Re: 【外部邮件】Re: openconnect connection is successful, unable to receive data
ping gao 高平(0)
ping.gao at corp.elong.com
Tue Nov 21 19:06:52 PST 2017
Execution log:
note: setting 'plain' as primary authentication method
note: enabling 'certificate' as authentication method
note: setting 'file' as supplemental config option
listening (TCP) on 0.0.0.0:443...
listening (TCP) on [::]:443...
ocserv[14830]: main: initializing control unix socket: /var/run/occtl.socket
ocserv[14830]: main: initialized ocserv 0.11.9
ocserv[14831]: sec-mod: reading supplemental config from files
ocserv[14831]: sec-mod: sec-mod initialized (socket: /var/lib/ocserv/ocserv.sock.14830)
ocserv[14830]: TLS[<3>]: ASSERT: extensions.c:65
ocserv[14831]: sec-mod: received request from pid 14830 and uid 0
ocserv[14831]: sec-mod: cmd [size=57] sm: sign
ocserv[14830]: main: processed 1 CA certificate(s)
ocserv[14830]: main: added 1 points (total 1) for IP '192.168.35.65' to ban list
ocserv[14832]: worker: accepted connection
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Allocating epoch #0
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_constate.c:586
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Allocating epoch #1
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.1 Handshake packet received. Epoch 0, length: 219
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22)
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 219
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[0] Handshake(22) with length: 219
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CLIENT HELLO (1) was received. Length 215[215], frag offset 0, frag length: 215, sequence: 0
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Client's version: 3.3
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_db.c:263
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'STATUS REQUEST/5'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SESSION TICKET/35' (0 bytes)
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC/10'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC POINT FORMATS/11'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SIGNATURE ALGORITHMS/13'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'STATUS REQUEST/5'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SAFE RENEGOTIATION/65281'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SESSION TICKET/35'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC/10'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC POINT FORMATS/11'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SIGNATURE ALGORITHMS/13'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'STATUS REQUEST/5' (5 bytes)
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SAFE RENEGOTIATION/65281'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SESSION TICKET/35'
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SUPPORTED ECC/10' (12 bytes)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected ECC curve SECP256R1 (2)
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes)
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SIGNATURE ALGORITHMS/13' (22 bytes)
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (4.1) RSA-SHA256
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (4.3) ECDSA-SHA256
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (5.1) RSA-SHA384
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (5.3) ECDSA-SHA384
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (6.1) RSA-SHA512
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (6.3) ECDSA-SHA512
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (3.1) RSA-SHA224
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (3.3) ECDSA-SHA224
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (2.1) RSA-SHA1
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (2.3) ECDSA-SHA1
ocserv[14832]: TLS[<3>]: ASSERT: server_name.c:301
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested PK algorithm: EC (4) -- ctype: X.509 (1)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested PK algorithm: RSA (1) -- ctype: X.509 (1)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_ARCFOUR_128_MD5 (00.04)
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_GCM_SHA256
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_GCM_SHA384
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA256
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA256
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_GCM_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_GCM_SHA384
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_ARCFOUR_128_SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested cipher suites[size: 108]:
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected Compression Method: NULL
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Safe renegotiation succeeded
ocserv[14832]: TLS[<3>]: ASSERT: status_request.c:181
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Sending extension SAFE RENEGOTIATION (1 bytes)
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: SessionID: d8481129cd226888952e295996c2d12453228dfadb10869c3ee7f148ca7573b4
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER HELLO was queued [87 bytes]
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE was queued [849 bytes]
