI: Created
2022-09-23 20:42:53.439551: [NET] peer(s42J…7r2g) - UAPI: Updating preshared key
2022-09-23 20:42:53.439794: [NET] peer(s42J…7r2g) - UAPI: Updating endpoint
2022-09-23 20:42:53.439866: [NET] peer(s42J…7r2g) - UAPI: Updating persistent keepalive interval
2022-09-23 20:42:53.439914: [NET] peer(s42J…7r2g) - UAPI: Removing all allowedips
2022-09-23 20:42:53.440056: [NET] peer(s42J…7r2g) - UAPI: Adding allowedip
2022-09-23 20:42:53.440283: [NET] peer(s42J…7r2g) - UAPI: Adding allowedip
2022-09-23 20:42:53.440655: [NET] UDP bind has been updated
2022-09-23 20:42:53.440690: [NET] Routine: receive incoming v4 - started
2022-09-23 20:42:53.440694: [NET] Routine: receive incoming v6 - started
2022-09-23 20:42:53.440721: [NET] peer(s42J…7r2g) - Starting
2022-09-23 20:42:53.440976: [NET] peer(s42J…7r2g) - Routine: sequential sender - started
2022-09-23 20:42:53.440994: [NET] peer(s42J…7r2g) - Sending keepalive packet
2022-09-23 20:42:53.441008: [NET] peer(s42J…7r2g) - Routine: sequential receiver - started
2022-09-23 20:42:53.441235: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:42:53.441736: [NET] Interface state was Down, requested Up, now Up
2022-09-23 20:42:53.441781: [NET] Device started
2022-09-23 20:42:53.442110: [NET] Tunnel interface is utun5
2022-09-23 20:42:53.442599: [NET] Network change detected with satisfied route and interface order [en0]
2022-09-23 20:42:53.442699: [NET] Routine: receive incoming v4 - stopped
2022-09-23 20:42:53.442710: [NET] Routine: receive incoming v6 - stopped
2022-09-23 20:42:53.442899: [NET] UDP bind has been updated
2022-09-23 20:42:53.442955: [NET] Routine: receive incoming v6 - started
2022-09-23 20:42:53.442950: [NET] Routine: receive incoming v4 - started
2022-09-23 20:42:53.442986: [APP] Tunnel 'iMac' connection status changed to 'connected'
2022-09-23 20:42:53.634928: [APP] Status update notification timeout for tunnel 'iMac'. Tunnel status is now 'connected'.
2022-09-23 20:42:53.965138: [NET] Network change detected with satisfied route and interface order [en0, utun5]
2022-09-23 20:42:53.966270: [NET] Routine: receive incoming v4 - stopped
2022-09-23 20:42:53.966363: [NET] Routine: receive incoming v6 - stopped
2022-09-23 20:42:53.966671: [NET] UDP bind has been updated
2022-09-23 20:42:53.967766: [NET] Routine: receive incoming v4 - started
2022-09-23 20:42:53.967782: [NET] Routine: receive incoming v6 - started
2022-09-23 20:42:58.711957: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-09-23 20:42:58.712094: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:03.867102: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:09.149057: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-09-23 20:43:09.149155: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:14.327341: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-09-23 20:43:14.327505: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:19.580501: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-09-23 20:43:19.580604: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:24.905957: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-09-23 20:43:24.906035: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:29.987005: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-09-23 20:43:29.987111: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:35.292405: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-09-23 20:43:35.292483: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:40.433423: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-09-23 20:43:40.433538: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:45.575580: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 3)
2022-09-23 20:43:45.575689: [NET] peer(s42J…7r2g) - Sending handshake initiation
2022-09-23 20:43:50.867591: [NET] peer(s42J…7r2g) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-09-23 20:43:50.867657: [NET] peer(s42J…7r2g) - Sending handshake initiation

There is "Data sent", but no "Data received".

Invalid SMTP server

Looks like AWS SMTP servers are not supported.
When entering this SMTP server "email-smtp.us-east-1.amazonaws.com" it oputputs "Invalid SMTP server".
I tested this SMTP server on "https://www.gmass.co/smtp-test" and delivers without problems.

