ocserv 0.9.0.1 not doing TLS handshake
Lemon Lam
alemonmk at gmail.com
Mon Jan 26 10:25:31 PST 2015
於 2015/1/27 上午 02:03, Nikos Mavrogiannopoulos 提到:
> On Tue, 2015-01-27 at 01:21 +0800, Lemon Lam wrote:
>> (snip)
>
> Check for some firewall terminating the connection; there is no
> handshake occurring there, the session is terminated before it starts.
>
> regards,
> Nikos
>
>
My iptables-based firewall should not be the problem as it just need one
more INPUT rules to let this handshake stuff through like a web server
and another one for the DTLS tunnel.
> # iptables -nvL
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
>
> 1023 99939 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
>
> 0 0 REJECT all -- * * 0.0.0.0/0 127.0.0.0/8
> reject-with icmp-port-unreachable
> 90256 41M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
> 1711 94740 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:80
> 121 7072 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:443
> 6 360 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:8443
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:8443
> 146 7584 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
>
> 450 35879 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
> limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
> 454 36402 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
>
> 81325 27M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
regards,
Lam
More information about the openconnect-devel
mailing list