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: signing handshake data: using RSA-SHA256
ocserv[14831]: sec-mod: received request from pid 14832 and uid 986
ocserv[14831]: sec-mod: cmd [size=57] sm: sign
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER KEY EXCHANGE was queued [333 bytes]
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.1) RSA-SHA256
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.2) DSA-SHA256
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.3) ECDSA-SHA256
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (5.1) RSA-SHA384
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (5.3) ECDSA-SHA384
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (6.1) RSA-SHA512
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (6.3) ECDSA-SHA512
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.1) RSA-SHA224
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.2) DSA-SHA224
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.3) ECDSA-SHA224
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.1) RSA-SHA1
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.2) DSA-SHA1
ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.3) ECDSA-SHA1
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE REQUEST was queued [78 bytes]
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER HELLO DONE was queued [4 bytes]
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 87 and min pad: 0
ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[1] Handshake(22) in epoch 0 and length: 92
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 849 and min pad: 0
ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[2] Handshake(22) in epoch 0 and length: 854
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 333 and min pad: 0
ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[3] Handshake(22) in epoch 0 and length: 338
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 78 and min pad: 0
ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[4] Handshake(22) in epoch 0 and length: 83
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 4 and min pad: 0
ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[5] Handshake(22) in epoch 0 and length: 9
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 846
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22)
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 846
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[1] Handshake(22) with length: 846
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE (11) was received. Length 842[842], frag offset 0, frag length: 842, sequence: 0
ocserv[14832]: TLS[<3>]: ASSERT: status_request.c:332
ocserv[14832]: TLS[<3>]: ASSERT: dn.c:990
ocserv[14832]: TLS[<3>]: ASSERT: common.c:1106
ocserv[14832]: TLS[<3>]: ASSERT: extensions.c:65
ocserv[14832]: TLS[<3>]: ASSERT: name_constraints.c:173
ocserv[14832]: TLS[<3>]: ASSERT: mpi.c:240
ocserv[14832]: worker: client certificate verification succeeded
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 70
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22)
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 70
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[2] Handshake(22) with length: 70
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CLIENT KEY EXCHANGE (16) was received. Length 66[66], frag offset 0, frag length: 66, sequence: 0
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 264
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22)
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 264
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[3] Handshake(22) with length: 264
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE VERIFY (15) was received. Length 260[260], frag offset 0, frag length: 260, sequence: 0
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: verify cert vrfy: using RSA-SHA256
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet ChangeCipherSpec(20)
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet ChangeCipherSpec(20) with length: 1
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[4] ChangeCipherSpec(20) with length: 1
ocserv[14832]: TLS[<9>]: INT: PREMASTER SECRET[32]: de6345619822e02b12cb6b2e13b1f3e384761c464feff7f417906eb544e50021
ocserv[14832]: TLS[<9>]: INT: CLIENT RANDOM[32]: 5a14e31215f1b64a6009825bbd1ea3112b7b3839ab5d43d75b3fdc0f62f7de93
ocserv[14832]: TLS[<9>]: INT: SERVER RANDOM[32]: 5a14e34635213f1912adc926626266f253ab2409ac46071afe7f87d08569faaa
ocserv[14832]: TLS[<9>]: INT: MASTER SECRET: b528fe530f3232d6fb17dbb358b937acc2c0d198b4c3f9353df158f4063df422ddd03616349f4924afd7a43df19a8df2
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Initializing epoch #1
ocserv[14832]: TLS[<9>]: INT: KEY BLOCK[40]: b6520bd26f31710580607baceb03bf548acfd0bb43b2faa88f390b3d30a4574d
ocserv[14832]: TLS[<9>]: INT: CLIENT WRITE KEY [16]: b6520bd26f31710580607baceb03bf54
ocserv[14832]: TLS[<9>]: INT: SERVER WRITE KEY [16]: 8acfd0bb43b2faa88f390b3d30a4574d
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Epoch #1 ready
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 40
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22)
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 40
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[0] Handshake(22) with length: 16
