AnyConnect Secure Mobility Client (ACSMC) failed to connect to ocserv with certificate
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Jan 11 02:01:11 PST 2015
On Sat, 2015-01-10 at 20:39 +0000, David Woodhouse wrote:
> > I found my server had two IPs, and the source IP of the "Server Hello"
> > is not the same as the destination IP of the "Client Hello". After
> > chaning the server IP, now the "DTLS handshake failed" problem with
> > OpenConnect-GUI is gone.
>
> I would argue that's a server bug. If we accept incoming DTLS on a given
> IP address the we should also bind() to that address before replying.
Correct. I expected that would have been trivial to fix, but it seems
the sockets API is so much system-specific, and ipv4-ipv6 specific when
it comes to these corner cases. Anyway should be fixed in ocserv master.
regards,
Nikos
More information about the openconnect-devel
mailing list