Connection Failure

Nikos Mavrogiannopoulos nmav at
Sun Jul 27 05:06:55 PDT 2014

On Sun, 2014-07-27 at 11:35 +0100, Gareth Williams wrote:

> > The log is a bit cryptic and what it means is that you haven't set the
> > cert-user-oid in the configuration file. Seeing your DN most probably
> > you use the CN part as the username holder. If you don't set that ocserv
> > assumes that the whole DN is the username and in your case it exceeds
> > the username limit of 64 bytes.
> Thank you very much for that advice - it turns out I'd set 
> 'cert-user-oid' in the config file to the incorrect value.  I changed it 
> to the one for DN ( and things have moved forwards.  
> Unfortunately, I'm still not connecting.  I now get the following:
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: X-Transcend-Version: 1 
> [0/1942]
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: X-Aggregate-Auth: 1
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: X-AnyConnect-Platform: 
> linux-64
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: Cookie: 
> webvpn=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP GET /profiles%2Fprofile.xml
> ocserv[8939]: worker: xx.xx.85.128:53222 unexpected URL 
> /profiles%2Fprofile.xml

Is that the openconnect client from Fedora? Given the weird encoding (%
2F) for a get request it seems like an anyconnect client. Nevertheless,
the %2F seems to confuse the parser of the request of ocserv. Could you
try the git repository version to see if it addresses your issue?


More information about the openconnect-devel mailing list