Well, after set the cisco-client-compat to true, it?s working now. BTW, how can I use certificate or password auth but not require both? On Mar 23, 2014, at 17:15, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > On Sun, 2014-03-23 at 11:43 +0800, Rankjie wrote: >> Hi, >> >> I use the same user-certificate on my Mac ( client is openconnect ) and my iPhone ( client is anyconnect ) >> Things were fine on my Mac, but on the iOS, the connection could not be established. >> >> Here is my ocserv.conf: https://gist.github.com/rankjie/bb7c7e4bfe86d323abb6 >> Server?s log when connect to it on iOS: https://gist.github.com/rankjie/8618400ba3a2075457b0 >> From the log of ocserv, I can see ?user 'CN=user1' of group '[unknown]' authenticated? >> but eventually failed with ?GnuTLS error (at worker-vpn.c:691): No certificate was found.? >> The same certificate was all right on my mac with openconnect. So this > might be a compatibility issue? > > Hello, > You need to set cisco-client-compat to true and possibly the profile > file, for cisco clients to be able to connect. > > regards, > Nikos > >
