iOS connect to ocserv server

Sat May 20 03:02:08 PDT 2017

Hi Nikos,

When I using Anyconnect on iPad connect to the ocserv server (0.11.7-1) 
running by an Asus RT-N18u router with Tomato Shibby and entware. There 
is no problem when using the openconnect client to establish the VPN 
connection. However, when using Cisco’s Anyconnect, the connection will 
be terminated about 30 seconds after connected. I have listed the server 
config file, server log and the anyconnect log in the following. Is 
there anyway can solve the problem? Or is there any app running on iOS 
system can connect to the ocserv server. Thank you.

Best,

Daniel

*_Config File_*

auth = "certificate"

listen-host = 114.25.12.13

tcp-port = 10443

udp-port = 10443

run-as-user = nobody

run-as-group = nobody

socket-file = /opt/var/run/ocserv-socket

server-cert = /opt/etc/ocserv/cert/server-cert.pem

server-key = /opt/etc/ocserv/cert/server-key.pem

ca-cert = /opt/etc/ocserv/cert/ca-cert.pem

max-clients = 6

keepalive = 32400

dpd = 90

mobile-dpd = 1800

try-mtu-discovery = true

cert-user-oid = 2.5.4.3

tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"

auth-timeout = 40

min-reauth-time = 3

max-ban-score = 50

ban-reset-time = 300

cookie-timeout = 300

cookie-rekey-time = 14400

deny-roaming = false

rekey-time = 172800

rekey-method = ssl

use-utmp = false

pid-file = /opt/var/run/ocserv.pid

#

# Network settings

#

device = vpns

predictable-ips = true

ipv4-network = 10.88.88.60

ipv4-netmask = 255.255.255.240

dns = 168.95.1.1

dns = 8.8.8.8

ping-leases = false

mtu = 1360

route-add-cmd = "/sbin/route add -net %{RI} dev %{D}"

route-del-cmd = "/sbin/route del -net %{RI} dev %{D}"

route = default

cisco-client-compat = true

#Advanced options

custom-header = "X-DTLS-MTU: 1360"

custom-header = "X-CSTP-MTU: 1360"

*_Server Log_*

May 20 09:33:15 AsusWifi daemon.err ocserv[4731]: GnuTLS error (at 
worker-vpn.c:595): The TLS connection was non-properly terminated.

May 20 09:33:15 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55785 user disconnected (reason: unspecified, rx: 0, tx: 0)

May 20 09:33:15 AsusWifi daemon.err ocserv[4732]: GnuTLS error (at 
worker-vpn.c:595): The TLS connection was non-properly terminated.

May 20 09:33:15 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55786 user disconnected (reason: unspecified, rx: 0, tx: 0)

May 20 09:33:18 AsusWifi daemon.info ocserv[4733]: worker:client 
certificate verification succeeded

May 20 09:33:18 AsusWifi daemon.info ocserv[6114]: sec-mod: using 
'certificate' authentication to authenticate user (session: CmQ+8N)

May 20 09:33:18 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55789 user disconnected (reason: unspecified, rx: 0, tx: 0)

May 20 09:33:18 AsusWifi daemon.info ocserv[4734]: worker:client 
certificate verification succeeded

May 20 09:33:18 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55790 user disconnected (reason: unspecified, rx: 0, tx: 0)

May 20 09:33:18 AsusWifi daemon.info ocserv[4735]: worker:client 
certificate verification succeeded

May 20 09:33:18 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55791 user disconnected (reason: unspecified, rx: 0, tx: 0)

May 20 09:33:18 AsusWifi daemon.info ocserv[4736]: worker:client 
certificate verification succeeded

May 20 09:33:18 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55792 user disconnected (reason: unspecified, rx: 0, tx: 0)

May 20 09:33:18 AsusWifi daemon.err ocserv[4737]: GnuTLS error (at 
worker-vpn.c:595): The TLS connection was non-properly terminated.

