Hello, I have the same issue. I'm on Debian 10 amd64 with 0.12.2-3. I also tried 1.1.2-2~bpo10+1. This issue is related with something Letsencrypt changed. The last Letsencrypt Certificate was from 8th October. Tonight I renewed my Letsencrypt Certificate autoamtically. After that before the login promot, ocserv was crashing. From the client it looked like that:
(nuc) [~] openconnect vpn.company.com POST https://vpn.company.com/ Connected to 1.2.3.4:443 SSL negotiation with vpn.company.com Connected to HTTPS on vpn.company.com with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) Error reading HTTP response: Invalid argument GET https://vpn.company.com/ Connected to 1.2.3.4:443 SSL negotiation with vpn.company.com Connected to HTTPS on vpn.company.com with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) Error reading HTTP response: Invalid argument Failed to obtain WebVPN cookie >From the server site it looked like that: Dec 7 04:00:58 debian ocserv[6166]: main: main.c:983: Child 6178 died with sigsegv ... 180 ... similiar entries skipped. I was able to restore operation by compiling ocserv from source: sudo apt-get build-dep -y ocserv wget https://www.infradead.org/ocserv/download/ocserv-1.1.5.tar.xz tar xfJ ocserv-1.1.5.tar.xz cd ocserv-1.1.5 sudo mkdir -p /local/ocserv sudo chown <myuser> /local/ocserv ./configure --prefix=/local/ocserv make make instsall sudo /etc/init.d/ocserv stop sudo /local/ocserv/sbin/ocserv -c /etc/ocserv/ocserv.conf However I'll upgrade to Debian 11 tonight. Debian 11 doesn't have this problem, because I have several other ocserv on Debian 11, which don't have the issue. Cheers, Thomas
