Also I have infinity loading at https://remotedesktop.google.com/access
System Ubuntu 20.04
(zh;sd h;fghdfghidfzghuid ghfdh pugzpoum ifdioug(for edit)
Logs:
Feb 19 09:41:01 instance-20210501-1727 chrome-remote-desktop[1927244]: [0219/094101.848763:INFO:chromoting_host.cc(108)] Starting host
Feb 19 09:41:01 instance-20210501-1727 chrome-remote-desktop[1927244]: [0219/094101.851095:INFO:remoting_me2me_host.cc(1137)] Policy sets host domains:
Feb 19 09:41:01 instance-20210501-1727 chrome-remote-desktop[1927244]: [0219/094101.851123:INFO:remoting_me2me_host.cc(1240)] Policy does not require host username match.
Feb 19 09:41:01 instance-20210501-1727 chrome-remote-desktop[1927244]: [0219/094101.851129:INFO:remoting_me2me_host.cc(1159)] Policy allows remote access connections: 1
Feb 19 09:41:01 instance-20210501-1727 chrome-remote-desktop[1927244]: [0219/094101.851320:INFO:ftl_signaling_connector.cc(137)] Attempting to reconnect signaling.
Feb 19 09:41:03 instance-20210501-1727 chrome-remote-desktop[1927244]: [0219/094103.048669:INFO:ftl_signaling_connector.cc(94)] Signaling connected. New JID: eed268b131894fa78cdcc0268abfebb5#chromoting.gserviceaccount.com/chromoti>Feb 19 09:41:03 instance-20210501-1727 chrome-remote-desktop[1927244]: [0219/094103.048720:INFO:heartbeat_sender.cc(172)] Sending outgoing heartbeat.
Feb 19 09:41:03 instance-20210501-1727 chrome-remote-desktop[1927244]: [0219/094103.378292:INFO:remoting_me2me_host.cc(956)] Host ready to receive connections.
Feb 19 09:41:03 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:03,379:INFO:Host ready to receive connections.
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:05,048:INFO:wait() returned (1927242,139)
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:05,048:INFO:Session process terminated
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:05,149:INFO:Failure count for 'session' is now 1
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:05,149:INFO:Terminating X server
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927244]: [0219/094105.152972:ERROR:connection.cc(66)] X connection error received.
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:05,488:INFO:Terminating host
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:05,489:INFO:Failure count for 'X server' is now 0
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:05,489:INFO:Failure count for 'host' is now 0
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:05,489:INFO:Launching X server and X session.
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:05,518:INFO:Starting Xvfb on display :20
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927350]: xdpyinfo: unable to open display ":20".
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:06,027:INFO:X server is active.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:06,148:INFO:Launching X session: ['/bin/sh', '/etc/chrome-remote-desktop-session']
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:06,158:INFO:Launching host process
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:06,159:INFO:['/opt/google/chrome-remote-desktop/chrome-remote-desktop-host', '--host-config=-', '--audio-pipe-name=/home/ubuntu/.config/chrome>Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.258905:WARNING:resource_bundle.cc(406)] locale_file_path.empty() for locale
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.258987:INFO:remoting_me2me_host.cc(1776)] Starting host process: version 96.0.4664.9
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478209:INFO:file_host_settings.cc(31)] Host settings file /home/ubuntu/.config/chrome-remote-desktop/host#4790dcd5b0eb6c774388357f3e52ea98.setting>Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478483:INFO:remoting_me2me_host.cc(1344)] Policy does not require curtain-mode.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478497:INFO:remoting_me2me_host.cc(1267)] Policy enables NAT traversal.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478502:INFO:remoting_me2me_host.cc(1285)] Policy enables use of relay server.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478507:INFO:remoting_me2me_host.cc(1306)] Policy restricts UDP port range to: <no port range specified>
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478514:INFO:remoting_me2me_host.cc(1355)] Policy sets third-party token URLs: <no 3rd party auth config specified>
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478519:INFO:remoting_me2me_host.cc(1377)] Policy enables client pairing.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478524:INFO:remoting_me2me_host.cc(1393)] Policy enables security key auth.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478528:INFO:remoting_me2me_host.cc(1412)] Policy enables file transfer.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478532:INFO:remoting_me2me_host.cc(1435)] Policy enables user interface for non-curtained sessions.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478537:INFO:remoting_me2me_host.cc(1458)] Policy does not set a maximum session duration.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.478547:INFO:remoting_me2me_host.cc(617)] Processing new host configuration.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.479442:INFO:chromoting_host.cc(108)] Starting host
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.549653:INFO:remoting_me2me_host.cc(1137)] Policy sets host domains:
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.549669:INFO:remoting_me2me_host.cc(1240)] Policy does not require host username match.
