ocserv 0.9.0.1 not doing TLS handshake

Lemon Lam alemonmk at gmail.com
Mon Jan 26 10:25:31 PST 2015


於 2015/1/27 上午 02:03, Nikos Mavrogiannopoulos 提到:
> On Tue, 2015-01-27 at 01:21 +0800, Lemon Lam wrote:
>> (snip)
> 
> Check for some firewall terminating the connection; there is no
> handshake occurring there, the session is terminated before it starts.
> 
> regards,
> Nikos
> 
> 

My iptables-based firewall should not be the problem as it just need one
more INPUT rules to let this handshake stuff through like a web server
and another one for the DTLS tunnel.

> # iptables -nvL
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination
> 
>  1023 99939 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
> 
>     0     0 REJECT     all  --  *      *       0.0.0.0/0            127.0.0.0/8
>          reject-with icmp-port-unreachable
> 90256   41M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
>          state RELATED,ESTABLISHED
>  1711 94740 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
>          tcp dpt:80
>   121  7072 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
>          tcp dpt:443
>     6   360 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
>          tcp dpt:8443
>     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0
>          udp dpt:8443
>   146  7584 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
> 
>   450 35879 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0
>          limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
>   454 36402 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination
> 
> 81325   27M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

regards,
Lam



More information about the openconnect-devel mailing list