Failed to open HTTPS connection vs. systemd & firewalld
Gottfried Haider
gottfried.haider at gmail.com
Mon Jan 5 04:50:10 PST 2015
Hi Nikos,
It turns out ocserv is only listening on IPv6 when started
automatically via systemd on startup. On my (virtual) machine, the
IPv6 address gets assigned before the IPv4 one, so that could be why..
The systemd documentation describes [1] that network.target has very
little guarantees, and recommends using network-online.target instead.
I'll try that in a second. Another suggestion is to make the server
listen on 0.0.0.0 instead - that's what sshd seems to be doing, since
it get's started the same time, and (thankfully) does allow
connections even though the network is not 100% up at start time.
Best
Gottfried
[1] http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
On Mon, Jan 5, 2015 at 10:55 AM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
> On Sat, Jan 3, 2015 at 7:17 AM, Gottfried Haider
> <gottfried.haider at gmail.com> wrote:
>> Hello all,
>>
>> Apologies if this ends up being the wrong forum to raise such a
>> question. I've been unsuccessfully playing around with this for a
>> while, and will definitely also reach out to the firewalld camp with
>> this issue.
>> I was wondering if someone has seen something like this:
>> When I start up ocserv on my server automatically, I can't seem to
>> connect from the client ("Failed to connect to host", "Failed to open
>> HTTPS connection"). It does work though when I either start or restart
>> ocserv when the server has already been running, or when I disable
>> firewalld from loading.
>
> You can verify whether ocserv is listening on the configured port
> using netstat or lsof -i. If it is, I'd suggest to bring that in a
> fedora related forum or mailing list.
>
> regards,
> Nikos
More information about the openconnect-devel
mailing list