Ubuntu
ocserv package

Cisco client fails due to "communcation errors"

Bug #1634617 reported by Daniel Crawford
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ocserv (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

ocserv runs, but claims problem in gnuTLS with randomness:

Oct 18 14:20:43 pi ocserv[13339]: Setting 'pam' as primary authentication method
Oct 18 14:20:43 pi ocserv[13339]: listening on 2 systemd sockets...
Oct 18 14:20:43 pi ocserv[13339]: main: initialized ocserv 0.11.1
Oct 18 14:20:43 pi ocserv[13343]: sec-mod: reading supplemental config from files
Oct 18 14:20:43 pi ocserv[13343]: sec-mod: sec-mod initialized (socket: /var/run/ocserv-socket.13339)
Oct 18 14:21:14 pi ocserv[13344]: GnuTLS error (at worker-vpn.c:474): Error in the system's randomness device.
Oct 18 14:21:14 pi ocserv[13339]: main: [::ffff:172.17.115.194]:54053 user disconnected (reason: unspecified, rx: 0, tx: 0)

Tags: gnutls
Revision history for this message
Daniel Crawford (daniel-crawford) wrote :

4.8.0-25-generic
Ubuntu 16.10

Revision history for this message
Nikos Mavrogiannopoulos (nmavrogiannopoulos) wrote :

The reason is that getrandom() is blocked by isolate-worker options. You can work around it by setting isolate workers to false. The relevant patch is:
https://gitlab.com/ocserv/ocserv/commit/cc1dbf1c246375c175b4392e3c6ca2139b0c355a

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ocserv - 0.11.6-1

---------------
ocserv (0.11.6-1) unstable; urgency=medium

  * New upstream version 0.11.6
  * Fix "Error in the system's randomness device" (Closes: #839937)
    (LP: #1634617)
  * d/p/allow-parallel-build-of-autogen-files.patch: Refresh for new upstream
    version
  * Update default ocserv.conf from upstream example
  * Make the build reproducible by setting MAN_PAGE_DATE
  * Bump debhelper compat level to 10
  * Run wrap-and-sort on d/control and d/*.install
  * d/copyright: Refresh for new upstream version

 -- Mike Miller <email address hidden> Tue, 20 Dec 2016 20:27:17 +0800

Changed in ocserv (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.