ocserv 0.10.3

jacky he jacky.he at gmail.com
Mon May 4 09:42:13 PDT 2015


Hi Nikos,

>From 0.10.3, I find AnyConnect Client on iOS refuse to reconnnect to
server when roaming
from cellular network (3G/4G) to WiFi, but it's ok when roaming from
WiFi to 3G/4G.

I have tested 0.10.2 and 0.9.2, both work fine, I think maybe due to
this change from v0.10.3:

- Invalidate cookies when the user terminates the session explicitly.

PS: I use pure certificate authentication, here is some ocserv log:

ocserv[27196]: sec-mod: temporarily closing session for vpnuser (session: AI8xQ)
ocserv[27196]: sec-mod: invalidating session user 'vpnuser' (session: AI8xQ)
ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:42703 user disconnected
ocserv[27279]: worker:  tlslib.c:378: no certificate was found
ocserv[27196]: sec-mod: session open received in unauthenticated
client vpnuser (session:
AI8xQ)!
ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 could not initiate
session for 'vpnuser'
ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 could not open session
ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 failed authentication
attempt for user
'vpnuser'
ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 user logged in
ocserv[27279]: worker: IP.IP.IP.IP error receiving cookie authentication reply
ocserv[27279]: worker: IP.IP.IP.IP failed cookie authentication attempt
ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 user disconnected

 --
BR
Jacky He

2015-04-25 16:18 GMT+08:00 Nikos Mavrogiannopoulos <nmav at gnutls.org>:
> Hello,
>   I've just released ocserv 0.10.2. This is a bug fix release which
> resolves all known issues in the 0.10.x branch.
>
> * Version 0.10.3 (2015-04-25)
> - Detection of gnutls capabilities was made dynamic. That would allow
>   the server to be compiled with old gnutls version but still use new
>   functionality when linked with a newer version.
> - The DBUS communication channel with occtl was brought up in par
>   with the unix socket based one.
> - Fixed issues with FreeBSD tun device handling. Reports and patches
>   by Brian Chu.
> - When multiple authentication methods are set and the primary includes
>   a certificate, no longer require a certificate for all clients.
> - When receiving non-minimal DPD messages, reflect their contents.
>   This allows using DPD for MTU detection.
> - The 'try-mtu-discovery' config option was fixed to affect the DF bit
>   setting in UDP packets.
> - Invalidate cookies when the user terminates the session explicitly.
> - Fixed 'user-profile' option when isolate-workers is set to true.
> - sec-mod: Do not impose timeouts on reads from main. That would prevent
>   issues when reading in a very busy system.
>
>
> The current release is available at:
> ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.3.tar.xz
> ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.3.tar.xz.sig
>
> The VPN server's web-site is at:
> http://www.infradead.org/ocserv
>
> regards,
> Nikos
>
>
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel



More information about the openconnect-devel mailing list