Connection Failure

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Jul 27 05:06:55 PDT 2014


On Sun, 2014-07-27 at 11:35 +0100, Gareth Williams wrote:

> > The log is a bit cryptic and what it means is that you haven't set the
> > cert-user-oid in the configuration file. Seeing your DN most probably
> > you use the CN part as the username holder. If you don't set that ocserv
> > assumes that the whole DN is the username and in your case it exceeds
> > the username limit of 64 bytes.
> Thank you very much for that advice - it turns out I'd set 
> 'cert-user-oid' in the config file to the incorrect value.  I changed it 
> to the one for DN (2.5.4.3) and things have moved forwards.  
> Unfortunately, I'm still not connecting.  I now get the following:
> 
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: X-Transcend-Version: 1 
> [0/1942]
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: X-Aggregate-Auth: 1
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: X-AnyConnect-Platform: 
> linux-64
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: Cookie: 
> webvpn=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
> ocserv[8939]: worker: xx.xx.85.128:53222 HTTP GET /profiles%2Fprofile.xml
> ocserv[8939]: worker: xx.xx.85.128:53222 unexpected URL 
> /profiles%2Fprofile.xml

Is that the openconnect client from Fedora? Given the weird encoding (%
2F) for a get request it seems like an anyconnect client. Nevertheless,
the %2F seems to confuse the parser of the request of ocserv. Could you
try the git repository version to see if it addresses your issue?

regards,
Nikos





More information about the openconnect-devel mailing list