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.549674:INFO:remoting_me2me_host.cc(1159)] Policy allows remote access connections: 1
Feb 19 09:41:06 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094106.549836:INFO:ftl_signaling_connector.cc(137)] Attempting to reconnect signaling.
Feb 19 09:41:07 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094107.950526:INFO:ftl_signaling_connector.cc(94)] Signaling connected. New JID: eed268b131894fa78cdcc0268abfebb5#chromoting.gserviceaccount.com/chromoti>Feb 19 09:41:07 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094107.954376:INFO:heartbeat_sender.cc(172)] Sending outgoing heartbeat.
Feb 19 09:41:08 instance-20210501-1727 chrome-remote-desktop[1927382]: [0219/094108.249860:INFO:remoting_me2me_host.cc(956)] Host ready to receive connections.
Feb 19 09:41:08 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:08,250:INFO:Host ready to receive connections.
Feb 19 09:41:08 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:08,748:INFO:wait() returned (1927376,139)
Feb 19 09:41:08 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:08,749:INFO:Session process terminated
Feb 19 09:41:08 instance-20210501-1727 chrome-remote-desktop[1927195]: 2022-02-19 09:41:08,755:INFO:Failure count for 'session' is now 2
lines 1-74
zh;sd h;fghdfghidfzghuid ghfdh pugzpoum ifdioug(for edit)
The line:
Feb 19 09:41:05 instance-20210501-1727 chrome-remote-desktop[1927350]: xdpyinfo: unable to open display ":20".
tell you you do not have X server Display 20 on your desktop. Set it or configure it to use existing display. Also firewall on your computer can be the reason for this problem so you can open the port for display 20 (if its available on your computer.).
Related
I want to connect my OpenVPN server (Ubuntu 16.4) in my office to my Mikrotik at home as client.
I already have OpenVPN server set based on this tutorial (link). If I try to connect it connects with OpenVPN client Windows app (no errors), and asks for username and password, with Client.ovpn added in Program Files/OpenVPN/config.
Here is my server.conf in OpenVPN server:
port 51333
proto tcp
dev tun5
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.101.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.20.10 255.255.255.255" #This is my server that I want to connect in Office
keepalive 10 120
tls-auth /etc/openvpn/ta.key
key-direction 0
cipher AES-256-CBC
auth SHA1
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
username-as-common-name
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so /etc/pam.d/openvpn
status /etc/openvpn/mikrotik.log
verb 5
mute-replay-warnings
client-config-dir ccd
management localhost 7505
Here is my configuration of base.conf in OpenVPN server (Ubuntu) for creating client.ovpn files:
client
dev tun
proto tcp
remote mydomain.com 51333 #in my DNS I redirect this domain to my public static domain in office there in firewall I am portforwarding this port to my server in office
resolv-retry infinite
nobind
user nobody
group nogroup
auth-user-pass
#ca ca.crt
#cert client.crt
#key client.key
remote-cert-tls server
tls-auth ta.key
cipher AES-256-CBC
auth SHA1
# More reliable detection when a system loses its connection.
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
verb 5
key-direction 1
Now in Mikrotik (OS is: v6.42.12 in hAP lite (simps) I have:
Import my Client.ovpn in Files
Import Certificate Client.ovpn and set for T (name: ca.crt_0) and for KT (name: client.crt_0).