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: recording tls-unique CB (recv)
ocserv[14832]: TLS[<4>]: REC[0x7f0ff24f5010]: Sent ChangeCipherSpec
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Initializing internal [write] cipher sessions
ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: FINISHED was queued [16 bytes]
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[6] ChangeCipherSpec(20) in epoch 0 and length: 6
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45
ocserv[14832]: worker: sending message 'resume data store request' to secmod
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Start of epoch cleanup
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Epoch #0 freed
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: End of epoch cleanup
ocserv[14832]: worker: TLS handshake completed
ocserv[14832]: worker: sending message 'session info' to main
ocserv[14831]: sec-mod: received request from pid 14832 and uid 986
ocserv[14831]: sec-mod: cmd [size=1187] resume data store request
ocserv[14831]: sec-mod: TLS session DB storing d8481129cd226888952e295996c2d12453228dfadb10869c3ee7f148ca7573b4
ocserv[14830]: main: 192.168.35.65:43694 main received worker's message 'session info' of 6 bytes
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Application Data packet received. Epoch 0, length: 602
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Application Data(23)
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Application Data(23) with length: 602
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[1] Application Data(23) with length: 578
ocserv[14832]: worker: 192.168.35.65 HTTP processing: Host: 192.168.35.54
ocserv[14832]: worker: 192.168.35.65 HTTP processing: User-Agent: OpenConnect VPN Agent (NetworkManager) v7.06
ocserv[14832]: worker: 192.168.35.65 User-agent: 'OpenConnect VPN Agent (NetworkManager) v7.06'
ocserv[14832]: worker: 192.168.35.65 HTTP processing: Accept: */*
ocserv[14832]: worker: 192.168.35.65 HTTP processing: Accept-Encoding: identity
ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-Transcend-Version: 1
ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-Aggregate-Auth: 1
ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-AnyConnect-Platform: linux-64
ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-Support-HTTP-Auth: true
ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-Pad: 0000000000000000000000000000000000000000000000000
ocserv[14832]: worker: 192.168.35.65 HTTP processing: Content-Type: application/x-www-form-urlencoded
ocserv[14832]: worker: 192.168.35.65 HTTP processing: Content-Length: 207
ocserv[14832]: worker: 192.168.35.65 HTTP POST /
ocserv[14832]: worker: 192.168.35.65 POST body: '<?xml version="1.0" encoding="UTF-8"?>
<config-auth client="vpn" type="init"><version who="vpn">v7.06</version><device-id>linux-64</device-id><group-access>https://192.168.35.54</group-access></config-auth>
'
ocserv[14832]: worker: 192.168.35.65 cannot find 'group-select' in client XML message
ocserv[14832]: worker: 192.168.35.65 cannot find 'group-select' in client XML message
ocserv[14832]: worker: 192.168.35.65 failed reading groupname
ocserv[14832]: worker: 192.168.35.65 sending message 'sm: auth init' to secmod
ocserv[14831]: sec-mod: received request from pid 14832 and uid 986
ocserv[14831]: sec-mod: cmd [size=88] sm: auth init
ocserv[14831]: sec-mod: using 'certificate' authentication to authenticate user (session: d4WYzD)
ocserv[14831]: sec-mod: auth init (with cert) for user '' (session: d4WYzD) of group: '' from '192.168.35.65'
ocserv[14832]: worker: 192.168.35.65 received auth reply message (value: 1)
ocserv[14832]: worker[user]: 192.168.35.65 user 'user' obtained cookie
ocserv[14832]: worker[user]: 192.168.35.65 HTTP sending: 200 OK
ocserv[14832]: worker[user]: 192.168.35.65 sent session id: d4WYzDksOfE9sstjTG+DhO2fMDc=
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Application Data(23) with length: 1026 and min pad: 0
ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1
ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[2] Application Data(23) in epoch 1 and length: 1055
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:576
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_record.c:1063
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_record.c:1184
ocserv[14832]: TLS[<3>]: ASSERT: gnutls_record.c:1436
ocserv[14830]: main: 192.168.35.65:43694 worker terminated
ocserv[14830]: main: 192.168.35.65:43694 user disconnected (reason: unspecified, rx: 0, tx: 0)
ocserv[14830]: main: added 1 points (total 2) for IP '192.168.35.65' to ban list
ocserv[14833]: worker: accepted connection
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Allocating epoch #0
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_constate.c:586
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Allocating epoch #1
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.1 Handshake packet received. Epoch 0, length: 219
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22)
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 219
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[0] Handshake(22) with length: 219