Error while installation

I have a problem with the installation of the script. When i run the script everything is alright, until i run the playbook. After some time this massage appears in my terminal

fatal: [localhost]: FAILED! => changed=false
msg: Failed to import the required Python library (cryptography >= 3.0) on localhost's Python /usr/bin/python3. This is required to load/dump private keys in the default OpenSSH format for OpenSSH >= 7.8 or for ed25519 keys. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter

OS: Ubuntu Server 20.04 LTS

https not arrivable

The installation went well. But i cannot connect to website to download my VPN config

enable port forwarding

i'm curious how to enable port forwarding with this set up in order to be fully connectable.
i tried following the instructions here without any luck. perhaps something to do with the containerization involved in this playbook. i don't have any experience with docker, so i might have overlooked something very fundamental.

install error

After 2 days trying to get this running now again i get errors thrown out. EDIT: running as root by the way

This time it seems like a scripting error or so i believe it to be:

TASK [system : Create a login user] ************************************************************************************************************************************************
fatal: [localhost]: FAILED! =>
msg: 'Unexpected templating type error occurred on ({{ user_password | password_hash(''sha512'') }}): secret must be unicode or bytes, not int'

~/.ssh/id_vpn_disabled: No such file or directory

I'm using windows 11, vps is ubuntu 20.4.1. Keep running to the same problem and stuck at https://youtu.be/SMF301vQqJo?t=451.

AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Hi Wolfgang,

unfortunately the script ends with an error on Ubuntu 20.04.

RUNNING HANDLER [authelia : source .bashrc] ***************************************************************************************************************************************************
changed: [localhost]

RUNNING HANDLER [restart authelia] ************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
fatal: [localhost]: FAILED! => changed=false 
  module_stderr: |-
    Traceback (most recent call last):
      File "/root/.ansible/tmp/ansible-tmp-1663928329.0292609-20090-274140630868157/AnsiballZ_docker_container.py", line 107, in <module>
        _ansiballz_main()
      File "/root/.ansible/tmp/ansible-tmp-1663928329.0292609-20090-274140630868157/AnsiballZ_docker_container.py", line 99, in _ansiballz_main
        invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
      File "/root/.ansible/tmp/ansible-tmp-1663928329.0292609-20090-274140630868157/AnsiballZ_docker_container.py", line 47, in invoke_module
        runpy.run_module(mod_name='ansible_collections.community.docker.plugins.modules.docker_container', init_globals=dict(_module_fqn='ansible_collections.community.docker.plugins.modules.docker_container', _modlib_path=modlib_path),
      File "/usr/lib/python3.8/runpy.py", line 207, in run_module
        return _run_module_code(code, init_globals, run_name, mod_spec)
      File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code
        _run_code(code, mod_globals, init_globals,
      File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
        exec(code, run_globals)
      File "/tmp/ansible_docker_container_payload_5bl_ouhh/ansible_docker_container_payload.zip/ansible_collections/community/docker/plugins/modules/docker_container.py", line 1233, in <module>
      File "<frozen importlib._bootstrap>", line 991, in _find_and_load
      File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
      File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
      File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
      File "<frozen zipimport>", line 259, in load_module
      File "/tmp/ansible_docker_container_payload_5bl_ouhh/ansible_docker_container_payload.zip/ansible_collections/community/docker/plugins/module_utils/module_container/docker_api.py", line 15, in <module>
      File "<frozen importlib._bootstrap>", line 991, in _find_and_load
      File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
      File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
      File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
      File "<frozen zipimport>", line 259, in load_module
      File "/tmp/ansible_docker_container_payload_5bl_ouhh/ansible_docker_container_payload.zip/ansible_collections/community/docker/plugins/module_utils/common_api.py", line 23, in <module>
      File "/usr/lib/python3/dist-packages/requests/__init__.py", line 95, in <module>
        from urllib3.contrib import pyopenssl
      File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 46, in <module>
        import OpenSSL.SSL
      File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module>
        from OpenSSL import crypto, SSL
      File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1553, in <module>
        class X509StoreFlags(object):
      File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1573, in X509StoreFlags
        CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
    AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error
  rc: 1

NO MORE HOSTS LEFT ****************************************************************************************************************************************************************************

PLAY RECAP ************************************************************************************************************************************************************************************
localhost                  : ok=58   changed=36   unreachable=0    failed=1    skipped=16   rescued=0    ignored=0   

root@localhost:~# show_2fa
show_2fa: command not found

It's a freshly installed Ionos VPS with Ubuntu 20.04. When running the script there is also an error to see before the "Welcome to Ansible Easy VPN"-screen:

