Unable to connect from AnyConnect 3.0 and 3.1 Windows Clients to ocserv 0.2.4 and git head
Steve
steve at thupdi.net
Sun Jan 12 07:44:05 EST 2014
After upgraded to latest git head, it breaks iOS' AnyConnect client,
but works for Windows :P
ocserv[24206]: SRVIP:55568 accepted connection
ocserv[24180]: sec-mod received request from pid 24206 and uid 65534
ocserv[24206]: SRVIP:55568 sending message 6 to main
ocserv[24179]: SRVIP:55568 main received message 6 of 318 bytes
ocserv[24206]: SRVIP:55568 TLS handshake completed
ocserv[24206]: SRVIP:55568 client needs compact auth
ocserv[24206]: SRVIP:55568 worker-auth.c:553: cannot find username in
client XML message
ocserv[24206]: SRVIP:55568 worker-auth.c:713: failed reading username
ocserv[24206]: SRVIP:55568 sending message 1 to main
ocserv[24179]: SRVIP:55568 main received message 1 of 13 bytes
ocserv[24179]: SRVIP:55568 auth init for user 'testuser' from 'SRVIP:55568'
ocserv[24179]: SRVIP:55568 sending message 2 to worker
ocserv[24206]: SRVIP:55568 received auth reply message 2
ocserv[24206]: SRVIP:55568 continuing authentication for ''
ocserv[24206]: SRVIP:55568 sending message 3 to main
ocserv[24179]: SRVIP:55568 main received message 3 of 3 bytes
ocserv[24179]: SRVIP:55568 auth req for user 'testuser'
ocserv[24179]: SRVIP:55568 accepting user 'testuser'
ocserv[24179]: SRVIP:55568 auth deinit for user 'testuser'
ocserv[24179]: SRVIP:55568 selected IP for 'testuser': 10.10.11.148
ocserv[24179]: SRVIP:55568 assigned IPv4 to 'testuser': 10.10.11.149
ocserv[24179]: SRVIP:55568 assigning tun device vpns0
ocserv[24179]: SRVIP:55568 user 'testuser' of group '[unknown]' authenticated
ocserv[24179]: SRVIP:55568 sending (socket) message 2 to worker
ocserv[24206]: SRVIP:55568 received auth reply message 1
ocserv[24206]: SRVIP:55568 user 'testuser' logged in
ocserv[24179]: SRVIP:55568 handle_commands:378: command socket closed
On Sun, Jan 12, 2014 at 8:32 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On 01/12/2014 01:30 PM, Thomas Glanzmann wrote:
>
>>> Now the client manages to establish a TCP connection but terminates
>>> immediately because "VPN establishment capability from a remote
>>> Desktop is disabled"... So I guess there is again something it doesn't
>>> like.
>> could you please push your changes, that I can try to reproduce locally.
>> Also on the win7 desktop, I now connected using RDP (remote desktop) to
>> my ASA and applied the policy from there. Now the AnyConnect can connect
>> to any other VPN server as well, in case you want to try again. But I
>> think that you already have fixed it. I'll try to reproduce as soon as
>> you push the changes.
>
> It should be there already. The commit needed is
> 2e2310187ddce390f88e8590cf2a838f1434a548
> "Replaced the username cookie with a compact auth option."
>
> regards,
> Nikos
>
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
More information about the openconnect-devel
mailing list