Hi, On Sun, Nov 16, 2014 at 1:44 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > On Sun, 2014-11-16 at 12:50 +0200, ?smail D?nmez wrote: > >> > Hi, >> > Thanks to tcpkill I managed to simulate your use case. Could you try >> > the openconnect patch as well as the latest ocserv in git? >> This version seems to be creating a new session every minute. On the >> client side: > > That's my mistake. The fix in ocserv wasn't complete. Could you try the > current version? Success finally it seems: POST https://i10z.com:1443/ Attempting to connect to server 104.40.138.253:1443 SSL negotiation with i10z.com Connected to HTTPS on i10z.com XML POST enabled Please enter your username POST https://i10z.com:1443/auth Please enter your password. Password: POST https://i10z.com:1443/auth Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 Connected tun1 as 10.10.0.121, using SSL Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). Thanks!