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CLIENT HELLO (1) was received. Length 215[215], frag offset 0, frag length: 215, sequence: 0
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Client's version: 3.3
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_db.c:263
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'STATUS REQUEST/5'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SESSION TICKET/35' (0 bytes)
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC/10'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC POINT FORMATS/11'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SIGNATURE ALGORITHMS/13'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'STATUS REQUEST/5'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SAFE RENEGOTIATION/65281'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SESSION TICKET/35'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC/10'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC POINT FORMATS/11'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SIGNATURE ALGORITHMS/13'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'STATUS REQUEST/5' (5 bytes)
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SAFE RENEGOTIATION/65281'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SESSION TICKET/35'
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SUPPORTED ECC/10' (12 bytes)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected ECC curve SECP256R1 (2)
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes)
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SIGNATURE ALGORITHMS/13' (22 bytes)
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (4.1) RSA-SHA256
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (4.3) ECDSA-SHA256
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (5.1) RSA-SHA384
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (5.3) ECDSA-SHA384
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (6.1) RSA-SHA512
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (6.3) ECDSA-SHA512
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (3.1) RSA-SHA224
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (3.3) ECDSA-SHA224
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (2.1) RSA-SHA1
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (2.3) ECDSA-SHA1
ocserv[14833]: TLS[<3>]: ASSERT: server_name.c:301
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested PK algorithm: EC (4) -- ctype: X.509 (1)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested PK algorithm: RSA (1) -- ctype: X.509 (1)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_ARCFOUR_128_MD5 (00.04)
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_GCM_SHA256
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_GCM_SHA384
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA256
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA256
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_GCM_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_GCM_SHA384
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_ARCFOUR_128_SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested cipher suites[size: 108]:
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected Compression Method: NULL
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Safe renegotiation succeeded
ocserv[14833]: TLS[<3>]: ASSERT: status_request.c:181
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Sending extension SAFE RENEGOTIATION (1 bytes)
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: SessionID: 813b69661fc8809d9ecb5687e649046df4fd93d75af67ed85b751d2735e6a824
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER HELLO was queued [87 bytes]
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE was queued [849 bytes]
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: signing handshake data: using RSA-SHA256
ocserv[14831]: sec-mod: received request from pid 14833 and uid 986
ocserv[14831]: sec-mod: cmd [size=57] sm: sign
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER KEY EXCHANGE was queued [333 bytes]
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.1) RSA-SHA256
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.2) DSA-SHA256
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.3) ECDSA-SHA256
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (5.1) RSA-SHA384
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (5.3) ECDSA-SHA384
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (6.1) RSA-SHA512
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (6.3) ECDSA-SHA512
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.1) RSA-SHA224
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.2) DSA-SHA224
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.3) ECDSA-SHA224
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.1) RSA-SHA1
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.2) DSA-SHA1
ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.3) ECDSA-SHA1
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE REQUEST was queued [78 bytes]
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER HELLO DONE was queued [4 bytes]
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 87 and min pad: 0
ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[1] Handshake(22) in epoch 0 and length: 92
