For what it's worth the Cisco Anyconnect client does seem to connect and work, regardless of that error. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Nux!" <nux at li.nux.ro> > To: "openconnect-devel" <openconnect-devel at lists.infradead.org> > Sent: Monday, 12 September, 2016 14:12:25 > Subject: libhogweed.so.2 undefined symbol __gmpn_cnd_add_n > Hi, > > I am trying to use ocserv with a letsencrypt cert, however I get the following > error when trying to access it via https. > > It works just fine with self-signed certs. > > OS is CentOS7 with ocserv from EPEL, for versions check below. > > This is my config: > > [root at ocserv-vpn-test ~]# cat /etc/ocserv/ocserv.conf > auth = "plain[passwd=/etc/ocserv/ocpasswd]" > server-cert = /etc/letsencrypt/live/ocservtest.$DOMAIN/fullchain.pem > server-key = /etc/letsencrypt/live/ocservtest.$DOMAIN/privkey.pem > tcp-port = 443 > udp-port = 443 > dns = 8.8.8.8 > dns = 8.8.4.4 > try-mtu-discovery = true > cisco-client-compat = true > socket-file = ocserv.sock > device = vpns > ipv4-network = 192.168.1.0/24 > > > This is what happens: > > [root at ocserv-vpn-test ~]# ocserv --config=/etc/ocserv/ocserv.conf -f -d 1 > Setting 'plain' as primary authentication method > Setting 'file' as supplemental config option > listening (TCP) on 0.0.0.0:443... > listening (TCP) on [::]:443... > listening (UDP) on 0.0.0.0:443... > listening (UDP) on [::]:443... > ocserv[16784]: main: not using control unix socket > ocserv[16784]: main: initialized ocserv 0.11.4 > ocserv[16785]: sec-mod: reading supplemental config from files > ocserv[16785]: sec-mod: sec-mod initialized (socket: ocserv.sock.16784) > ocserv: symbol lookup error: /lib64/libhogweed.so.2: undefined symbol: > __gmpn_cnd_add_n > ocserv[16784]: main: $IP:47952 user disconnected (reason: unspecified, rx: 0, > tx: 0) > > > > > > Selinux is permissive. > > > [root at ocserv-vpn-test ~]# rpm -qi nettle gmp ocserv > Name : nettle > Version : 2.7.1 > Release : 4.el7 > Architecture: x86_64 > Install Date: Mon 12 Sep 2016 11:52:52 GMT > Group : Development/Libraries > Size : 764914 > License : LGPLv2+ > Signature : RSA/SHA256, Sat 14 Mar 2015 08:19:20 GMT, Key ID 24c6a8a7f4a80eb5 > Source RPM : nettle-2.7.1-4.el7.src.rpm > Build Date : Fri 06 Mar 2015 04:10:21 GMT > Build Host : worker1.bsys.centos.org > Relocations : (not relocatable) > Packager : CentOS BuildSystem <http://bugs.centos.org> > Vendor : CentOS > URL : http://www.lysator.liu.se/~nisse/nettle/ > Summary : A low-level cryptographic library > Description : > Nettle is a cryptographic library that is designed to fit easily in more > or less any context: In crypto toolkits for object-oriented languages > (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in > kernel space. > Name : gmp > Epoch : 1 > Version : 5.1.1 > Release : 5.el7 > Architecture: x86_64 > Install Date: Tue 07 Oct 2014 08:57:55 GMT > Group : System Environment/Libraries > Size : 591695 > License : LGPLv3+ > Signature : RSA/SHA256, Fri 04 Jul 2014 01:35:49 GMT, Key ID 24c6a8a7f4a80eb5 > Source RPM : gmp-5.1.1-5.el7.src.rpm > Build Date : Mon 09 Jun 2014 20:18:57 GMT > Build Host : worker1.bsys.centos.org > Relocations : (not relocatable) > Packager : CentOS BuildSystem <http://bugs.centos.org> > Vendor : CentOS > URL : http://gmplib.org/ > Summary : A GNU arbitrary precision library > Description : > The gmp package contains GNU MP, a library for arbitrary precision > arithmetic, signed integers operations, rational numbers and floating > point numbers. GNU MP is designed for speed, for both small and very > large operands. GNU MP is fast because it uses fullwords as the basic > arithmetic type, it uses fast algorithms, it carefully optimizes > assembly code for many CPUs' most common inner loops, and it generally > emphasizes speed over simplicity/elegance in its operations. > > Install the gmp package if you need a fast arbitrary precision > library. > Name : ocserv > Version : 0.11.4 > Release : 1.el7 > Architecture: x86_64 > Install Date: Mon 12 Sep 2016 11:53:32 GMT > Group : Unspecified > Size : 1143904 > License : GPLv2+ and BSD and MIT and CC0 > Signature : RSA/SHA256, Fri 05 Aug 2016 12:35:10 GMT, Key ID 6a2faea2352c64e5 > Source RPM : ocserv-0.11.4-1.el7.src.rpm > Build Date : Fri 05 Aug 2016 11:32:44 GMT > Build Host : buildvm-19.phx2.fedoraproject.org > Relocations : (not relocatable) > Packager : Fedora Project > Vendor : Fedora Project > URL : http://www.infradead.org/ocserv/ > Summary : OpenConnect SSL VPN server > Description : > OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a > secure, small, fast and configurable VPN server. It implements the OpenConnect > SSL VPN protocol, and has also (currently experimental) compatibility with > clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol > uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS > to provide the secure VPN service. > > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro
