On Mon, Dec 9, 2013 at 11:04 PM, Karl <weeker at outlook.com> wrote: > That works great on Android now. Thanks, Nikos. > > On iOS client, it still fails at infinite username prompt, log: > > ocserv[14809]: [MYIP]:61337 accepted connection > ocserv[14809]: GnuTLS error (at worker-vpn.c:571): The TLS connection > was non-properly terminated. > ocserv[14807]: [MYIP]:61337 command socket closed > > tls-debug log: http://pastebin.com/9SAjZJ79 > iOS client complains : No valid certificates available for > authentication. Which Cisco doc said: "The secure gateway did not > accept any of the certificates AnyConnect provided. No more > certificates remain." Well, I cannot tell much from the log as I don't know to which gnutls version it corresponds to. However what I see there is the client receiving the certificate request and (possibly) bailing out. That could mean that the client didn't like the CA certificate that was sent be the server (possibly it didn't correspond to its client certificate?). Is there debugging output available on the ios client? regards, Nikos
