Check listen port before commit service https api and vpn openconnect
Configure API:
set service https api gql set service https api keys id KID key 'foo' set service https api socket
Check ports:
vyos@r14# sudo netstat -tulpn | grep 443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 15283/nginx: master tcp6 0 0 :::443 :::* LISTEN 15283/nginx: master [edit] vyos@r14#
Configure openconnect:
set vpn openconnect authentication local-users username foo password 'bar' set vpn openconnect authentication mode local 'password' set vpn openconnect network-settings client-ip-settings subnet '100.64.0.0/24' set vpn openconnect ssl ca-certificate 'ca-ocserv' set vpn openconnect ssl certificate 'srv-ocserv' commit
Check ports and status:
vyos@r14# sudo netstat -tulpn | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 15283/nginx: master
tcp6 0 0 :::443 :::* LISTEN 15283/nginx: master
[edit]
vyos@r14# sudo systemctl status ocserv.service
● ocserv.service - OpenConnect SSL VPN server
Loaded: loaded (/lib/systemd/system/ocserv.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/ocserv.service.d
└─override.conf
Active: failed (Result: exit-code) since Fri 2022-08-05 14:36:51 EEST; 9s ago
Docs: man:ocserv(8)
Process: 15405 ExecStart=/usr/sbin/ocserv --foreground --pid-file /run/ocserv/ocserv.pid --config /run/ocserv/ocserv.conf (code=exited, status=1/FAILURE)
Main PID: 15405 (code=exited, status=1/FAILURE)
CPU: 6ms
Aug 05 14:36:51 r14 ocserv[15405]: main: CN=vyos.io,O=VyOS,L=Dnipro,ST=Denwer,C=US certificate key usage prevents key encipherment; unable to support the RSA ciphersuites; if that is not intentiona>
Aug 05 14:36:51 r14 ocserv[15405]: error connecting to sec-mod socket '/run/ocserv/ocserv.socket.e4a4a64e': No such file or directory
Aug 05 14:36:51 r14 ocserv[15405]: note: setting 'file' as supplemental config option
Aug 05 14:36:51 r14 ocserv[15405]: listening (TCP) on 0.0.0.0:443...
Aug 05 14:36:51 r14 ocserv[15405]: bind() failed: Address already in use
Aug 05 14:36:51 r14 ocserv[15405]: listening (TCP) on [::]:443...
Aug 05 14:36:51 r14 ocserv[15405]: bind() failed: Address already in use
Aug 05 14:36:51 r14 ocserv[15405]: Could not listen to any TCP or UNIX ports
Aug 05 14:36:51 r14 systemd[1]: ocserv.service: Main process exited, code=exited, status=1/FAILURE
Aug 05 14:36:51 r14 systemd[1]: ocserv.service: Failed with result 'exit-code'.
lines 1-20/20 (END)Requires this check https://github.com/vyos/vyos-1x/blob/2a10ffa4b5074be27458159fa94d6227d0e5c7f7/python/vyos/util.py#L939