# wget https://raw.githubusercontent.com/notthebee/ansible-easy-vpn/main/bootstrap.sh -O bootstrap.sh && bash bootstrap.sh
--2022-09-23 12:28:18--  https://raw.githubusercontent.com/notthebee/ansible-easy-vpn/main/bootstrap.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.108.133, 185.199.110.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8688 (8.5K) [text/plain]
Saving to: ‘bootstrap.sh’

bootstrap.sh                                             100%[=================================================================================================================================>]   8.48K  --.-KB/s    in 0s      

2022-09-23 12:28:18 (52.5 MB/s) - ‘bootstrap.sh’ saved [8688/8688]

Hit:1 https://download.docker.com/linux/ubuntu focal InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:4 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:5 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
python3 is already the newest version (3.8.2-0ubuntu2).
python3-bcrypt is already the newest version (3.1.7-2ubuntu1).
python3-passlib is already the newest version (1.7.2-1).
python3-setuptools is already the newest version (45.2.0-1).
aptitude is already the newest version (0.8.12-1ubuntu4).
python3-wheel is already the newest version (0.34.2-1).
curl is already the newest version (7.68.0-1ubuntu2.13).
git is already the newest version (1:2.25.1-1ubuntu3.5).
python3-apt is already the newest version (2.0.0ubuntu0.20.04.8).
software-properties-common is already the newest version (0.99.9.8).
certbot is already the newest version (0.40.0-1ubuntu0.1).
dnsutils is already the newest version (1:9.16.1-0ubuntu2.11).
python3-pip is already the newest version (20.0.2-5ubuntu1.6).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Traceback (most recent call last):
  File "/usr/bin/pip3", line 11, in <module>
    load_entry_point('pip==20.0.2', 'console_scripts', 'pip3')()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 490, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2854, in load_entry_point
    return ep.load()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2445, in load
    return self.resolve()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2451, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python3/dist-packages/pip/_internal/cli/main.py", line 10, in <module>
    from pip._internal.cli.autocompletion import autocomplete
  File "/usr/lib/python3/dist-packages/pip/_internal/cli/autocompletion.py", line 9, in <module>
    from pip._internal.cli.main_parser import create_main_parser
  File "/usr/lib/python3/dist-packages/pip/_internal/cli/main_parser.py", line 7, in <module>
    from pip._internal.cli import cmdoptions
  File "/usr/lib/python3/dist-packages/pip/_internal/cli/cmdoptions.py", line 24, in <module>
    from pip._internal.exceptions import CommandError
  File "/usr/lib/python3/dist-packages/pip/_internal/exceptions.py", line 10, in <module>
    from pip._vendor.six import iteritems
  File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 65, in <module>
    vendored("cachecontrol")
  File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 36, in vendored
    __import__(modulename, globals(), locals(), level=0)
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/usr/share/python-wheels/CacheControl-0.12.6-py2.py3-none-any.whl/cachecontrol/__init__.py", line 9, in <module>
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/usr/share/python-wheels/CacheControl-0.12.6-py2.py3-none-any.whl/cachecontrol/wrapper.py", line 1, in <module>
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/usr/share/python-wheels/CacheControl-0.12.6-py2.py3-none-any.whl/cachecontrol/adapter.py", line 5, in <module>
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/usr/share/python-wheels/requests-2.22.0-py2.py3-none-any.whl/requests/__init__.py", line 95, in <module>
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/usr/share/python-wheels/urllib3-1.25.8-py2.py3-none-any.whl/urllib3/contrib/pyopenssl.py", line 46, in <module>
  File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1553, in <module>
    class X509StoreFlags(object):
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1573, in X509StoreFlags
    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
^CTraceback (most recent call last):
  File "/usr/local/bin/ansible-galaxy", line 5, in <module>
    from ansible.cli.galaxy import main
  File "/usr/local/lib/python3.8/dist-packages/ansible/cli/__init__.py", line 52, in <module>
    from ansible.inventory.manager import InventoryManager
  File "/usr/local/lib/python3.8/dist-packages/ansible/inventory/manager.py", line 39, in <module>
    from ansible.utils.helpers import deduplicate_list
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 914, in _find_spec
  File "/usr/local/lib/python3.8/dist-packages/ansible/utils/collection_loader/_collection_finder.py", line 240, in find_spec
    loader = self._get_loader(fullname, path)
  File "/usr/local/lib/python3.8/dist-packages/ansible/utils/collection_loader/_collection_finder.py", line 230, in _get_loader
    return initialize_loader(fullname=fullname, path_list=path)
  File "/usr/local/lib/python3.8/dist-packages/ansible/utils/collection_loader/_collection_finder.py", line 742, in __init__
    builtin_meta = _get_collection_metadata('ansible.builtin')
  File "/usr/local/lib/python3.8/dist-packages/ansible/utils/collection_loader/_collection_finder.py", line 1140, in _get_collection_metadata
    collection_pkg = import_module('ansible_collections.' + collection_name)
  File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "/usr/local/lib/python3.8/dist-packages/ansible/utils/collection_loader/_collection_finder.py", line 632, in exec_module
    self._load_module(module)
  File "/usr/local/lib/python3.8/dist-packages/ansible/utils/collection_loader/_collection_finder.py", line 621, in _load_module
    routing_dict = _meta_yml_to_dict(raw_routing, (collection_name, 'runtime.yml'))
  File "/usr/local/lib/python3.8/dist-packages/ansible/utils/collection_loader/_collection_meta.py", line 27, in _meta_yml_to_dict
    routing_dict = yaml_load(yaml_string_data)
  File "/usr/lib/python3/dist-packages/yaml/__init__.py", line 114, in load
    return loader.get_single_data()
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 49, in get_single_data
    node = self.get_single_node()
  File "ext/_yaml.pyx", line 707, in _yaml.CParser.get_single_node
  File "ext/_yaml.pyx", line 725, in _yaml.CParser._compose_document
  File "ext/_yaml.pyx", line 776, in _yaml.CParser._compose_node
  File "ext/_yaml.pyx", line 890, in _yaml.CParser._compose_mapping_node
  File "ext/_yaml.pyx", line 776, in _yaml.CParser._compose_node
  File "ext/_yaml.pyx", line 890, in _yaml.CParser._compose_mapping_node
  File "ext/_yaml.pyx", line 776, in _yaml.CParser._compose_node
  File "ext/_yaml.pyx", line 890, in _yaml.CParser._compose_mapping_node
  File "ext/_yaml.pyx", line 776, in _yaml.CParser._compose_node
  File "ext/_yaml.pyx", line 883, in _yaml.CParser._compose_mapping_node

