Streisand: URGENT Failed installation at "Add the official OpenVPN APT key"

Created on 27 Jul 2020  路  14Comments  路  Source: StreisandEffect/streisand

Expected behavior:

Pass the Add the official OpenVPN APT key step

Actual Behavior:

Fails at the step

Steps to Reproduce:

  1. Create 1 core Ubuntu 16.04 machine on DigitalOcean
  2. apt update && apt upgrade -y && reboot
  3. ssh-keygen (the script fails when a key not found on the machine)
  4. Follow the official installation steps
  5. Start streisand and select 7. No customization on the configuration. No domain submitted.)
  6. The script fails at Add the official OpenVPN APT key step

I've also tried against a newly generated machine through the Existing machine option. The bug is still there. Probably applies all the provisioning options.

Here is the ANSIBLE_DEBUG=True log of the failure; https://www.pastebin.com/1ba9q0DE

Ansible Information

  • Ansible version: 2.8.4
  • Ansible system: Linux
  • Host OS: Ubuntu
  • Host OS version: 16.04
  • Python interpreter: /usr/bin/python
  • Python version: 2.7.12

Streisand Information

  • Streisand Git revision: af5eb7dac157a2416ea64cba96cf32f7f505d9ff
  • Streisand Git clone has untracked changes: no
  • Genesis role: localhost
  • Custom SSH key: False

Enabled Roles

  • Shadowsocks enabled: True
  • Wireguard enabled: True
  • OpenVPN enabled: True
  • stunnel enabled: True
  • Tor enabled: False
  • Openconnect enabled: True
  • TinyProxy enabled: True
  • SSH forward user enabled: True
  • Configured number of VPN clients: 10

Most helpful comment

Facing the same issue .

All 14 comments

It seems OpenVPN key and repository address has changed. Trying to test with the new repo. I'll PR the fix if it's valid ASAP.

Do we know what the difference is between the instructions on Access Server Software Packages:

bash apt update && apt -y install ca-certificates wget net-tools gnupg wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add - echo "deb [arch=amd64] http://as-repository.openvpn.net/as/debian xenial main">/etc/apt/sources.list.d/openvpn-as-repo.list apt update && apt -y install openvpn-as

and the instructions on OpenvpnSoftwareRepos?:

$ sudo -s
$ wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
$ echo "deb http://build.openvpn.net/debian/openvpn/<version> <osrelease> main" > /etc/apt/sources.list.d/openvpn-aptrepo.list

Which key + repo URL is the one that Streisand needs?

See #866 for the last time this happened.

@noelleleigh That repository has 2.3.x for the xenial. That's a big problem since 2.3.x doesn't support fully TLS stuff. I've tried to inform the build repository admin about the expired key.

@noelleleigh That repository has 2.3.x for the xenial. That's a big problem since 2.3.x doesn't support fully TLS stuff.

So do both repos contain the same packages, just with different versions?

I think so. But I don't know their differences exactly other than versions.

I've noticed that as-repository OpenVPN package named as openvpn-as. But it seems the package uses a totally different configuration and service names etc.

No luck so far.

I've reported to the bug to thier Trac; https://community.openvpn.net/openvpn/ticket/1309

1796 is waiting to be merged. I've just changed the key and looks good now.

any update on this?

Facing the same issue .

Just hit it too.

same

one more

Hello everyone! I fixed this issue like this :
`curl -s https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -

echo "deb http://build.openvpn.net/debian/openvpn/stable xenial main" > /etc/apt/sources.list.d/openvpn-aptrepo.list

apt update`

Was this page helpful?
0 / 5 - 0 ratings

Related issues

juneyao picture juneyao  路  6Comments

NightMachinary picture NightMachinary  路  5Comments

damko picture damko  路  5Comments

alphazo picture alphazo  路  5Comments

markwyner picture markwyner  路  3Comments