OK, found out that it's because in /lib/systemd/system/ocserv.socket, we have:
------->8------- [Unit] Description=OpenConnect SSL VPN server Socket [Socket] ListenStream=443 ListenDatagram=443 BindIPv6Only=default Accept=false ReusePort=true [Install] WantedBy=sockets.target -------8<------- I'm not sure what's the correct way to do it, but: 1. Why does that file overrides port defined in /etc/ocserv/ocserv.conf? 2. Can we try to ask the user to choose a port during installation? 3. If 2 is not possible, maybe don't try to auto-start the service during configuration (or fail silently)? On Mon, Dec 14, 2015 at 7:37 PM fishy <fishyw...@gmail.com> wrote: > A few more informations: > > I have port 443 occupied by nginx, so aptitude install or service ocserv > start (after successful installation) will fail, but I have port 1443 > instead of 443 in my /etc/ocserv/ocserv.conf file. > > If I stop nginx before install/start ocserv, it will work, and will listen > on 443 instead of 1443. ps shows the command was actually: > > $ ps ax | grep ocserv > 7601 ? Ss 0:00 /usr/sbin/ocserv --foreground --pid-file > /var/run/ocserv.pid --config /etc/ocserv/ocserv.conf > 7602 ? S 0:00 /usr/sbin/ocserv --foreground --pid-file > /var/run/ocserv.pid --config /etc/ocserv/ocserv.conf > 7642 pts/0 S+ 0:00 grep ocserv > > If I just run that command line manually, it will actually listen to 1443 > instead of 443 (which is expected). > > On Mon, Dec 14, 2015 at 7:18 PM Yuxuan Wang <fishyw...@gmail.com> wrote: > >> Package: ocserv >> Version: 0.10.7-1 >> Followup-For: Bug #807571 >> >> Dear Maintainer, >> >> /etc/init.d/ocserv from package ocserv always try to use port 443, >> despite that >> I have an /etc/ocserv/ocserv.conf file says otherwise >> >> Start it manually will work: >> >> /usr/sbin/ocserv --pid-file /var/run/ocserv.pid --config >> /etc/ocserv/ocserv.conf >> >> But the init.d script doesn't. I failed to dig out why that init.d script >> always >> tries to use port 443. >> >> *** Reporter, please consider answering these questions, where >> appropriate *** >> >> * What led up to the situation? >> * What exactly did you do (or not do) that was effective (or >> ineffective)? >> * What was the outcome of this action? >> * What outcome did you expect instead? >> >> *** End of the template - remove these template lines *** >> >> >> -- System Information: >> Debian Release: stretch/sid >> APT prefers unstable >> APT policy: (500, 'unstable'), (1, 'experimental') >> Architecture: amd64 (x86_64) >> Foreign Architectures: i386 >> >> Kernel: Linux 4.3.0-1-amd64 (SMP w/2 CPU cores) >> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) >> Shell: /bin/sh linked to /bin/dash >> Init: systemd (via /run/systemd/system) >> >> Versions of packages ocserv depends on: >> ii libc6 2.21-4 >> ii libgnutls-deb0-28 3.3.18-1 >> ii libhttp-parser2.1 2.1-2 >> ii liblz4-1 0.0~r131-1 >> ii libnl-3-200 3.2.26-1 >> ii libnl-route-3-200 3.2.26-1 >> ii libopts25 1:5.18.6-4 >> ii libpam0g 1.1.8-3.1 >> ii libpcl1 1.6-1 >> ii libprotobuf-c1 1.1.1-1 >> ii libreadline6 6.3-8+b4 >> ii libseccomp2 2.2.3-2 >> ii libsystemd0 228-2 >> ii libtalloc2 2.1.5-1 >> ii libwrap0 7.6.q-25 >> >> Versions of packages ocserv recommends: >> ii ca-certificates 20150426 >> ii ssl-cert 1.0.37 >> >> ocserv suggests no packages. >> >> -- no debconf information >> > -- > fishy > -- fishy
