It`s Debian Squeeze (EdgeOS 1.5.0) POST https://10.24.1.1/ Attempting to connect to server 10.24.1.1:443 Using client certificate 'user' SSL negotiation with 10.24.1.1 Server certificate verify failed: certificate does not match hostname Connected to HTTPS on 10.24.1.1 XML POST enabled POST https://10.24.1.1/auth POST https://10.24.1.1/auth ocserv -f -d 9999 --config=ocserv.cfg listening (TCP) on 0.0.0.0:443... listening (TCP) on [::]:443... listening (UDP) on 0.0.0.0:443... listening (UDP) on [::]:443... ocserv[7272]: main: initializing control unix socket: /var/run/occtl.socket ocserv[7272]: main: initialized ocserv 0.8.6 ocserv[7273]: sec-mod: sec-mod initialized (socket: /var/run/ocserv-socket.7272) ocserv[7272]: main: putting process 7282 to cgroup 'cpuset:test' ocserv[7272]: main: main-misc.c:752: cannot open: /sys/fs/cgroup/cpuset/test/tasks ocserv[7282]: worker: 10.24.1.25:56022 accepted connection ocserv[7282]: TLS[<4>]: REC[0x875b28]: Allocating epoch #0 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_constate.c:715 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Allocating epoch #1 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_buffers.c:1018 ocserv[7282]: TLS[<4>]: REC[0x875b28]: SSL 3.1 Handshake packet received. Epoch 0, length: 79 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Expected Packet Handshake(22) ocserv[7282]: TLS[<4>]: REC[0x875b28]: Received Packet Handshake(22) with length: 79 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Decrypted Packet[0] Handshake(22) with length: 79 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: CLIENT HELLO (1) was received. Length 75[75], frag offset 0, frag length: 75, sequence: 0 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Client's version: 3.1 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_db.c:278 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_extensions.c:165 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_extensions.c:165 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_extensions.c:165 ocserv[7282]: TLS[<2>]: ASSERT: server_name.c:300 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Requested PK algorithm: RSA (1) -- ctype: X.509 (1) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05) ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Keeping ciphersuite: RSA_ARCFOUR_128_MD5 (00.04) ocserv[7282]: TLS[<2>]: ASSERT: gnutls_handshake.c:3295 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_handshake.c:3295 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA256 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_handshake.c:3295 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_handshake.c:3295 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA256 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_handshake.c:3295 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_handshake.c:3295 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_handshake.c:3295 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Removing ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Requested cipher suites[size: 36]: ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Selected cipher suite: RSA_AES_128_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Selected Compression Method: NULL ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Allowing unsafe initial negotiation ocserv[7282]: TLS[<2>]: ASSERT: status_request.c:197 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: SessionID: 55abc4bd0d7b7a49c07c7b29f91e3937ec50bf9bcde994af25be0c9ec1788a6f ocserv[7282]: TLS[<3>]: HSK[0x875b28]: SERVER HELLO was queued [74 bytes] ocserv[7282]: TLS[<3>]: HSK[0x875b28]: CERTIFICATE was queued [961 bytes] ocserv[7282]: TLS[<3>]: HSK[0x875b28]: SERVER HELLO DONE was queued [4 bytes] ocserv[7282]: TLS[<4>]: REC[0x875b28]: Preparing Packet Handshake(22) with length: 74 and target length: 74 ocserv[7282]: TLS[<9>]: ENC[0x875b28]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Sent Packet[1] Handshake(22) in epoch 0 and length: 79 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Preparing Packet Handshake(22) with length: 961 and target length: 961 ocserv[7282]: TLS[<9>]: ENC[0x875b28]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Sent Packet[2] Handshake(22) in epoch 0 and length: 966 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Preparing Packet Handshake(22) with length: 4 and target length: 4 ocserv[7282]: TLS[<9>]: ENC[0x875b28]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Sent Packet[3] Handshake(22) in epoch 0 and length: 9 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_buffers.c:1018 ocserv[7282]: TLS[<4>]: REC[0x875b28]: SSL 3.1 Handshake packet received. Epoch 0, length: 310 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Expected Packet Handshake(22) ocserv[7282]: TLS[<4>]: REC[0x875b28]: Received Packet Handshake(22) with length: 310 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Decrypted Packet[1] Handshake(22) with length: 310 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: CLIENT KEY EXCHANGE (16) was received. Length 306[306], frag offset 0, frag length: 306, sequence: 0 ocserv[7273]: sec-mod: received request from pid 7282 and uid 0 ocserv[7273]: sec-mod: cmd [size=309] sm: decrypt ocserv[7282]: TLS[<4>]: REC[0x875b28]: SSL 3.1 ChangeCipherSpec packet received. Epoch 0, length: 1 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Expected Packet ChangeCipherSpec(20) ocserv[7282]: TLS[<4>]: REC[0x875b28]: Received Packet ChangeCipherSpec(20) with length: 1 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Decrypted Packet[2] ChangeCipherSpec(20) with length: 1 ocserv[7282]: TLS[<9>]: INT: PREMASTER SECRET[48]: 03015e8a542c54957f9d7c06939cc89b0dff3ba924c1390fa1c236b57275bfe5e98f8b3467cca6c9d011b7f4c06d1f7c ocserv[7282]: TLS[<9>]: INT: CLIENT RANDOM[32]: 5445f65c77c6c6d5d2f17d470e6af71e5e88957bd50a451db3931c55e217d10d ocserv[7282]: TLS[<9>]: INT: SERVER RANDOM[32]: 5445f65c4e0430b5cfa75001249048be41fbc0cc84e9723fce69d39e3369f5c7 ocserv[7282]: TLS[<9>]: INT: MASTER SECRET: a7cf4c8302376725c39b537b884a22a4a6e64117bf0d3755521a0ca0e84af706bc7a7fd1475b8ce2786439cf872dc847 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Initializing epoch #1 ocserv[7282]: TLS[<9>]: INT: KEY BLOCK[104]: e0f3c7c24df3016385924f9b517ba62562f09a6218a8956560c1808d5aa8caab ocserv[7282]: TLS[<9>]: INT: CLIENT WRITE KEY [16]: 23918cc2c3ba4b84253470c6cb3867dc ocserv[7282]: TLS[<9>]: INT: SERVER WRITE KEY [16]: aa44c78433bbec9c9312869c43106dd3 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Epoch #1 ready ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Cipher Suite: RSA_AES_128_CBC_SHA1 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_buffers.c:1018 ocserv[7282]: TLS[<4>]: REC[0x875b28]: SSL 3.1 Handshake packet received. Epoch 0, length: 48 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Expected Packet Handshake(22) ocserv[7282]: TLS[<4>]: REC[0x875b28]: Received Packet Handshake(22) with length: 48 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Decrypted Packet[0] Handshake(22) with length: 16 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: recording tls-unique CB (recv) ocserv[7282]: TLS[<3>]: REC[0x875b28]: Sent ChangeCipherSpec ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Cipher Suite: RSA_AES_128_CBC_SHA1 ocserv[7282]: TLS[<3>]: HSK[0x875b28]: Initializing internal [write] cipher sessions ocserv[7282]: TLS[<3>]: HSK[0x875b28]: FINISHED was queued [16 bytes] ocserv[7282]: TLS[<4>]: REC[0x875b28]: Preparing Packet ChangeCipherSpec(20) with length: 1 and target length: 1 ocserv[7282]: TLS[<9>]: ENC[0x875b28]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Sent Packet[4] ChangeCipherSpec(20) in epoch 0 and length: 6 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Preparing Packet Handshake(22) with length: 16 and target length: 16 ocserv[7282]: TLS[<9>]: ENC[0x875b28]: cipher: AES-128-CBC, MAC: SHA1, Epoch: 1 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Sent Packet[1] Handshake(22) in epoch 1 and length: 53 ocserv[7282]: worker: 10.24.1.25:56022 sending message 'resume data store request' to main ocserv[7272]: main: 10.24.1.25:56022 main received message 'resume data store request' of 258 bytes ocserv[7272]: main: 10.24.1.25:56022 TLS session DB storing 55abc4bd0d7b7a49c07c7b29f91e3937ec50bf9bcde994af25be0c9ec1788a6f ocserv[7282]: TLS[<4>]: REC[0x875b28]: Start of epoch cleanup ocserv[7282]: TLS[<4>]: REC[0x875b28]: Epoch #0 freed ocserv[7282]: TLS[<4>]: REC[0x875b28]: End of epoch cleanup ocserv[7282]: worker: 10.24.1.25:56022 TLS handshake completed ocserv[7282]: TLS[<4>]: REC[0x875b28]: SSL 3.1 Application Data packet received. Epoch 0, length: 512 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Expected Packet Application Data(23) ocserv[7282]: TLS[<4>]: REC[0x875b28]: Received Packet Application Data(23) with length: 512 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Decrypted Packet[1] Application Data(23) with length: 485 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Host: 10.24.1.1 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: User-Agent: OpenConnect VPN Agent (NetworkManager) v5.02 ocserv[7282]: worker: 10.24.1.25:56022 User-agent: 'OpenConnect VPN Agent (NetworkManager) v5.02' ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Accept: */* ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Accept-Encoding: identity ocserv[7282]: worker: 10.24.1.25:56022 HTTP: X-Transcend-Version: 1 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: X-Aggregate-Auth: 1 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: X-AnyConnect-Platform: linux-64 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Content-Type: application/x-www-form-urlencoded ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Content-Length: 203 ocserv[7282]: worker: 10.24.1.25:56022 HTTP POST / ocserv[7282]: worker: 10.24.1.25:56022 POST body: '<?xml version="1.0" encoding="UTF-8"?> <config-auth client="vpn" type="init"><version who="vpn">v5.02</version><device-id>linux-64</device-id><group-access>https://10.24.1.1</group-access></config-auth> ' ocserv[7282]: worker: 10.24.1.25:56022 cannot find 'group-select' in client XML message ocserv[7282]: worker: 10.24.1.25:56022 cannot find 'group-select' in client XML message ocserv[7282]: worker: 10.24.1.25:56022 failed reading groupname ocserv[7282]: worker: 10.24.1.25:56022 cannot find 'username' in client XML message ocserv[7282]: worker: 10.24.1.25:56022 failed reading username ocserv[7282]: TLS[<4>]: REC[0x875b28]: Preparing Packet Application Data(23) with length: 417 and target length: 417 ocserv[7282]: TLS[<9>]: ENC[0x875b28]: cipher: AES-128-CBC, MAC: SHA1, Epoch: 1 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Sent Packet[2] Application Data(23) in epoch 1 and length: 453 ocserv[7282]: TLS[<4>]: REC[0x875b28]: SSL 3.1 Application Data packet received. Epoch 0, length: 512 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Expected Packet Application Data(23) ocserv[7282]: TLS[<4>]: REC[0x875b28]: Received Packet Application Data(23) with length: 512 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Decrypted Packet[2] Application Data(23) with length: 487 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Host: 10.24.1.1 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: User-Agent: OpenConnect VPN Agent (NetworkManager) v5.02 ocserv[7282]: worker: 10.24.1.25:56022 User-agent: 'OpenConnect VPN Agent (NetworkManager) v5.02' ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Accept: */* ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Accept-Encoding: identity ocserv[7282]: worker: 10.24.1.25:56022 HTTP: X-Transcend-Version: 1 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: X-Aggregate-Auth: 1 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: X-AnyConnect-Platform: linux-64 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Content-Type: application/x-www-form-urlencoded ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Content-Length: 201 ocserv[7282]: worker: 10.24.1.25:56022 HTTP POST /auth ocserv[7282]: worker: 10.24.1.25:56022 POST body: '<?xml version="1.0" encoding="UTF-8"?> <config-auth client="vpn" type="auth-reply"><version who="vpn">v5.02</version><device-id>linux-64</device-id><auth><username>user</username></auth></config-auth> ' ocserv[7282]: worker: 10.24.1.25:56022 cannot find 'group-select' in client XML message ocserv[7282]: worker: 10.24.1.25:56022 cannot find 'group-select' in client XML message ocserv[7282]: worker: 10.24.1.25:56022 failed reading groupname ocserv[7273]: sec-mod: received request from pid 7282 and uid 0 ocserv[7282]: worker: 10.24.1.25:56022 sending message 'sm: auth init' to secmod ocserv[7273]: sec-mod: cmd [size=22] sm: auth init ocserv[7273]: sec-mod: auth init for user 'user' (group: '') from '10.24.1.25' ocserv[7282]: worker: 10.24.1.25:56022 received auth reply message (value: 2) ocserv[7282]: worker: 10.24.1.25:56022 continuing authentication for 'user' ocserv[7282]: worker: 10.24.1.25:56022 sent sid: +iORu/slIF2OFe8g ocserv[7282]: TLS[<4>]: REC[0x875b28]: Preparing Packet Application Data(23) with length: 486 and target length: 486 ocserv[7282]: TLS[<9>]: ENC[0x875b28]: cipher: AES-128-CBC, MAC: SHA1, Epoch: 1 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Sent Packet[3] Application Data(23) in epoch 1 and length: 517 ocserv[7282]: TLS[<4>]: REC[0x875b28]: SSL 3.1 Application Data packet received. Epoch 0, length: 560 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Expected Packet Application Data(23) ocserv[7282]: TLS[<4>]: REC[0x875b28]: Received Packet Application Data(23) with length: 560 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Decrypted Packet[3] Application Data(23) with length: 527 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Host: 