The latest ocserv cannot work well with IOS Anyconnect using profile.xml
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Dec 18 02:07:24 PST 2015
On Wed, Dec 16, 2015 at 11:28 AM, yick xie <yick.xie at gmail.com> wrote:
> Hello,
>
> As the title, running ocserv with the profile.xml config will
> encounter a server error when an IOS Anyconnect client tries to
> connect the server. Yet there is no problem when just using Windows 7
> Anyconnect, or just roughly with profile.xml disabled.
> The ocserv was complied at commit
> a52ffc4d06578d0209397753eb6ad3b778ed581e(When max-clients is set
> adjust the file descriptor limits accordingly). The error shows
> "segfault at a0 ip 000000000041c95d sp 00007fff95a51c20 error 4 in
> ocserv[400000+59000]"
Hi Yick,
Could you use valgrind to run ocserv and send the output of this
crash in that case?
> processing: User-Agent: AnyConnect ERROR_NOT_USED 4.0.03016
That's an interesting user-agent string :)
> webvpn=B4HK6PlpHYicYsLXPbLzdnZsGy5X954oDl54R9/mi6R3ZY6jgX9R7OYQUobcS60ToFr6qSU47qF11EZ2kjq3aw6kUfdI9c3Zj1yai2pvGmnGVw==;
> webvpnc=bu:/&p:t&iu:1/&sh:7E9BB890976A71EB71695B6054CF0ED41FCA4E9D&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/profile.xml&fh:291FF7BC238526C0C9DA9AE91EB408CB229F07D4;
The cookies are better not sent to a list. They can be used to resume
your session.
regards,
Nikos
More information about the openconnect-devel
mailing list