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 849 and min pad: 0
ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[2] Handshake(22) in epoch 0 and length: 854
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 333 and min pad: 0
ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[3] Handshake(22) in epoch 0 and length: 338
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 78 and min pad: 0
ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[4] Handshake(22) in epoch 0 and length: 83
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 4 and min pad: 0
ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[5] Handshake(22) in epoch 0 and length: 9
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 7
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22)
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 7
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[1] Handshake(22) with length: 7
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE (11) was received. Length 3[3], frag offset 0, frag length: 3, sequence: 0
ocserv[14833]: TLS[<3>]: ASSERT: cert.c:1060
ocserv[14833]: worker: tlslib.c:488: no certificate was found
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 70
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22)
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 70
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[2] Handshake(22) with length: 70
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CLIENT KEY EXCHANGE (16) was received. Length 66[66], frag offset 0, frag length: 66, sequence: 0
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet ChangeCipherSpec(20)
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet ChangeCipherSpec(20) with length: 1
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[3] ChangeCipherSpec(20) with length: 1
ocserv[14833]: TLS[<9>]: INT: PREMASTER SECRET[32]: 5b5c33bdd2778545129f5e322c8c119c49037ffff723979bfc8f1791abfbe94f
ocserv[14833]: TLS[<9>]: INT: CLIENT RANDOM[32]: 5a14e37e719ccf3178e1d9f28660236250eb2e5bb574873cc4076617b503f00a
ocserv[14833]: TLS[<9>]: INT: SERVER RANDOM[32]: 5a14e3894357299d46b059cc678c12ed6b4bc5a0636a3db1757c0e467bc68d08
ocserv[14833]: TLS[<9>]: INT: MASTER SECRET: 07b80a3930548ba6c3dd7f4a5cbcc2f85d0eeb49f30bb6ab940fdc24b33dbbbdd45f354b328cab893a6735cee5b0ef3d
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Initializing epoch #1
ocserv[14833]: TLS[<9>]: INT: KEY BLOCK[40]: fca85cd499011e849198e22e44136e6a37aa69531750df710c698475b002949f
ocserv[14833]: TLS[<9>]: INT: CLIENT WRITE KEY [16]: fca85cd499011e849198e22e44136e6a
ocserv[14833]: TLS[<9>]: INT: SERVER WRITE KEY [16]: 37aa69531750df710c698475b002949f
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Epoch #1 ready
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256
ocserv[14833]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 40
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22)
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 40
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[0] Handshake(22) with length: 16
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: recording tls-unique CB (recv)
ocserv[14833]: TLS[<4>]: REC[0x7f0ff24f5010]: Sent ChangeCipherSpec
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Initializing internal [write] cipher sessions
ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: FINISHED was queued [16 bytes]
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[6] ChangeCipherSpec(20) in epoch 0 and length: 6
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45
ocserv[14833]: worker: sending message 'resume data store request' to secmod
ocserv[14831]: sec-mod: received request from pid 14833 and uid 986
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Start of epoch cleanup
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Epoch #0 freed
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: End of epoch cleanup
ocserv[14833]: worker: TLS handshake completed
ocserv[14833]: worker: sending message 'session info' to main
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Application Data packet received. Epoch 0, length: 623
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Application Data(23)
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Application Data(23) with length: 623
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[1] Application Data(23) with length: 599
ocserv[14833]: worker: 192.168.35.65 HTTP processing: Host: 192.168.35.54
ocserv[14833]: worker: 192.168.35.65 HTTP processing: User-Agent: Open AnyConnect VPN Agent v7.06
ocserv[14830]: main: 192.168.35.65:43696 main received worker's message 'session info' of 6 bytes
ocserv[14833]: worker: 192.168.35.65 User-agent: 'Open AnyConnect VPN Agent v7.06'
ocserv[14833]: worker: 192.168.35.65 HTTP processing: Cookie: webvpn=cq9MrwrZXFyJSv+9uu2SSQFrLRch6XsRuOz7cP13QBE=
ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Version: 1
ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Hostname: zhangsan
ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Accept-Encoding: oc-lz4,lzs
ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-MTU: 1406
ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Address-Type: IPv6,IPv4
ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Full-IPv6-Capability: true
ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-DTLS-Master-Secret: E13BFF3EA0C3D8DF17091D81064574DA892910B87EC5A54B2BC0BE968D6B0934E7CFD6B8F07F573653CB134D1333B1A5
ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-DTLS-CipherSuite: OC-DTLS1_2-AES256-GCM:OC-DTLS1_2-AES128-GCM:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA
ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-DTLS-Accept-Encoding: oc-lz4,lzs
ocserv[14833]: worker: 192.168.35.65 HTTP CONNECT /CSCOSSLC/tunnel
ocserv[14833]: worker: 192.168.35.65 sending message 'auth cookie request' to main
ocserv[14831]: sec-mod: cmd [size=347] resume data store request
ocserv[14831]: sec-mod: TLS session DB storing 813b69661fc8809d9ecb5687e649046df4fd93d75af67ed85b751d2735e6a824
ocserv[14830]: main: 192.168.35.65:43696 main received worker's message 'auth cookie request' of 34 bytes
ocserv[14830]: main: 192.168.35.65:43696 sending msg sm: session open to sec-mod
ocserv[14831]: sec-mod: received request sm: session open
ocserv[14831]: sec-mod: cmd [size=34] sm: session open
ocserv[14831]: sec-mod: initiating session for user 'user' (session: d4WYzD)
ocserv[14830]: main[user]: 192.168.35.65:43696 new user session
ocserv[14830]: main[user]: 192.168.35.65:43696 selected IP: 192.168.1.193
ocserv[14830]: main[user]: 192.168.35.65:43696 assigned IPv4: 192.168.1.193
ocserv[14830]: main[user]: 192.168.35.65:43696 assigning tun device vpns0
ocserv[14830]: main[user]: 192.168.35.65:43696 user of group '[unknown]' authenticated (using cookie)
ocserv[14830]: main[user]: 192.168.35.65:43696 sending (socket) message 2 to worker
ocserv[14830]: main[user]: 192.168.35.65:43696 user logged in
ocserv[14833]: worker: 192.168.35.65 received auth reply message (value: 1)
ocserv[14833]: worker[user]: 192.168.35.65 suggesting DPD of 90 secs
ocserv[14833]: worker[user]: 192.168.35.65 disabling UDP (DTLS) connection
ocserv[14833]: worker[user]: 192.168.35.65 configured link MTU is 1500
ocserv[14833]: worker[user]: 192.168.35.65 peer's data MTU is 1406 / link is 1500
ocserv[14833]: worker[user]: 192.168.35.65 sending IPv4 192.168.1.193
ocserv[14833]: worker[user]: 192.168.35.65 adding DNS 192.168.0.1
ocserv[14833]: worker[user]: 192.168.35.65 adding DNS 192.168.0.2
ocserv[14833]: worker[user]: 192.168.35.65 Link MTU is 1500 bytes
ocserv[14833]: worker[user]: 192.168.35.65 sending message 'tun mtu change' to main
ocserv[14833]: worker[user]: 192.168.35.65 setting data MTU to 1472
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Application Data(23) with length: 626 and min pad: 0
ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[2] Application Data(23) in epoch 1 and length: 655
ocserv[14830]: main[user]: 192.168.35.65:43696 main received worker's message 'tun mtu change' of 3 bytes
ocserv[14830]: main[user]: 192.168.35.65:43696 setting vpns0 MTU to 1472
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Application Data packet received. Epoch 0, length: 80
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Application Data(23)
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Application Data(23) with length: 80
ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[2] Application Data(23) with length: 56
ocserv[14833]: worker[user]: 192.168.35.65 received 56 byte(s) (TLS)
> 在 2017年11月21日,下午7:11,Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> 写道:
>
> Do you use the rhel7.4 version of centos7? That seems like a
> regression from the epel to the rhel protobuf-c libraries.
>
> Does the new build over that version address that?
> https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-35c633c003
>
> On Tue, Nov 21, 2017 at 8:35 AM, ping gao 高平(0) <ping.gao at corp.elong.com> wrote:
>> hi all
>> I use openconnect to connect ocserv server, you can connect successfully, but can not receive downlink data,
>> Trouble to help answer the next
>>
>> OS Info:
>>
>> Server:
>> Centos7
>> Ocserv 0.11.8
>> Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect
>> GnuTLS version: 3.3.26 (compiled with 3.3.24)
>>
>> Client:
>> Ubuntu 16.04
>> OpenConnect version v7.06
>> Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, System keys, DTLS
>>
>> The following ocserv server debug 100 output:
>>
>> ocserv[5123]: main: performing maintenance (banned IPs: 1)
>> ocserv[5124]: sec-mod: performing maintenance
>> ocserv[5124]: sec-mod: active sessions 1
>> ocserv[5123]: main: main received message 'unknown (248)' from sec-mod of 10 bytes
>> ocserv[5127]: TLS[<5>]: REC[0x7f6c443e1010]: SSL 3.3 Application Data packet received. Epoch 0, length: 108
>> ocserv[5127]: TLS[<5>]: REC[0x7f6c443e1010]: Expected Packet Application Data(23)
>> ocserv[5127]: TLS[<5>]: REC[0x7f6c443e1010]: Received Packet Application Data(23) with length: 108
>> ocserv[5127]: TLS[<5>]: REC[0x7f6c443e1010]: Decrypted Packet[590] Application Data(23) with length: 84
>> ocserv[5127]: worker[user]: 192.168.35.65 received 84 byte(s) (TLS)
>> ocserv[5127]: worker[user]: 192.168.35.65 writing 76 byte(s) to TUN
>> _______________________________________________
>> openconnect-devel mailing list
>> openconnect-devel at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/openconnect-devel
More information about the openconnect-devel
mailing list