10.24.1.1 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: User-Agent: OpenConnect VPN Agent (NetworkManager) v5.02 ocserv[7282]: worker: 10.24.1.25:56022 User-agent: 'OpenConnect VPN Agent (NetworkManager) v5.02' ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Accept: */* ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Accept-Encoding: identity ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Cookie: webvpncontext=+iORu/slIF2OFe8g ocserv[7282]: worker: 10.24.1.25:56022 received sid: +iORu/slIF2OFe8g ocserv[7282]: worker: 10.24.1.25:56022 HTTP: X-Transcend-Version: 1 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: X-Aggregate-Auth: 1 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: X-AnyConnect-Platform: linux-64 ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Content-Type: application/x-www-form-urlencoded ocserv[7282]: worker: 10.24.1.25:56022 HTTP: Content-Length: 201 ocserv[7282]: worker: 10.24.1.25:56022 HTTP POST /auth ocserv[7282]: worker: 10.24.1.25:56022 POST body: '<?xml version="1.0" encoding="UTF-8"?> <config-auth client="vpn" type="auth-reply"><version who="vpn">v5.02</version><device-id>linux-64</device-id><auth><password>user</password></auth></config-auth> ' ocserv[7273]: sec-mod: received request from pid 7282 and uid 0 ocserv[7282]: worker: 10.24.1.25:56022 sending message 'sm: auth cont' to secmod ocserv[7273]: sec-mod: cmd [size=22] sm: auth cont ocserv[7273]: sec-mod: auth cont for user 'user' ocserv[7273]: sec-mod: error in password given in auth cont for user 'user' ocserv[7282]: worker: 10.24.1.25:56022 received auth reply message (value: 2) ocserv[7282]: worker: 10.24.1.25:56022 continuing authentication for 'user' ocserv[7282]: worker: 10.24.1.25:56022 sent sid: +iORu/slIF2OFe8g ocserv[7282]: TLS[<4>]: REC[0x875b28]: Preparing Packet Application Data(23) with length: 500 and target length: 500 ocserv[7282]: TLS[<9>]: ENC[0x875b28]: cipher: AES-128-CBC, MAC: SHA1, Epoch: 1 ocserv[7282]: TLS[<4>]: REC[0x875b28]: Sent Packet[4] Application Data(23) in epoch 1 and length: 533 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_buffers.c:515 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_record.c:1001 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_record.c:1113 ocserv[7282]: TLS[<2>]: ASSERT: gnutls_record.c:1348 ocserv[7272]: main: 10.24.1.25:56022 main-misc.c:423: command socket closed ocserv[7272]: main: 10.24.1.25:56022 removing client '' with id '7282' root at ubnt:/config/ocserv# cat ocserv.cfg max-clients = 16 max-same-clients = 16 tcp-port = 443 udp-port = 443 keepalive = 32400 dpd = 1900 mobile-dpd = 1800 try-mtu-discovery = false auth = "plain[/config/ocserv/ocpasswd]" server-cert = /config/ocserv/server-cert.pem server-key = /config/ocserv/server-key.pem tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT" auth-timeout = 4000 cookie-timeout = 300 deny-roaming = false rekey-time = 172800 rekey-method = ssl use-utmp = true use-occtl = true pid-file = /var/run/ocserv.pid socket-file = /var/run/ocserv-socket run-as-user = root run-as-group = root cgroup = "cpuset,cpu:test" device = vpns cisco-client-compat = true predictable-ips = true default-domain = mynet.tld # The pool of addresses that leases will be given from. ipv4-network = 192.168.150.0 ipv4-netmask = 255.255.255.0 dns = 8.8.8.8 route = 10.24.1.0/255.255.255.0 ping-leases = false root at ubnt:/config/ocserv# cat instserv.sh #!/bin/bash certtool --generate-privkey --outfile ca-key.pem cat << _EOF_ >ca.tmpl cn = "204-ubiquity.mynet.tld" organization = "REU" serial = 1 expiration_days = 9999 ca signing_key cert_signing_key crl_signing_key _EOF_ certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem certtool --generate-privkey --outfile server-key.pem cat << _EOF_ >server.tmpl cn = "204-ubiquity.mynet.tld" organization = "REU" serial = 2 expiration_days = 9999 signing_key encryption_key #only if the generated key is an RSA one tls_www_server _EOF_ certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem mv ./server-cert.pem /config/ocserv mv ./server-key.pem /config/ocserv ocpasswd root -c /config/ocserv/ocpasswd root at ubnt:/config/ocserv# cat clientcert.sh #!/bin/bash certtool --generate-privkey --outfile user-key.pem cat << _EOF_ >user.tmpl cn = "user" unit = "user" expiration_days = 9999 signing_key tls_www_client _EOF_ certtool --generate-certificate --load-privkey user-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template user.tmpl --outfile user-cert.pem certtool --to-p12 --load-privkey user-key.pem --pkcs-cipher arcfour --load-certificate user-cert.pem --outfile user.p12