Create new PPP Profile: ppp profile add name=OVPN-client change-tcp-mss=yes only-one=yes use-encryption=required use-mpls=no
Create new interface: interface ovpn-client add connect-to=mydomain.com port 51333 add-default-route=no auth=sha1 certificate=client.crt_0 disabled=no user=vpnuser password=vpnpass name=myvpn profile=OVPN-client
But with this configuration, I cannot establish a connection. I cannot get "R - status" on OVPN-client, I only get this error:
* ovpn-out1: connecting
* ovpn-out1: terminating - peer disconnected
* ovpn-out1: disconnected
If I check logs in server I get this:
openVPN1 ovpn-server[2050]: MULTI: multi_create_instance called
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Re-using SSL/TLS context
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Control Channel MTU parms
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Data Channel MTU parms
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Local Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Local Options hash (VER=V4): '7ac8f09f'
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Expected Remote Options hash (VER=V4): '53276059'
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: TCP connection established with [AF_INET]XX.XXX.XXX.XX:60345
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: TCPv4_SERVER link local: [undef]
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: TCPv4_SERVER link remote: [AF_INET]XX.XXX.XXX.XX:60345
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: XX.XXX.XXX.XX:60345 TLS: Initial packet from [AF_INET]XX.XXX.XXX.XX:60345
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: XX.XXX.XXX.XX:60345 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]XX.XXX.XXX.XX:60345
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: XX.XXX.XXX.XX:60345 Fatal TLS error (check_tls_errors_co), restarting
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: XX.XXX.XXX.XX:60345 SIGUSR1[soft,tls-error] received, client-instance restarting
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: TCP/UDP: Closing socket
MikroTik does not support UDP in OpenVPN only TCP.
ROS 7 will support it but it's still in development phase.
As of 2022 - you would need to use ROS version 7 or later, where UPP support for OpenVPN is implemented. Still, Mikrotik's implementation of OpenVPN is limited, eg. no support for TLS auth with a static key.
I've started a new instance (i-d23f3a5c) 2 months ago and it's becoming inaccessible every day.
Looking at /var/log/messages I can see the dhcp client is requesting a lease quite often and at some point the message "dhclient1306: fork: Cannot allocate memory" appears.
From there the server is not accessible anymore and needs to be rebooted (I suppose it has lost it's internal ip).
Aug 19 08:47:19 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5 (xid=0x7daf4b5c)
Aug 19 08:47:37 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6 (xid=0x7daf4b5c)
Aug 19 08:48:02 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13 (xid=0x7daf4b5c)
Aug 19 08:48:37 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 21 (xid=0x7daf4b5c)
Aug 19 08:49:24 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10 (xid=0x7daf4b5c)
Aug 19 08:49:43 ip-172-31-16-179 dhclient[2144]: No DHCPOFFERS received.
Aug 19 08:50:11 ip-172-31-16-179 dhclient[2144]: No working leases in persistent database - sleeping.
Aug 19 08:51:09 ip-172-31-16-179 dhclient[2144]: fork: Cannot allocate memory
Aug 19 08:59:09 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 (xid=0x322ab770)
Aug 19 08:59:46 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 19 (xid=0x322ab770)
Aug 19 09:00:15 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 17 (xid=0x322ab770)
Aug 19 09:01:14 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14 (xid=0x322ab770)
Aug 19 09:01:47 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7 (xid=0x322ab770)
Aug 19 09:02:26 ip-172-31-16-179 dhclient[2144]: No DHCPOFFERS received.
Aug 19 09:03:12 ip-172-31-16-179 dhclient[2144]: No working leases in persistent database - sleeping.
Aug 19 09:04:17 ip-172-31-16-179 dhclient[2144]: fork: Cannot allocate memory
Aug 19 09:14:10 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x1c2c358)
Aug 19 09:14:55 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6 (xid=0x1c2c358)
Aug 19 09:15:30 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11 (xid=0x1c2c358)
Aug 19 09:16:22 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 (xid=0x1c2c358)
Aug 19 09:17:01 ip-172-31-16-179 dhclient[2144]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 16 (xid=0x1c2c358)
Aug 19 09:17:43 ip-172-31-16-179 dhclient[2144]: No DHCPOFFERS received.
