DTLS does not work in vhost
Description of problem:
If "udp-port" not specified in config for both default and vhost, DTLS for vhost do not work. Workaround: specify "udp-port" in vhost. But in this case, an warning message is displayed:
...
warning: udp-port is ignored on $host virtual host
...Version of ocserv used:
OpenConnect VPN Server 1.3.0
Client used:
OpenConnect version v9.01-3
Distributor of ocserv
AlmaLinux 9.4
How reproducible:
Describe the steps to reproduce the issue:
- Set config in /etc/ocserv/ocserv.conf
# Global
tcp-port = 443
udp-port = 443
run-as-user = root
run-as-group = root
device = vpn
rate-limit-ms = 100
dtls-psk = true
chroot-dir = /var/lib/ocserv
socket-file = ocserv.sock
pid-file = /var/run/ocserv.pid
#--------------------------------------------------
# Default host
listen-host = 192.168.5.1
server-cert = server-cert.pem
server-key = server-key.pem
auth = "pam[gid-min=1000]"
ipv4-network = 192.168.1.0/24
route = 192.168.1.0/24
#--------------------------------------------------
[vhost:oc.local]
server-cert = server-cert.pem
server-key = server-key.pem
auth = "radius [config=radiusclient.conf,groupconfig=true]"
ipv4-network = 192.168.2.0/24
route = 192.168.2.0/24
#------------------------------
#udp-port = 443- Start server
- Connect to server
Actual results:
Client-side message:
No DTLS address
Set up UDP failed; using SSL insteadExpected results:
Client-side message:
Established DTLS connection (using GnuTLS)Additional tests:
Same as config described above, only "udp-port" value changes.
- "udp-port" in global only. Results: vhost no DTLS; default DTLS; no warning; udp:443 socket in used.
- "udp-port" both in global and in vhost. Results: vhost DTLS; default DTLS; warning message; udp:443 socket in used.
- "udp-port" in vhost only. Results: vhost no DTLS; default no DTLS; warning message; udp:443 socket in not used.
- "udp-port" in not specified. Results: vhost no DTLS; default no DTLS; no warnings; udp:443 socket in not used.