Hello, I'm running a server using the following version: ocserv --version ocserv 0.11.9 Compiled with: seccomp, tcp-wrappers, PAM, PKCS#11, AnyConnect GnuTLS version: 3.4.10 I'm trying to get my client to access the profile.xml defined in the ocserv config, however I get the following error: worker[battle.office]: x.x.x.x cannot load config file '/etc/ocserv/profile.xml' The documentation states: # Other fields may be used by some of the CISCO clients. # This file must be accessible from inside the worker's chroot. # Note that enabling this option is not recommended as it will allow # the worker processes to open arbitrary files (when isolate-workers is # set to true). As I'm not familiar with chroot, how might I go about allowing the worker access to the file? My server config looks like the following: auth = "plain[passwd=/etc/ocserv/ocpasswd]" enable-auth = "certificate" tcp-port = 4443 udp-port = 4443 run-as-user = nobody run-as-group = nogroup socket-file = /var/run/ocserv-socket server-cert = /etc/ocserv/server.crt server-key = /etc/ocserv/server.key ca-cert = /etc/ocserv/ca.crt isolate-workers = false keepalive = 32400 dpd = 90 mobile-dpd = 1800 try-mtu-discovery = true cert-user-oid = 2.5.4.3 cert-group-oid = 2.5.4.11 tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0" auth-timeout = 40 min-reauth-time = 300 max-ban-score = 50 ban-reset-time = 300 cookie-timeout = 300 cookie-rekey-time = 14400 deny-roaming = false rekey-time = 3600 rekey-method = ssl use-occtl = true pid-file = /var/run/ocserv.pid device = vpns default-domain = example.com ipv4-network = 192.168.1.0 ipv4-netmask = 255.255.255.0 ping-leases = false user-profile = /etc/ocserv/profile.xml cisco-client-compat = true max-clients = 6 # Limit the number of identical clients (i.e., users connecting # multiple times). Unset or set to zero for unlimited. max-same-clients = 1 dns = 8.8.8.8 dns = 8.8.4.4 Thank you for your time. Ali
