openconnect ipv6 configuration GnuTLS error (at worker-vpn.c:749): Error in the pull function.

alect mapengfei at gmail.com
Tue Dec 2 19:56:19 PST 2014 

I'm now try to configure ipv6 addr for openconnect.
my  vps provider  assign me /64 block ipv6 address.

here is my ocserv.conf

#auth = "certificate[optional]"
auth = "plain[/etc/ocserv/ocpasswd]"
max-clients = 0
max-same-clients= 0
tcp-port = 444
udp-port = 444
keepalive = 32400
dpd = 240
mobile-dpd = 1800
try-mtu-discovery = false
server-cert = /etc/ocserv/ssl.pem
server-key = /etc/ocserv/key.pem
ca-cert =/etc/ocserv/ca.pem
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT"
auth-timeout = 40
mobile-idle-timeout =
deny-roaming = false
cookie-timeout = 86400000
rekey-time = 86400000
rekey-method = ssl
use-utmp = true
use-occtl= true
user-profile = /etc/ocserv/profile.xml
pid-file = /var/run/ocserv.pid
socket-file = /var/run/ocserv-socket
run-as-user = nobody
run-as-group = nogroup
net-priority = 5
device = anyconnectSSL
default-domain = www.abc.com
ipv4-network = 10.10.10.2
ipv4-netmask = 255.255.255.0
dns = 8.8.8.8
dns = 8.8.4.4
ipv6-network = 2400:8900:e000:00ba::
ipv6-prefix = 64
ipv6-dns = 2400:8900::2
ipv6-dns = 2400:8900::3
ping-leases = false
output-buffer = 10
route = 103.0.0.0/255.0.0.0
route = 106.0.0.0/255.0.0.0
route = 107.0.0.0/255.0.0.0
route = 108.0.0.0/255.0.0.0
route = 141.0.0.0/255.0.0.0
route = 153.0.0.0/255.0.0.0
route = 160.0.0.0/255.0.0.0
route = 166.0.0.0/255.0.0.0
route = 17.0.0.0/255.0.0.0
route = 173.0.0.0/255.0.0.0
route = 176.0.0.0/255.0.0.0
route = 178.0.0.0/255.0.0.0
route = 184.0.0.0/255.0.0.0
route = 194.0.0.0/255.0.0.0
route = 198.0.0.0/255.0.0.0
route = 199.0.0.0/255.0.0.0
route = 203.0.0.0/255.0.0.0
route = 204.0.0.0/255.0.0.0
route = 205.0.0.0/255.0.0.0
route = 208.0.0.0/255.0.0.0
route = 209.0.0.0/255.0.0.0
route = 210.0.0.0/255.0.0.0
route = 216.0.0.0/255.0.0.0
route = 3.0.0.0/255.0.0.0
route = 4.0.0.0/255.0.0.0
route = 31.0.0.0/255.0.0.0
route = 46.0.0.0/255.0.0.0
route = 50.0.0.0/255.0.0.0
route = 54.0.0.0/255.0.0.0
route = 61.0.0.0/255.0.0.0
route = 64.0.0.0/255.0.0.0
route = 67.0.0.0/255.0.0.0
route = 68.0.0.0/255.0.0.0
route = 69.0.0.0/255.0.0.0
route = 70.0.0.0/255.0.0.0
route = 72.0.0.0/255.0.0.0
route = 74.0.0.0/255.0.0.0
route = 75.0.0.0/255.0.0.0
route = 76.0.0.0/255.0.0.0
route = 77.0.0.0/255.0.0.0
route = 79.0.0.0/255.0.0.0
route = 8.0.0.0/255.0.0.0
#route = 184.154.128.0/255.255.255.0
route-add-cmd = "ip route add %R dev %D"
route-del-cmd = "ip route delete %R dev %D"
cisco-client-compat = true
custom-header = "X-DTLS-MTU: 1200"
custom-header = "X-CSTP-MTU: 1200"