And so on until I reboot it from the EC2 console.
What would be the best course of action ?
remove DHCP - is that possible ?
restart dhcp client on regular basis ?
increase the number of possible fork (issue will probably arise at some point)
change the renew time to a longer time ?
fix the dhcp client ?
Thanks,
Ankit
I have been struggling with this issue for weeks now. First I thought it was on the Watchguard side, but seems like our side. Here is the setup:
1. EC2 instance running Amazon Linux and OpenSwan.(no iptables)
2. Other side (right side) running WatchGuard.
Tunnel does not get setup. I take the same ipsec.conf file over to a server in RackSpace running CentoS and the tunnel gets established. No idea why. I have attached the conf file and the log file if anybody can help. Thanks a lot.
#nual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=all
plutodebug=all
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
#virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
#nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
include /etc/ipsec.d/*.conf
/etc/ipsec.d/conn.conf
conn TestConn
authby=secret
auto=start
forceencaps=yes
left=%defaultroute
leftid=209.20.92.47
leftsourceip=209.20.92.47
leftsubnet=10.183.128.9/32
leftnexthop=%defaultroute
right=50.206.18.58
rightsubnet=10.10.2.61/32
esp=3des-sha1
#auth=esp
keyexchange=ike
ike=3des-sha1;modp1024
#salifetime=43200s
pfs=no
#dpdaction=restart
#aggrmode=no
Pluto Log
Jan 19 19:32:24 ip-10-1-201-245 ipsec__plutorun: Starting Pluto subsystem...
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: nss directory plutomain: /etc/ipsec.d
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: NSS Initialized
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: Starting Pluto (Openswan Version 2.6.37; Vendor ID OEu\134d\134jy\134\134ap) pid:29440
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: LEAK_DETECTIVE support [disabled]
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: OCF support for IKE [disabled]
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: SAref support [disabled]: Protocol not available
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: SAbind support [disabled]: Protocol not available
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: NSS support [enabled]
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: HAVE_STATSD notification support not compiled in
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: Setting NAT-Traversal port-4500 floating to on
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: port floating activation criteria nat_t=1/port_float=1
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: NAT-Traversal support [enabled]
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | event added at head of queue
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | event added at head of queue
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | event added after event EVENT_PENDING_DDNS
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: starting up 1 cryptographic helpers
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: started helper (thread) pid=140152581191424 (fd:8)
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: Using Linux 2.6 IPsec interface code on 4.1.13-18.26.amzn1.x86_64 (experimental code)
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | status value returned by setting the priority of this thread (id=0) 22
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | helper 0 waiting on fd: 9
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | process 29440 listening for PF_KEY_V2 on file descriptor 12
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | 02 07 00 02 02 00 00 00 01 00 00 00 00 73 00 00
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | pfkey_get: K_SADB_REGISTER message 1
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | AH registered with kernel.
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | 02 07 00 03 02 00 00 00 02 00 00 00 00 73 00 00
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | pfkey_get: K_SADB_REGISTER message 2
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | alg_init():memset(0x558361de3500, 0, 2016) memset(0x558361de3ce0, 0, 2048)
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_add():satype=3, exttype=14, alg_id=251
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_add():satype=3, exttype=14, alg_id=2
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_add():satype=3, exttype=14, alg_id=3
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_add():satype=3, exttype=14, alg_id=5
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_add():satype=3, exttype=14, alg_id=6
Jan 19 19:32:24 ip-10-1-201-245 pluto[29440]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1
Edit
I could not figure out what was going on with Amazon Linux/OpenSwan. So I switched to Ubuntu Linux and with the same config file, the tunnel got establisehd in first try!! Both sides see the tunnel established. However we are not able to ping. When I ping, I see that the packets are traversing the tunnel, I see that using tcpdump. Other sides sees my packets reaching. However the reply packets are not getting to my server. I suspect something not right with AWS setup. I do have disabled the Source/Destination check on the instance, I have added a route to the subnet route table to route the packets destined to the tunnel to go to the instance running OpenSwan. Still not able to ping.
