Certificate auth issue in 0.2.2

Karl weeker at outlook.com
Mon Dec 9 12:12:25 EST 2013 

I always use the git version to keep it updated ;) I got no fixed on
these, still failed to connect. The iOS client seems more insane, so I
test it on Android, when input the password, the client said: "gateway
rejected the connection attempt.", debug log like:

ocserv[22901]: [MYIP]:36190 accepted connection
ocserv[22901]: [MYIP]:36190 client certificate verification succeeded
ocserv[22901]: [MYIP]:36190 TLS handshake completed
ocserv[22892]: [MYIP]:36190 auth init for user 'user' from '[MYIP]:36190'
ocserv[22901]: [MYIP]:36190 sending auth request
ocserv[22892]: [MYIP]:36190 auth req for user 'user'
ocserv[22892]: [MYIP]:36190 accepting user 'user'
ocserv[22892]: [MYIP]:36190 auth deinit for user 'user'
ocserv[22892]: [MYIP]:36190 Selected IP: [10.10.11.192]:0
ocserv[22892]: [MYIP]:36190 assigning tun device vpns0
ocserv[22892]: [MYIP]:36190 user 'user' of group '[unknown]' authenticated
ocserv[22901]: [MYIP]:36190 User 'user' logged in
ocserv[22904]: [MYIP]:36191 accepted connection
ocserv[22904]: [MYIP]:36191 error verifying client certificate: No
certificate was found.
ocserv[22904]: [MYIP]:36191 TLS handshake completed
ocserv[22892]: [MYIP]:36191 command socket closed
ocserv[22905]: [MYIP]:36192 accepted connection
ocserv[22905]: [MYIP]:36192 error verifying client certificate: No
certificate was found.
ocserv[22905]: [MYIP]:36192 TLS handshake completed
ocserv[22905]: [MYIP]:36192 sending cookie authentication request
ocserv[22892]: [MYIP]:36192 failed authentication attempt for user 'user'
ocserv[22905]: [MYIP]:36192 failed cookie authentication attempt
ocserv[22892]: [MYIP]:36192 command socket closed
ocserv[22892]: [MYIP]:36190 command socket closed

On Mon, Dec 9, 2013 at 5:09 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Sun, Dec 8, 2013 at 8:23 PM, Karl <weeker at outlook.com> wrote:
>> Tried to check all the possibilities, with no luck. You mean capturing
>> the traffic with wireshark on server side? Is there any simple
>> instruction to do capture work? Thanks.
>
> Could you please elaborate on what you tried and what was the outcome?
> How did you fix the untrusted certificate by the client? After that
> was fixed, did you try with the ocserv version in git? Did that change
> anything in the logs?
>
> regards,
> Nikos

More information about the openconnect-devel mailing list