the syslog shows errors


Dec  3 03:39:34 install ocserv[12493]: main: initialized ocserv 0.8.8
Dec  3 03:39:34 install ocserv[12494]: sec-mod: sec-mod initialized
(socket: /var/run/ocserv-socket.12493)
Dec  3 03:39:57 install ocserv[12494]: sec-mod: received request from
pid 12495 and uid 65534
Dec  3 03:39:57 install ocserv[12494]: sec-mod: cmd [size=40] sm: sign
Dec  3 03:39:57 install ocserv[12493]: main: 60.171.229.33:53017
main-misc.c:425: command socket closed
Dec  3 03:40:00 install ocserv[12494]: sec-mod: received request from
pid 12496 and uid 65534
Dec  3 03:40:00 install ocserv[12494]: sec-mod: cmd [size=26] sm: auth init
Dec  3 03:40:00 install ocserv[12494]: sec-mod: auth init for user
'alect' (group: '*') from 'myip'
Dec  3 03:40:00 install ocserv[12493]: main: myip:53018
main-misc.c:425: command socket closed
Dec  3 03:40:03 install ocserv[12494]: sec-mod: received request from
pid 12497 and uid 65534
Dec  3 03:40:03 install ocserv[12494]: sec-mod: cmd [size=27] sm: auth cont
Dec  3 03:40:03 install ocserv[12494]: sec-mod: auth cont for user 'alect'
Dec  3 03:40:03 install ocserv[12494]: sec-mod: auth deinit for user 'alect'
Dec  3 03:40:03 install ocserv[12493]: main: myip:53019
main-misc.c:425: command socket closed
Dec  3 03:40:03 install ocserv[12493]: main: myip:53020
main-misc.c:425: command socket closed
Dec  3 03:40:03 install ocserv[12493]: main: myip:53021
main-misc.c:425: command socket closed
Dec  3 03:40:04 install ocserv[12493]: main: myip:53022
main-misc.c:425: command socket closed
Dec  3 03:40:04 install ocserv[12494]: sec-mod: received request from
pid 12501 and uid 65534
Dec  3 03:40:04 install ocserv[12494]: sec-mod: cmd [size=40] sm: sign
Dec  3 03:40:04 install ocserv[12493]: main: myip:53024
main-misc.c:425: command socket closed
Dec  3 03:40:04 install ocserv[12493]: main: myip:53025
main-misc.c:425: command socket closed
Dec  3 03:40:05 install ocserv[12493]: main: myip:53026
main-misc.c:425: command socket closed
Dec  3 03:40:05 install ocserv[12493]: main: myip:53027
main-misc.c:425: command socket closed
Dec  3 03:40:06 install ocserv[12494]: sec-mod: received request from
pid 12505 and uid 65534
Dec  3 03:40:06 install ocserv[12494]: sec-mod: cmd [size=261] sm: decrypt
Dec  3 03:40:06 install ocserv[12493]: main[alect]: myip:53029
assigned IPv4 to 'alect': 10.10.10.1
Dec  3 03:40:06 install ocserv[12493]: main[alect]: myip:53029
assigned IPv6 to 'alect': 2001:19f0:7000:8c01:0:ab:8da9:1
Dec  3 03:40:06 install ocserv[12493]: main[alect]: myip:53029
assigning tun device anyconnectSSL0
Dec  3 03:40:06 install ocserv[12493]: main[alect]: myip:53029 user
'alect' of group '*' authenticated (using cookie)
Dec  3 03:40:06 install ocserv[12493]: main[alect]: myip:53029
main-misc.c:425: command socket closed
Dec  3 03:40:06 install ocserv[12519]: GnuTLS error (at
worker-vpn.c:749): Error in the pull function.
Dec  3 03:40:06 install ocserv[12493]: main: myip:53030
main-misc.c:425: command socket closed
Dec  3 03:40:07 install ocserv[12493]: main: myip:53031
main-misc.c:425: command socket closed
Dec  3 03:40:14 install ocserv[12494]: sec-mod: received request from
pid 12521 and uid 65534
Dec  3 03:40:14 install ocserv[12494]: sec-mod: cmd [size=40] sm: sign
Dec  3 03:40:15 install ocserv[12493]: main: myip:53032
main-misc.c:425: command socket closed


someone can help me with this?

More information about the openconnect-devel mailing list