Any idea why the ping might not be working? I posted this to AWS forum also, no answers yet. https://forums.aws.amazon.com/thread.jspa?threadID=223853&tstart=0
I opened a ticket with AWS support. They looked at the log files and config and they gave me the answer to why the tunnel is not getting established. It was a stupid mistake from my part. The route attached to the Amazon Linux instance running OpenSwan had no route to internet, so it was not reaching the WG. Once I added that route the tunnel was established. The reason why the Ubuntu worked is because I instantiated that machine in a new Subnet which had the route to internet. So always ping the public ip of the other end first. I am impressed with the AWS support team. They know what they are doing.
I updated to Windows 10 today and I need to install XAMPP. When I do, I have one problem. When I start Apache, it gives me the following error:
This is from the apache log:
[Sun Aug 16 20:31:11.735761 2015] [ssl:warn] [pid 4600:tid 164] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 16 20:31:12.230789 2015] [ssl:warn] [pid 4600:tid 164] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 16 20:31:13.463859 2015] [mpm_winnt:notice] [pid 4600:tid 164] AH00455: Apache/2.4.16 (Win32) OpenSSL/1.0.1p PHP/5.6.11 configured -- resuming normal operations
[Sun Aug 16 20:31:13.463859 2015] [mpm_winnt:notice] [pid 4600:tid 164] AH00456: Apache Lounge VC11 Server built: Jul 12 2015 10:56:48
[Sun Aug 16 20:31:13.463859 2015] [core:notice] [pid 4600:tid 164] AH00094: Command line: 'C:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache'
[Sun Aug 16 20:31:13.475859 2015] [mpm_winnt:notice] [pid 4600:tid 164] AH00418: Parent: Created child process 1920
[Sun Aug 16 20:31:15.265137 2015] [ssl:warn] [pid 1920:tid 480] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 16 20:31:15.663212 2015] [ssl:warn] [pid 1920:tid 480] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 16 20:31:15.863341 2015] [mpm_winnt:notice] [pid 1920:tid 480] AH00354: Child: Starting 150 worker threads.
Thanks for your help!
After creating a new repository on my Xcode Server, I can't access it by ssh, but I can perform both the git clone command and the git push command by using the https protocol.
Furthermore I encounter the following error when I try to create a Xcode Bot:
Oct 25 12:43:46 mokii.com xcsbuildd[99898]: XCSCheckoutIntegrationStep.m:160 [XCSCheckoutIntegrationStep logUnderlyingErrorForError:]
[SourceControl, Error] SSL error: received early EOF (-1)
Oct 25 12:43:46 mokii.com xcsbuildd[99898]: XCSCheckoutIntegrationStep.m:119 [XCSCheckoutIntegrationStep enqueueOperations]
[SourceControl, Error] Error checkout/clone Error Domain=com.apple.dt.SourceControlErrorDomain Code=-1 "SSL error: received early EOF (-1)" UserInfo=0x7fcf244d3cd0 {com.apple.dt.sourcecontrol.UnderlyingErrorString=SSL error: received early EOF (-1), NSLocalizedDescription=SSL error: received early EOF (-1)}
Oct 25 12:43:46 mokii.com xcsbuildd[99898]: XCSIntegrationExecutor.m:229 [XCSIntegrationExecutor integrationStep:didFinishWithError:result:]
[BuildService, Error] XCSCheckoutIntegrationStep finished integration with an error: Error Domain=com.apple.dt.SourceControlErrorDomain Code=-1 "SSL error: received early EOF (-1)" UserInfo=0x7fcf23e117f0 {com.apple.dt.sourcecontrol.UnderlyingErrorString=SSL error: received early EOF (-1), NSLocalizedDescription=SSL error: received early EOF (-1), XCSErrorFixItType=scm-failure}
When I try to execute the git clone command the hosted repository in Terminal.app, another error occurs:
larryhou:repo larryhou$ git clone ssh://jason#mokii.com/git/HostedRepo.git
Cloning into 'HostedRepo'...
