DTLS not working

Choon Hoe Chua choonhoe at gmail.com
Tue Nov 28 17:26:18 PST 2017

Hi All

I have Openconnect server up and running and clients can connect fine. But the connection protocol is always TLSv1.2. It does not seem to use DTLS, no matter which client I use (Cisco Anyconnect on MacOS, iOS and Android and OpenConnect for Android).

OS: Ubuntu 17.04
ocserv version: ocserv/zesty,now 0.11.6-1 amd64 [installed]
certificate: obtained via certbot
OpenSSL 1.0.2g

relevant ocserv.conf settings:

server-cert = /etc/letsencrypt/live/myname.me/fullchain.pem
server-key = /etc/letsencrypt/live/myname.me/privkey.pem
try-mtu-discovery = true
#match-tls-dtls-ciphers = true
cisco-client-compat = true
#dtls-psk = false
dtls-legacy = true

Also, there is no ocserv logfile in /var/log. Where is the location for the log file?

Appreciate any advice or pointers where to troubleshoot. Thanks

More information about the openconnect-devel mailing list