It turns out regardless of the server setting, SmoothConnect needs to add the flag "--disable-ipv6" to be able to successfully establish the connection. I thought it does not matter initially since my host and client both has ipv6 disabled. BTW, how do you write iptable rules to redirect the traffic? I use the following (which works for PPTP, L2TP, OpenVPN and IPSec) but not working. -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source server.ip.addr And there are no other VPN services using this IP section. On 11/14/2013 4:40 PM, Nikos Mavrogiannopoulos wrote: > On Thu, 2013-11-14 at 13:12 -0500, Tony Zhou wrote: >> I don't think the problem is from ipv6 since neither my box nor my phone >> has ipv6 connection. And ipv6 entries were commented out in the conf file. > > There were IPv6 addresses sent in the previous log you sent. > >> I'm not quite sure about what does this log tell, does it look legit? >> Nov 15 03:07:01 hostname ocserv[2864]: [client.ip.addr]:31328 received >> -110 byte(s) (TLS) >> Nov 15 03:07:01 hostname ocserv[2864]: GnuTLS error (at >> worker-vpn.c:1161): The TLS connection was non-properly terminated. > > Yes it is normal except for the last lines. There it says that the peer > terminated the connection. It is on the client you're going to find out > the disconnection reason and the smoothconnect thing had a log. > > Did you try to disable certificate checking etc from the client? > > You didn't answer whether you tried with the default configuration. > > regards, > Nikos > >
