client install fails

Question

client install fails

slain2 opened this issue a year ago · 11 comments

Raspberry Pi OS 32-bit Bullseye with Desktop
Install pistrong script on client and run it. Install finishes normally. OK.
Reboot pi
copy zip file raspi1-linux.zip to pi
sudo pistrong client install raspi1-linux.zip
fails
Archive: raspi1-linux.zip
caution: filename not matched: pistrong-vpn-installer
Traceback (most recent call last):
File "/usr/local/bin/pistrong", line 1411, in
args.func(pd, args)
File "/usr/local/bin/pistrong", line 1164, in cmd_client
client_cmd_actions[args.action][0](pd, args)
File "/usr/local/bin/pistrong", line 1126, in cmd_client_install
os.chmod(ufn, 0o755)
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/pistrongnv0dsy_0/pistrong-vpn-installer'

Answer 1 · 2023-05-21T17:21:31.000Z

You didn't provide very much information. For starters: What OS and version did you generate the Client Cert on? What was the exact and complete command line used to create the Client Cert zip file?

If you want to expedite a resolution to this, rather than going back and forth several times, please do the following:

Download 'pscollect` from this github onto your VPN Server and run it
Send the output to as well as the raspi1-linux.zip to gitbls@outlook.com

PS Clearly pistrong shouldn't die as it did, but that's a secondary issue. The primary issue is that the Client Cert zip file appears to be mal-formed in some way.

Answer 2 · 2023-05-21T20:10:54.000Z

One other thing: Does the system on which this is failing have unzip installed?

Answer 3 · 2023-05-21T22:58:43.000Z

Client cert (zip) generated on Raspberry Pi OS with Desktop (32-bit) Bullseye using pistrong to install and sudo pistrong add …
Zip seems fine with the usual 3 files in it.
I’ll do the pscollect later thanks
neilgl

Answer 4 · 2023-05-21T23:20:16.000Z

If there are only 3 files in the zip then pistrong-vpn-installer is missing, which means the cert/key were built without --linux. That's what stuffs the pistrong-vpn-installer install script into the /server-assets/name-device.zip file.

Unfortunately, there's no built-in tool in pistrong to add pistrong-vpn-installer after the fact, so try building a new cert/key using the --linux switch.

Also, for completeness, since you're doing Linux-Linux, I'll mention that the makeTunnel script builds a site-to-site tunnel that can also be used. If the tunnel is going to be up more than down, or if you want to do site-to-site-y kinds of things (access remote LAN, etc), that might be a better approach.

Answer 5 · 2023-05-21T23:30:07.000Z

Ah, I used this to create the zip
sudo pistrong add raspi1 --dev linux --remoteid linux.vpn.neilgl.co.uk
Also, iOS and Android clients created and they work fine.

Answer 6 · 2023-05-21T23:40:59.000Z

Your command is perfect except you're missing the --linux switch.

In the doc I used it several times, and in the Linux Client OS notes it's also noted The --linux switch causes pistrong to create a Linux VPN Config Pack. Copy the VPN Config Pack (zip file) to the Linux client system and install the new connection on the client with sudo pistrong client install /path/to/zip-file.

But, docs covering something doesn't make up for the fact that pistrong should inform you of this, especially since it's exactly this instance that detects that you're either trying to use a non-Linux cert/key on a Linux system, or you simply forgot to add --linux. In either case, a useful message will be better than the current reporting 🤣

Answer 7 · 2023-05-22T13:09:50.000Z

Thanks, that --linux switch was the answer to get the linux client to install.
However, it then failed to start with "09[KNL] allocating SPI failed: Operation not supported (95)"
Guessing this was a 32/64 bit issue I installed 64-bit Raspberry Pi OS and reinstalled pistrong client. It then worked OK
In passing, I noticed that the option W to build from web (not use Apt) fails - can't find..x509 directory?

Answer 8 · 2023-05-22T13:27:29.000Z

Huh. So, on a pure 64-bit install the build from web option fails? Weird...not aware of ANYTHING that the installer does that would cause that.

I'll have a look at that later today.

Answer 9 · 2023-05-22T17:56:06.000Z

The "build from web" option was broken due to strongswan.org website revamp changing the download page. A fix for this is checked in. Also updated pistrong to nicely ask if you used --linux instead of blowing it brains out.

I haven't tetsted this on 32-bit lately, nor on 64-bit kernel on 32-bit system. Will get to that, but wanted to get these updates checked in.

Thanks for finding these! BTW, if you're neilgl from the Pi Forums, thank you SO much for the kind words there.

Answer 10 · 2023-05-23T11:25:42.000Z

Thanks for the fix and yes it is me.

Answer 11 · 2023-12-11T14:59:27.000Z

Closing. Issue resolved!