Self-signed certificate in the Cisco client Call an error message
zyp0209
zyp0209 at gmail.com
Wed Aug 19 18:18:08 PDT 2015
Hi there!
I was using ocserv 0.9.1 with uesrname and password. However, when
using a self-signed certificate (But GlobalSign is OK), it has been
such a error message: GnuTLS error (at worker-vpn.c:349): The TLS
connection was non-properly terminated. (The client was Cisco
AnyConnect Secure Mobility Client for Windows 3.0.3054)
But I was change the client to OpenConnect as normal.
My OS in used is CentOS 6 64bit.
nettle-2.7.1
unbound-1.4.22
gnutls-3.3.9
Could you help me with this issue?
Thanks a lot !
Waiting for your reply.
My Config:
default-domain = "vpn.xxx.com"
auth = "plain[/usr/local/ocserv/passwd]"
max-clients = 0
max-same-clients = 1
tcp-port = 443
udp-port = 443
listen-clear-file = /var/run/ocserv-conn.socket
keepalive = 32400
dpd = 90
idle-timeout = 300
mobile-idle-timeout = 300
isolate-workers = false
try-mtu-discovery = false
server-cert = /usr/local/ocserv/keys/server.cer
server-key = /usr/local/ocserv/keys/server.key
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"
always-require-cert = false
auth-timeout = 40
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-utmp = true
use-occtl = true
pid-file = /var/run/ocserv.pid
socket-file = /var/run/ocserv-socket
run-as-user = nobody
run-as-group = daemon
device = vpns
predictable-ips = true
ipv4-network = 192.168.252.0
ipv4-netmask = 255.255.255.0
ping-leases = false
cisco-client-compat = true
route = 8.0.0.0/255.0.0.0
More information about the openconnect-devel
mailing list