On Sun, 2014-07-27 at 11:35 +0100, Gareth Williams wrote: > > The log is a bit cryptic and what it means is that you haven't set the > > cert-user-oid in the configuration file. Seeing your DN most probably > > you use the CN part as the username holder. If you don't set that ocserv > > assumes that the whole DN is the username and in your case it exceeds > > the username limit of 64 bytes. > Thank you very much for that advice - it turns out I'd set > 'cert-user-oid' in the config file to the incorrect value. I changed it > to the one for DN (2.5.4.3) and things have moved forwards. > Unfortunately, I'm still not connecting. I now get the following: > > ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: X-Transcend-Version: 1 > [0/1942] > ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: X-Aggregate-Auth: 1 > ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: X-AnyConnect-Platform: > linux-64 > ocserv[8939]: worker: xx.xx.85.128:53222 HTTP: Cookie: > webvpn=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= > ocserv[8939]: worker: xx.xx.85.128:53222 HTTP GET /profiles%2Fprofile.xml > ocserv[8939]: worker: xx.xx.85.128:53222 unexpected URL > /profiles%2Fprofile.xml Is that the openconnect client from Fedora? Given the weird encoding (% 2F) for a get request it seems like an anyconnect client. Nevertheless, the %2F seems to confuse the parser of the request of ocserv. Could you try the git repository version to see if it addresses your issue? regards, Nikos