Password:
fatal: '/git/HostedRepo.git' does not appear to be a git repository
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
And I can find additional information in the Console.app:
Marker - Oct 25, 2014, 12:25:13 PM
Oct 25 12:25:15 --- last message repeated 1 time ---
Oct 25 12:25:15 mokii com.apple.xpc.launchd[1] (com.openssh.sshd.4EA7979A-127B-452C-832D-3A9A7FCB5A04): Service instances do not support events yet.
Oct 25 12:25:16 mokii.com kdc[380]: AS-REQ jason#MOKII.COM from 127.0.0.1:62481 for krbtgt/MOKII.COM#MOKII.COM
Oct 25 12:25:16 --- last message repeated 1 time ---
Oct 25 12:25:16 mokii.com kdc[380]: Client sent patypes: REQ-ENC-PA-REP
Oct 25 12:25:16 mokii.com kdc[380]: user has no SRP keys
Oct 25 12:25:16 mokii.com kdc[380]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
Oct 25 12:25:16 mokii.com kdc[380]: AS-REQ jason#MOKII.COM from 127.0.0.1:58943 for krbtgt/MOKII.COM#MOKII.COM
Oct 25 12:25:16 --- last message repeated 1 time ---
Oct 25 12:25:16 mokii.com kdc[380]: Client sent patypes: ENC-TS, REQ-ENC-PA-REP
Oct 25 12:25:16 mokii.com sandboxd[508] ([380]): kdc(380) deny file-read-data /private/etc/krb5.conf
Oct 25 12:25:16 mokii.com kdc[380]: ENC-TS pre-authentication succeeded -- jason#MOKII.COM
Oct 25 12:25:16 mokii.com kdc[380]: DSUpdateLoginStatus: Unable to synchronize login time for jason: 77009
Oct 25 12:25:17 mokii.com kdc[380]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
Oct 25 12:25:17 mokii.com kdc[380]: Requested flags: forwardable
Oct 25 12:25:17 mokii.com kdc[380]: TGS-REQ jason#MOKII.COM from 127.0.0.1:60555 for host/mokii.com#MOKII.COM [canonicalize, forwardable]
Oct 25 12:25:17 mokii.com kdc[380]: TGS-REQ jason#MOKII.COM from 127.0.0.1:59504 for host/mokii.com#MOKII.COM [forwardable]
Oct 25 12:25:17 mokii.com kdc[380]: TGS-REQ jason#MOKII.COM from 127.0.0.1:49478 for ldap/mokii.com#MOKII.COM [canonicalize, forwardable]
Oct 25 12:25:17 mokii.com kdc[380]: TGS-REQ jason#MOKII.COM from 127.0.0.1:58173 for ldap/mokii.com#MOKII.COM [forwardable]
Oct 25 12:25:17 mokii.com sshd[61715]: Accepted keyboard-interactive/pam for jason from 192.168.2.3 port 58668 ssh2
Oct 25 12:25:17 mokii.com sshd[61722]: Received disconnect from 192.168.2.3: 11: disconnected by user
Oct 25 12:25:17 mokii com.apple.xpc.launchd[1] (com.openssh.sshd.4EA7979A-127B-452C-832D-3A9A7FCB5A04[61715]): Service exited with abnormal code: 255
You have got the SSH URL all wrong. You cannot use SSH simply by replacing the protocol and leave the URL in the same form as HTTPS. Here is a step by step guide for using SSH with Git on XCode Server and setting up the bots:
http://ikennd.ac/blog/2013/10/xcode-bots-common-problems-and-workarounds/
One more that is a bit newer and might be more accurate:
https://honzadvorsky.com/articles/2015-08-04-xcs_tutorials_1_getting_started/