Any idea? Maybe an openssl version issue?

Install on Debian

Hey,

Does the script work on Debian(-based) systems as well? I want to run this on my own server for accessing my own network from outside without having to spin up a Ubuntu VM (because of server resources).

Cheers!

Authelia and Bunkerweb not starting

this happens after running the playbook

Installation error on Oracle Ampere A1 VM Instances (with Fix)

Hi,

I tried running the playbook on an Oracle Cloud Ampere A1 (arm) VM instance running Ubuntu 22.04 and it gave the following error:

This is due to the repo_arch variable not being set (skipped) as your task only accounts for situations where the env variable "ansible_architecture" is "amd64" or "arm64". However, the Oracle arm VM has the "ansible_architecture" value of "aarch64" when i run ansible -m setup localhost.

I managed to get it to run by adding another section in ./roles/docker/tasks/main.yml as shown:

Thank you and I look forward to your reply :)

The wireguard webpage doesn't work with Brave/Librewolf

I don't know if this is considered as an issue but I had to report, so others won't be confused if this happens.

I tried to run the webpage after the playbook.
The auth part runs fine (on brave had to disable shields).
But after that, it was only possible to proceed to wireguard page with firefox.

It looks like a bug (infinite loop) on the redirect from the auth part to the wireguard webpage.

More details: It didn't auto-redirected me to the wg webpage and kept me on the auth page so I had to do it manually.
Even when the flag to redirect was on the browser it just didn't happen and I had to do it manually, and still doesn't work, keeps refreshing.

issue.mp4

Now I recorded my screen and I'll be sharing with you guys what happens for more details.

This problem could be observed in brave-bin(aur)/librewolf(aur) on arch.
I haven't tested if this occurs in other systems but I think it could be happening on them too.

So I recomend not using these browsers when setting up the things for this vpn, and using firefox instead.
Hope this helps someone.

