Cookie auth rejected by ocserv on reconnect
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Jan 25 05:05:07 PST 2015
On Sun, 2015-01-25 at 20:50 +0800, David Frank wrote:
> Continue investigation from my previous thread, I manage to obtain a
> decent capture of client log.
>
>
> Basically test flow:
>
> connect to ocserv, put my iphone 6 to sleep, wake it from sleep after
> 3 minutes, and observe reconnect attempt failed.
>
>
> My ocserv settings:
>
> auth = "certificate"
> cookie-timeout = 600
> cisco-client-compat = true
>
>
> AnyConnect general timeline:
[...]
> TL;DR: So ocserv return 401 when AnyConnect send it the auth cookie? I
> think there is something wonky happening, even though I set it to last
> for 10minutes, and does not require certificate on reconnect, ocserv
> still rejects AnyConnect reconnect attempts.
What do you see on the ocserv side? Do you see the reason of not
accepting the cookie?
regards,
Nikos
More information about the openconnect-devel
mailing list