No certificate was found and reduced MTU
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Mon Aug 17 01:33:36 PDT 2015
On Fri, Aug 14, 2015 at 7:33 PM, Sheng Yu <magicfish1990 at gmail.com> wrote:
> Hi all,
> Recently, I have noticed that some clients can not connect (should be
> iOS and OS X).
> ocserv[2614]: worker: tlslib.c:378: no certificate was found
> ocserv[2614]: sec-mod: initiating session for user 'User' (session: HqLQN)
> ocserv[2613]: main[User]: x.x.x.x:xxxxx new user session
> ocserv[2613]: main[User]: x.x.x.x:xxxxx user logged in
> ocserv[2790]: worker[User]: x.x.x.x:xxxxx worker-vpn.c:1048: GnuTLS
> error (at worker-vpn.c:1048): The TLS connection was non-properly
> terminated.
> ocserv[2613]: main[User]: x.x.x.x:xxxxx user disconnected
> ocserv[2614]: sec-mod: temporarily closing session for User (session: HqLQN)
> ocserv[2613]: main: x.x.x.x:xxxxx: too short UDP packet
> It was worked, and I do not have to modify any configuration.
That doesn't seem to be the openconnect client. If it is the
anyconnect client, you'll need to provide more information as I have
access to neither of these platforms. Is it a new client, or an old
one?
> Another problem, I noticed same clients sometimes MTU will be reduced to less than 200,
> this what happened? MTU is greater than 1300 at the beginning
> connection.
The MTU can be reduced if ocserv receives EMSGSIZE from the kernel,
i.e., the kernel believed we were exceeding the MTU. When the MTU goes
too low the connection switches to TCP only.
> Are these two issues related?
Doesn't seem so.
More information about the openconnect-devel
mailing list