Edit: after re-testing librewolf is now normalized and working fine. Brave is still not working.

'-' in domain name characters

Loving your work, just a suggestion that we can add '-' in here:
echo "Enter your domain name"
echo "The domain name should already resolve to the IP address of your server"
echo
read -p "Domain name: " root_host
until [[ "$root_host" =~ ^[a-z0-9.]*$ ]]; do
echo "Invalid domain name"
read -p "Domain name: " root_host
done

Error I got:
Enter your domain name
The domain name should already resolve to the IP address of your server

Domain name: ab-cd-xyz.duckdns.org
Invalid domain name

DuckDNS accepts below characters:
error: invalid domain entered, valid characters are : A-Z, 0-9, -

Bunkerweb 403 error

i ran the plabook without trouble.

but entering wg.XXX.duckdns.org it show a "Forbidden 403" error.

The "docker log bunkerweb" show the following error message

2022/08/13 13:26:33 [error] 81#81: *18 directory index of "/opt/bunkerweb/www/" is forbidden, client: 12.34.567.899, server: www.example.com, request: "GET / HTTP/1.1", host: "wg.XXXXX.duckdns.org"

It might reference to the other issue.
#2

show_2fa returns no output

hey there,

after running the playbook on an Ubuntu 20.04 server show_2fa returns no output at all. no link or error message.

bootstrap.sh: line 104: dig: command not found

Need to install dig using the below command:

apt-get install dnsutils

error when running playbook

the bootstrap script runs all fine. when the playbook is starting i get the following error

_### ERROR! couldn't resolve module/action 'docker_network'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '/home/anfisc/ansible-easy-vpn/roles/docker/tasks/main.yml': line 80, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

name: Create the wg network
^ here_

Same issue when using root and with sudo user.
i use Linux Ubuntu 20.04 X86 64 Minimal Latest V2

do i need another version of ubuntu ?

Vault format error

[WARNING]: There was a vault format error in /root/ansible-easy-vpn/secret.yml: Vault format unhexlify error: Odd-length string ERROR! Vault format unhexlify error: Odd-length string

Maybe because there are special characters in the password. It complained about "Character . sequence" or something like that on vault creation before.

Detect too long PW early

I've tried to set this up with a password longer than 72 characters, and it failed to generate the SSH key.
It said something like "more than 72 bytes for OpenSSH keys are not supported" (Forgot to copy the exact error)

I think it should detect this earlier in the script

error while installation

i got this error whlie installation
ERROR! The requirements file '/root/ansible-easy-vpn/requirements.yml' does not exist.

email config

I entered wrong SMTP credentials , and I don't know how to fix this.
now I'm getting error 500 as you said , can you guide me

Error when generating inventory

This happens when I try to create a user.
Output:

Welcome to ansible-easy-vpn!

This script is interactive
If you prefer to fill in the inventory.yml file manually,
press [Ctrl+C] to quit this script

Enter your desired UNIX username
Username: vpn
sed: can't read /root/ansible-easy-vpn/inventory.yml: No such file or directory
root@personal:/home/ubuntu#

Adguard and Unbound support

Hi, not really an issue but a question.

I am struggilng to complement this vps with adguard & unbound.

Are there plans to implement this features or I should try harder?

thxs!

Command not found

I haven't set up an email, on the part where you set up 2fa but I am getting the "show_2fa: command not found" error.

Connect to aws ec2 but no internet connection

I tried aws free tire. Everything works like in the video but no internet connection when I try connect. I tried with windows and iphone. Let me know if you need additional log.

playbook not running

Would you like to run the playbook now? [y/N]: y
Vault password:
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

Syntax Error while loading YAML.
did not find expected key

The error appears to be in '/root/ansible-easy-vpn/secret.yml': line 1, column 29, but may
be elsewhere in the file depending on the exact syntax problem.

http not loading

Hi Wolfgang,

so far finally got everything working except the WG WebUI.
When i enter the http address provided after the installation i get Server not found as result.

SSH over terminal and Remmina is working perfectly.

Is there another way over cli to create QR codes and WG conf files to further test the functionality of the WG server?

Issue with certbot when using aws ec2's

Hey love this project

I tried setting this up using a AWS ec2 but when I get to the stage of verifying the domain it shows the error:

I'm guessing it's a setting AWS tweaked that's stopping this from working, any ideas?