Ubuntu
ocserv package

ocserv daemon doesn't get network settings from configuration file

Bug #1613155 reported by erty
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ocserv (Debian)
Fix Released
Unknown
ocserv (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

ubuntu 16.04.1 x64
ocserv: 0.10.11-1build1

ocserv daemon ocserv.socket don't respect "listen-host" value from configuration file, and I have DTLS handshake problems because of that.
proof:

in /etc/ocserv/ocserv.conf I have a line:
listen-host = 46.46.46.46

if I start service by my hands everything alright:
#ocserv -f -c /etc/ocserv/ocserv.conf

#lsof -i
ocserv-ma 5290 root 4u IPv4 30760 0t0 TCP 46.46.46.46:https (LISTEN)
ocserv-ma 5290 root 5u IPv4 30762 0t0 UDP 46.46.46.46:https
ocserv-wo 5293 nobody 0u IPv4 30781 0t0 TCP 46.46.46.46:https->128-68-..........:60250 (ESTABLISHED)
ocserv-wo 5293 nobody 4u IPv4 30804 0t0 UDP
46.46.46.46:https->128-68-..........:64690

but if I start a daemon
#systemctl start ocserv.socket

#lsof -i
ocserv-ma 5802 root 3u IPv6 33640 0t0 TCP *:https (LISTEN)
ocserv-ma 5802 root 4u IPv6 33641 0t0 UDP *:https
ocserv-wo 5808 nobody 0u IPv6 32583 0t0 TCP 46.46.46.46:https->128-68-..........:60321 (ESTABLISHED)

daemon start on "*" address

and in syslog I see a problems with dtls because of that:

Aug 15 06:59:51 gw ocserv[5802]: main[user]: [::ffff:128.128.128.128]:60321 main.c:801: bind UDP to [::]:443: Invalid argument
Aug 15 06:59:51 gw ocserv[5802]: main[user]: [::ffff:128.128.128.128]:60321 main.c:810: connect UDP socket from [::ffff:128.128.128.128]:55022: Network is unreachable
Aug 15 07:00:16 gw ocserv[5802]: main[user]: [::ffff:128.128.128.128]:60321 main.c:801: bind UDP to [::]:443: Invalid argument
Aug 15 07:00:16 gw ocserv[5802]: main[user]: [::ffff:128.128.128.128]:60321 main.c:810: connect UDP socket from [::ffff:128.128.128.128]:62862: Network is unreachable

Revision history for this message
yazoo (yazoousa) wrote :

Hi guy,

Try to go to "/lib/systemd/system/" and modify the file of "ocserv.service",
1.use vim to change two lines,
2.Remove the line of "Requires=ocserv.socket"
3.Remove the line of "Also=ocserv.socket"
4.save the file,

execute "systemctl daemon-reload",
then reload the service "service ocserv start"

I met the similar issue as you described, that situation seems like the default configuration recover the config of "/etc/ocserv/ocserv.conf", after modified, the service works fine.

Bug Watch Updater (bug-watch-updater)
Changed in ocserv (Debian):
status: Unknown → New
Revision history for this message
Mike Miller (mtmiller) wrote :

Right, yazoo's suggestion should work, to turn the service into a standalone service vs a socket-activated service.

You can also modify the socket properties in the ocserv.socket configuration file rather than the ocserv.conf file. This is described briefly in README.Debian in the latest package of ocserv, and in the man pages for systemd.unit(5) and systemd.socket(5).

Changed in ocserv (Ubuntu):
status: New → Invalid
Bug Watch Updater (bug-watch-updater)
Changed in ocserv (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.