May 20 09:33:18 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55798 user disconnected (reason: unspecified, rx: 0, tx: 0)

May 20 09:33:20 AsusWifi daemon.err ocserv[4738]: worker:tlslib.c:475: 
no certificate was found

May 20 09:33:20 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55803 user disconnected (reason: unspecified, rx: 0, tx: 0)

May 20 09:33:20 AsusWifi daemon.err ocserv[4739]: worker:tlslib.c:475: 
no certificate was found

May 20 09:33:20 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55804 user disconnected (reason: unspecified, rx: 0, tx: 0)

May 20 09:33:20 AsusWifi daemon.err ocserv[4740]: worker:tlslib.c:475: 
no certificate was found

May 20 09:33:20 AsusWifi daemon.info ocserv[6114]: sec-mod: initiating 
session for user 'iPad' (session: CmQ+8N)

May 20 09:33:20 AsusWifi daemon.info ocserv[6113]: main[iPad]: 
10.88.88.6:55806 new user session

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 suggesting DPD of 90 secs

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 configured link MTU is 1360

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 peer's link MTU is 1500

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 sending IPv4 10.88.88.59

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 adding DNS 168.95.1.1

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 adding DNS 8.8.8.8

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 adding custom header 'X-DTLS-MTU: 1360'

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 adding custom header 'X-CSTP-MTU: 1360'

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 DTLS ciphersuite: AES128-SHA

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 DTLS data MTU 1266

May 20 09:33:20 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 Link MTU is 1360 bytes

May 20 09:33:20 AsusWifi daemon.info ocserv[6113]: main[iPad]: 
10.88.88.6:55806 user logged in

May 20 09:33:24 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 setting up DTLS-0.9 connection

May 20 09:33:26 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 MTU 1440 is too large, switching to 1360

May 20 09:33:29 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 MTU 1440 is too large, switching to 1360

May 20 09:33:31 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 MTU 1408 is too large, switching to 1360

May 20 09:33:34 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 MTU 1408 is too large, switching to 1360

May 20 09:33:36 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 MTU 1376 is too large, switching to 1360

May 20 09:33:39 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 MTU 1376 is too large, switching to 1360

May 20 09:33:41 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 received BYE packet; exiting

May 20 09:33:41 AsusWifi daemon.info ocserv[4740]: worker[iPad]: 
10.88.88.6 sent periodic stats (in: 215567, out: 243204) to sec-mod

May 20 09:33:41 AsusWifi daemon.info ocserv[6114]: sec-mod: invalidating 
session of user 'iPad' (session: CmQ+8N)

May 20 09:33:41 AsusWifi daemon.info ocserv[6113]: main[iPad]: 
10.88.88.6:55806 user disconnected (reason: user disconnected, rx: 
215567, tx: 243204)

May 20 09:33:43 AsusWifi daemon.err ocserv[4748]: worker:tlslib.c:475: 
no certificate was found

May 20 09:33:43 AsusWifi daemon.info ocserv[6114]: sec-mod: session open 
but with non-existing SID!

May 20 09:33:43 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55925 could not open session

May 20 09:33:43 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55925 failed authentication attempt for user ''

May 20 09:33:43 AsusWifi daemon.warn ocserv[4748]: worker: 10.88.88.6 
failed cookie authentication attempt

May 20 09:33:43 AsusWifi daemon.info ocserv[6113]: main: 
10.88.88.6:55925 user disconnected (reason: unspecified, rx: 0, tx: 0)

*_Anyconnect Log_*

下午05:32:59Contacting 114.25.12.13:10443.

下午05:33:02Establishing VPN session...

下午05:33:02The AnyConnect Downloader is performing update checks...

下午05:33:02Checking for profile updates...

下午05:33:02Checking for product updates...

下午05:33:04Checking for customization updates...

下午05:33:04Performing any required updates...

下午05:33:04The AnyConnect Downloader updates have been completed.

下午05:33:04Establishing VPN session...

下午05:33:04Establishing VPN - Initiating connection...

下午05:33:04Establishing VPN - Examining system...

下午05:33:04Establishing VPN - Activating VPN adapter...

下午05:33:08Establishing VPN - Configuring system...

下午05:33:08Establishing VPN...

下午05:33:08Connected to 114.25.12.13:10443.

下午05:33:26Reconnecting to 114.25.12.13:10443...

下午05:33:27Disconnect in progress, please wait...

下午05:33:28The secure gateway has rejected the connection attempt.A new 
connection attempt to the same or another secure gateway is needed, 
which requires re-authentication.