On Wed, Feb 27, 2013 at 08:32:19PM +0100, Nikos Mavrogiannopoulos wrote: > On 02/27/2013 08:04 PM, Jason Cooper wrote: > > > Nikos, > > > > I'm attempting to get the Cisco AnyConnect client to create tunnel to > > the server. For testing, I disabled user authentication (there is only > > one cert in this CA). My --debug log is below. I added a an fprintf > > into the do..while loop in tls_read(). It looks like the client is > > closing the stream. > > > > Before I go wandering down the wrong path, can you check my attached > > config to make sure I'm not missing anything simple? > > > I don't think you're missing anything. This server was designed to > provide whatever openconnect was using. It could be that the anyconnect > client is more picky. Does this client have a debug mode, or does it > output anything helpful? I get "Banner Success", then a split second later, "The VPN client failed to establish a connection." No debug mode, sorry. > I'm wondering whether that client asks for any HTTP urls resources that > aren't supported. Could you try debugging using the current head? Sure, btw I'm getting a build error with latest head, building the manpage. I'll look into it later. Would like to get it working first. Here's the logs with --tls-debug: ocserv[16819]: [X.X.X.116]:54382 HTTP: User-Agent: AnyConnect AppleSSLVPN_Darwin_ARM (iPhone) 3.0.09115 ocserv[16819]: [X.X.X.116]:54382 HTTP: Host: lakedaemon.net ocserv[16819]: [X.X.X.116]:54382 HTTP: Accept: */* ocserv[16819]: [X.X.X.116]:54382 HTTP: Accept-Encoding: identity ocserv[16819]: [X.X.X.116]:54382 HTTP: X-Transcend-Version: 1 ocserv[16819]: [X.X.X.116]:54382 HTTP: X-Transcend-Version: 1 ocserv[16819]: [X.X.X.116]:54382 HTTP: X-AnyConnect-Identifier-ClientVersion: 3.0.09115 ocserv[16819]: [X.X.X.116]:54382 HTTP: X-AnyConnect-Identifier-Platform: apple-ios ocserv[16819]: [X.X.X.116]:54382 HTTP: X-AnyConnect-Identifier-PlatformVersion: 6.1.2 ocserv[16819]: [X.X.X.116]:54382 HTTP: X-AnyConnect-Identifier-DeviceType: iPhone4,1 ocserv[16819]: [X.X.X.116]:54382 HTTP: X-AnyConnect-Identifier-Device-UniqueID: YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY ocserv[16819]: [X.X.X.116]:54382 HTTP: X-Aggregate-Auth: 1 ocserv[16819]: [X.X.X.116]:54382 HTTP: Connection: close ocserv[16819]: [X.X.X.116]:54382 HTTP: Content-Length: 320 ocserv[16819]: [X.X.X.116]:54382 HTTP: Content-Type: application/x-www-form-urlencoded ocserv[16819]: [X.X.X.116]:54382 sending authentication request ocserv[16816]: [main] assigning tun device vpn0 ocserv[16816]: [X.X.X.116]:54382 user 'C=US,O=Home,CN=jason_iphone' of group '[unknown]' authenticated ocserv[16819]: [X.X.X.116]:54382 User 'C=US,O=Home,CN=jason_iphone' logged in ocserv[16819]: TLS[<4>]: REC[0x56f48]: Preparing Packet Application Data(23) with length: 17 and target length: 17 ocserv[16819]: TLS[<9>]: ENC[0x56f48]: cipher: ARCFOUR-128, MAC: SHA1, Epoch: 1 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Sent Packet[2] Application Data(23) in epoch 1 and length: 42 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Preparing Packet Application Data(23) with length: 24 and target length: 24 ocserv[16819]: TLS[<9>]: ENC[0x56f48]: cipher: ARCFOUR-128, MAC: SHA1, Epoch: 1 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Sent Packet[3] Application Data(23) in epoch 1 and length: 49 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Preparing Packet Application Data(23) with length: 20 and target length: 20 ocserv[16819]: TLS[<9>]: ENC[0x56f48]: cipher: ARCFOUR-128, MAC: SHA1, Epoch: 1 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Sent Packet[4] Application Data(23) in epoch 1 and length: 45 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Preparing Packet Application Data(23) with length: 24 and target length: 24 ocserv[16819]: TLS[<9>]: ENC[0x56f48]: cipher: ARCFOUR-128, MAC: SHA1, Epoch: 1 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Sent Packet[5] Application Data(23) in epoch 1 and length: 49 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Preparing Packet Application Data(23) with length: 100 and target length: 100 ocserv[16819]: TLS[<9>]: ENC[0x56f48]: cipher: ARCFOUR-128, MAC: SHA1, Epoch: 1 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Sent Packet[6] Application Data(23) in epoch 1 and length: 125 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Preparing Packet Application Data(23) with length: 98 and target length: 98 ocserv[16819]: TLS[<9>]: ENC[0x56f48]: cipher: ARCFOUR-128, MAC: SHA1, Epoch: 1 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Sent Packet[7] Application Data(23) in epoch 1 and length: 123 ocserv[16819]: TLS[<4>]: REC[0x56f48]: SSL 3.1 Alert packet received. Epoch 0, length: 22 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Expected Packet Application Data(23) ocserv[16819]: TLS[<4>]: REC[0x56f48]: Received Packet Alert(21) with length: 22 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Decrypted Packet[2] Alert(21) with length: 2 ocserv[16819]: TLS[<4>]: REC[0x56f48]: Alert[1|0] - Close notify - was received ocserv[16819]: TLS[<2>]: ASSERT: gnutls_record.c:1160 gnutls_record_recv returned 0 ocserv[16819]: [X.X.X.116]:54382 error receiving client data (0) thx, Jason.
