Problem getting openconnect work with ocserv

İsmail Dönmez ismail at donmez.ws
Sun Aug 31 04:01:45 PDT 2014 

Hi,

(warning: long log texts ahead)

Using openconnect & ocserv latest git, built with gnutls. openconnect
on Win 8.1 and ocserv on Ubuntu 14.04 host, I can't get openconnect to
connect to ocserv.

Here is the openconnect log:

> openconnect.exe -u ismail i10z.com:1443
POST https://i10z.com:1443/
 Attempting to connect to server 104.40.138.253:1443
 SSL negotiation with i10z.com
 Connected to HTTPS on i10z.com
 XML POST enabled
 Please enter your username
 POST https://i10z.com:1443/auth
 Please enter your password.
 Password:
 POST https://i10z.com:1443/auth
 Got CONNECT response: HTTP/1.1 200 CONNECTED
 CSTP connected. DPD 90, Keepalive 32400
 Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

VPN Gateway: 104.40.138.253
Internal Address: 10.8.0.121
Internal Netmask: 255.255.255.0
Internal Gateway: 10.8.0.1
Interface: "OpenVPN"
MTU: 1305
Configuring "OpenVPN" interface for Legacy IP...
done.
Configuring Legacy IP networks:
Route configuration done.
Connected OpenVPN as 10.8.0.121, using SSL
 DTLS handshake failed: Resource temporarily unavailable, try again.
 SSL read error: Error in the pull function.; reconnecting.
 ^C

Server log is attached, gzipped since its long.

And the server config:

auth = "pam"
max-clients = 1024
max-same-clients = 0

tcp-port = 1443
udp-port = 443

keepalive = 32400
dpd = 90
try-mtu-discovery = yes

server-cert = /etc/nginx/ssl/i10z.com/ssl-unified.crt
server-key = /etc/nginx/ssl/i10z.com/ssl.key
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT"
auth-timeout = 40
cookie-timeout = 86400000
rekey-time = 86400000
use-utmp = true
pid-file = /var/run/ocserv.pid
socket-file = /var/run/ocserv-socket

run-as-user = nobody
run-as-group = nogroup
device = vpns

ipv4-network = 10.8.0.0
ipv4-netmask = 255.255.255.0

dns = 8.8.8.8
dns = 8.8.4.4

predictable-ips = true
default-domain = i10z.com
ping-leases = false
output-buffer = 10

route-add-cmd = "ip route add %R dev %D"
route-del-cmd = "ip route delete %R dev %D"

Any help is appreciated.

P.S: The weird part, AnyConnect Android client just works fine.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server.log.gz
Type: application/x-gzip
Size: 5124 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140831/322f266a/attachment-0001.bin>

More information about the openconnect-devel mailing list