Hi, thanks a lot for your help. >Why don't you use the gui directly? The gui is not necessary for me ,I want to use the command line client . >That's the error printed when DTLS handshake times out. You could debug >it using wireshark or so. It could be a firewall dropping UDP packets. I had used the wireshark On Windows to view the openconnect and the tshark on Linux to view the Ocserv-0.8.0 (and Ocserv-0.8.4) (using the gnutls-3.2.12) . I find that the client can send the "DTLS Client Hello" to the server successfully and the ocserv can received it and send the " DTLS Server Hello" to the network interface. But, the source IP of the "Server Hello" is not the same as the destination IP of the "Client Hello". (My physical network interface on Linux had many IP ,the openconnect connect to one of them(not the main IP), but the server only use the main IP of the interface to response the "Client Hello" ) when I try to use the openconnect to connect to the main ip of the server interface ,the DTLS connection can be Established successfully! so I think that maybe the ocserv can change something to use the IP same as the destination IP of the "Client Hello" to response. regards, Guang
