Problem with establishing VPN connections with client
Tony Zhou
tonytzhou at gmail.com
Thu Nov 14 22:28:49 EST 2013
It turns out regardless of the server setting, SmoothConnect needs to
add the flag "--disable-ipv6" to be able to successfully establish the
connection. I thought it does not matter initially since my host and
client both has ipv6 disabled.
BTW, how do you write iptable rules to redirect the traffic? I use the
following (which works for PPTP, L2TP, OpenVPN and IPSec) but not working.
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source server.ip.addr
And there are no other VPN services using this IP section.
On 11/14/2013 4:40 PM, Nikos Mavrogiannopoulos wrote:
> On Thu, 2013-11-14 at 13:12 -0500, Tony Zhou wrote:
>> I don't think the problem is from ipv6 since neither my box nor my phone
>> has ipv6 connection. And ipv6 entries were commented out in the conf file.
>
> There were IPv6 addresses sent in the previous log you sent.
>
>> I'm not quite sure about what does this log tell, does it look legit?
>> Nov 15 03:07:01 hostname ocserv[2864]: [client.ip.addr]:31328 received
>> -110 byte(s) (TLS)
>> Nov 15 03:07:01 hostname ocserv[2864]: GnuTLS error (at
>> worker-vpn.c:1161): The TLS connection was non-properly terminated.
>
> Yes it is normal except for the last lines. There it says that the peer
> terminated the connection. It is on the client you're going to find out
> the disconnection reason and the smoothconnect thing had a log.
>
> Did you try to disable certificate checking etc from the client?
>
> You didn't answer whether you tried with the default configuration.
>
> regards,
> Nikos
>
>
More information about the openconnect-devel
mailing list