-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
关于VPS 一直卡在这里 #121
Comments
请确认这几点是符合的
并且 |
是一样的哦。 |
是不是不支持32位的? |
更大的可能是这一条没有。 你先暂停一下 nginx / apache 或其他占据了443 端口的程序。
|
ocserv 这个是不是也会占用 443 端口的 |
有可能, 先暂停一下。 |
我想在VPN.yml 添加 OPENVPN 跟 Let’s Encrypt Subscriber Agreement 应该怎么写才对?
- openvpn
|
这样对吗?批量执行的话? |
应该可以吧。 |
TASK: [thefinn93.letsencrypt | Attempt to get the certificate using the webroot authenticator] *** |
这是什么意思呀 |
letsencryt 有两个模式 一个 webroot , 另外一个是 standalone , 一个失败了, 就尝试第二个。 |
ASK: [thefinn93.letsencrypt | Attempt to get the certificate using the standalone authenticator (in case eg the webserver isn't running yet)] *** 一直卡着 |
你确认域名 已经指向这台服务器的IP了吗?
应该是显示你服务器的IP 。 另外如果的你的主机名没有设成正确的domain , 你可能需要需要设置 letsencrypt_email 为你的email.
|
都是设置好了的。 |
letsencryt_email: "[email protected]"
|
ansible-playbook 命令行加入 -vvv 参数看看卡住的时候执行的命令是什么。 然后你可以尝试手工改去服务器执行对应的命令看看。 |
<50.117.73.250> EXEC sshpass -d8 ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/nokidc/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=22 -o IdentityFile="/home/nokidc/.ssh/some_key" -o GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=root -o ConnectTimeout=10 50.117.73.250 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1451985794.72-196916789198052 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1451985794.72-196916789198052 && echo $HOME/.ansible/tmp/ansible-tmp-1451985794.72-196916789198052' |
有没有完整一点的日志, 你的命令是怎么敲的? |
host_vars/saiweivpn.yml ansible-playbook ipsec-lte.yml -l saiweivpn -vvvv 执行的。 |
应该是你 这个拼错了。 应该是 letsencrypt_email , 少了一个 p, 所以 程序在让你输入 email, 然后就卡住了。 |
似乎我的教程里面也写错了。去改一下。 |
: [saiweivpn] => {'msg': 'AnsibleError: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: Failed to template {{ radius_servers }}: Failed to template {{ l2tp_radius_servers }}: |
最后一步,报错了。 |
你好,我想问下,这个域名是不是跟机器是绑定的,比如我复制了这个机器到换了一个IP,在用别的域名,是不是可以一样的连接? |
你设置一下 l2tp_radius_servers 这个变量呗。 |
生成的证书是和域名绑定的。 用别的域名, 要重新申请新的域名的证书。 |
openconnect 关于这个我应该怎么停止服务,在/etc/init.d 并没有找到这个。 |
这个是用 supervisor 跑的
重新启动
|
Setup IKEv2 VPN Server with SSL Certs from Let's Encrypt 这个你貌似有个地方写错误。 ipsec-lte.yml 这个里面有一个 radius_servers: "{{ l2tp_radius_servers }}" 导致错误 |
Setup IKEv2 VPN Server with SSL Certs from Let's Encrypt 这个安装好后,需要把证书在下载吗? |
可以下载, 作为一个备份。 可以把 /etc/letsencrypt 整个目录备份。 |
我的意思是windows 是不是必须导入证书才能连接。 |
现在直接用域名连接也是无法 连接上,提示身份验证凭证不可接受 |
我测试过是不需要的。 不过我是 window 7 , 你是window 什么版本? |
另外服务器端
显示的是什么? |
altNames: v.1xiaoshivpn.org |
我换个win7的机器测试也是这样的 |
v.1xiaoshivpn.org faa2143 faa2143 您可以测试下看看的 |
你是radius 还是非radius 模式? |
radius 的, 会不会跟系统的关系,因为我用的debian7.0 |
我去测试一下 debian 7.0 |
xauth-radius 会不会跟这个有关系? 我的认证貌似必须这个才能认证上,如果改成默认的就是691错误貌似可以过证书 |
这个我就没办法验证, 我使用的 freeradius 的模式是 eap-radius . |
一个别人写的RADIUS |
windos 系统上用的 |
请问证书是生成在哪个地方的? 我直接下载证书导入测试下 |
see https://github.com/ftao/vpn-deploy-playbook/blob/master/roles/strongswan/tasks/sync_cert.yml server cert /etc/ipsec.d/certs/server_cert.pem |
[thefinn93.letsencrypt | Attempt to get the certificate using the webroot authenticator] ***
The text was updated successfully, but these errors were encountered: