On Wed, 24 Sep 2014, Nikos Mavrogiannopoulos wrote: > On Wed, Sep 24, 2014 at 2:41 PM, Norbert Paschedag <noe at physik.uzh.ch> wrote: >> Hi, >> I'm trying to set up ocserv so it can be used by anyconnect users. >> Authentication is done via certificates and passwords (via pam). >> The group is determined from the cert DN and there's no group selector >> (although anyconnect displays the group). >> Both user and group are correctly shown in the debug output: >> ocserv[12766]: sec-mod: auth init for user 'testuser' (group: 'vpntest') >> from '192.168.2.13' > >> The config-per-group files, however, are not being read at all and it >> seems that the proc->groupname seen in get_sup_config() is empty. >> config-per-user _is_ read correctly. > > Hi, > Could you elaborate on the scenario at hand. Do you have both a config > per user and config per group, and both should be read for this particular user? The original idea was to have per-group configs only. But after seeing they're not read, I tried per-user configs as well. Only the per-user configs are ever read. > What is the log (with debugging) output when that user connects? > > If both apply, ocserv should load the group configuration, and then the user > configuration will override it. Ok, log obtained from 'ocserv -f -d 6' is attached below. Both the files /etc/ocserv/config-per-group/vpntest and /etc/ocserv/config-per-group/testuser exist and contain the route shown in the log at line 202. Regards, Norbert 001 listening (TCP) on 192.168.2.66:443... 002 listening (UDP) on 192.168.2.66:443... 003 ocserv[16604]: main: initialized ocserv 0.8.4 004 ocserv[16606]: sec-mod: sec-mod initialized (socket: /etc/ocserv/chroot///var/run/ocserv-socket.16604) 005 ocserv[16604]: error connecting to sec-mod socket '/var/run/ocserv-socket.16604': No such file or directory 006 ocserv[16604]: main: processed 1 CA certificate(s) 007 ocserv[16604]: main: putting process 16607 to cgroup 'cpuset:test' 008 ocserv[16604]: main: main-misc.c:743: cannot open: /sys/fs/cgroup/cpuset/test/tasks 009 ocserv[16607]: worker: 192.168.2.13:43912 accepted connection 010 ocserv[16607]: worker: 192.168.2.13:43912 client certificate verification succeeded 011 ocserv[16606]: sec-mod: received request from pid 16607 and uid 99 012 ocserv[16606]: sec-mod: cmd [size=261] sm: decrypt 013 ocserv[16607]: worker: 192.168.2.13:43912 sending message 'resume data store request' to main 014 ocserv[16607]: worker: 192.168.2.13:43912 TLS handshake completed 015 ocserv[16604]: main: 192.168.2.13:43912 main received message 'resume data store request' of 2419 bytes 016 ocserv[16604]: main: 192.168.2.13:43912 TLS session DB storing 24ad4a81ce0f677f6474aee1e5359150bb0aa28cc7e9ff6e8218b273e2daeb82 017 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170 018 ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170' 019 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */* 020 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity 021 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1 022 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1 023 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64 024 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Connection: close 025 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2 026 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Length: 289 027 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Type: application/x-www-form-urlencoded 028 ocserv[16607]: worker: 192.168.2.13:43912 HTTP POST / 029 ocserv[16607]: worker: 192.168.2.13:43912 POST body: '<?xml version="1.0" encoding="UTF-8"?> 030 <config-auth client="vpn" type="init" aggregate-auth-version="2"> 031 <version who="vpn">3.1.05170</version> 032 <device-id>linux-64</device-id> 033 <group-select>vpntest</group-select> 034 <group-access>https://vpn2</group-access> 035 </config-auth> 036 ' 037 ocserv[16607]: worker: 192.168.2.13:43912 cannot find 'username' in client XML message 038 ocserv[16607]: worker: 192.168.2.13:43912 failed reading username 039 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170 040 ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170' 041 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */* 042 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity 043 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1 044 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1 045 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64 046 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2 047 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Length: 36 048 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Type: application/x-www-form-urlencoded 049 ocserv[16607]: worker: 192.168.2.13:43912 HTTP POST /auth 050 ocserv[16607]: worker: 192.168.2.13:43912 POST body: 'group_list=vpntest&username=testuser' 051 ocserv[16607]: worker: 192.168.2.13:43912 cannot find 'group%5flist' in client message 052 ocserv[16607]: worker: 192.168.2.13:43912 sending message 'sm: auth init' to secmod 053 ocserv[16606]: sec-mod: received request from pid 16607 and uid 99 054 ocserv[16606]: sec-mod: cmd [size=59] sm: auth init 055 ocserv[16606]: sec-mod: auth init for user 'testuser' (group: 'vpntest') from '192.168.2.13' 056 ocserv[16607]: worker: 192.168.2.13:43912 received auth reply message (value: 2) 057 ocserv[16607]: worker: 192.168.2.13:43912 continuing authentication for 'testuser' 058 ocserv[16607]: worker: 192.168.2.13:43912 sent sid: 9XNKjjbHsm/CvxQu 059 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170 060 ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170' 061 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */* 062 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity 063 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Cookie: webvpncontext=9XNKjjbHsm/CvxQu 064 ocserv[16607]: worker: 192.168.2.13:43912 received sid: 9XNKjjbHsm/CvxQu 065 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1 066 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1 067 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64 068 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2 069 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Length: 18 070 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Type: application/x-www-form-urlencoded 071 ocserv[16607]: worker: 192.168.2.13:43912 HTTP POST /auth 072 ocserv[16607]: worker: 192.168.2.13:43912 POST body: 'password=XXXX' 073 ocserv[16607]: worker: 192.168.2.13:43912 sending message 'sm: auth cont' to secmod 074 ocserv[16606]: sec-mod: received request from pid 16607 and uid 99 075 ocserv[16606]: sec-mod: cmd [size=27] sm: auth cont 076 ocserv[16606]: sec-mod: auth cont for user 'testuser' 077 ocserv[16606]: pam_krb5[16606]: error reading keytab 'FILE:/etc/krb5.keytab' 078 ocserv[16606]: pam_krb5[16606]: TGT verified 079 ocserv[16606]: pam_krb5[16606]: authentication succeeds for 'testuser' (testuser at MYREALM) 080 ocserv[16606]: sec-mod: auth deinit for user 'testuser' 081 ocserv[16607]: worker: 192.168.2.13:43912 received auth reply message (value: 1) 082 ocserv[16607]: worker: 192.168.2.13:43912 user 'testuser' obtained cookie 083 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170 084 ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170' 085 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */* 086 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity 087 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Cookie: webvpnc=bu:/&p:t&iu:1/&sh:DCA943A4171DCB665B8D9C8446D758DC7C7ECE63&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/userprofile.xml&fh:5D18881D36B7521A0FE1A55503385F80AD25BD5C; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr; webvpncontext=9XNKjjbHsm/CvxQu; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALML 088 ocserv[16607]: worker: 192.168.2.13:43912 received sid: 9XNKjjbHsm/CvxQu 089 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1 090 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1 091 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64 092 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2 093 ocserv[16607]: worker: 192.168.2.13:43912 HTTP GET /1/index.html 094 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170 095 ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170' 096 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */* 097 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity 098 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Cookie: webvpnc=bu:/&p:t&iu:1/&sh:DCA943A4171DCB665B8D9C8446D758DC7C7ECE63&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/userprofile.xml&fh:5D18881D36B7521A0FE1A55503385F80AD25BD5C; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr; webvpncontext=9XNKjjbHsm/CvxQu; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALML 099 ocserv[16607]: worker: 192.168.2.13:43912 received sid: 9XNKjjbHsm/CvxQu 100 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1 101 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1 102 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64 103 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2 104 ocserv[16607]: worker: 192.168.2.13:43912 HTTP GET /1/Linux_64 105 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170 106 ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170' 107 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */* 108 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity 109 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Cookie: webvpnc=bu:/&p:t&iu:1/&sh:DCA943A4171DCB665B8D9C8446D758DC7C7ECE63&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/userprofile.xml&fh:5D18881D36B7521A0FE1A55503385F80AD25BD5C; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr; webvpncontext=9XNKjjbHsm/CvxQu; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALML 110 ocserv[16607]: worker: 192.168.2.13:43912 received sid: 9XNKjjbHsm/CvxQu 111 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1 112 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1 113 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64 114 ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2 115 ocserv[16607]: worker: 192.168.2.13:43912 HTTP GET /1/binaries/update.txt 116 ocserv[16607]: worker: 192.168.2.13:43912 requested fixed string: /1/binaries/update.txt 117 ocserv[16604]: main: putting process 16615 to cgroup 'cpuset:test' 118 ocserv[16604]: main: main-misc.c:743: cannot open: /sys/fs/cgroup/cpuset/test/tasks 119 ocserv[16615]: worker: 192.168.2.13:43914 accepted connection 120 ocserv[16615]: worker: 192.168.2.13:43914 tlslib.c:282: error verifying client certificate: No certificate was found. 121 ocserv[16606]: sec-mod: received request from pid 16615 and uid 99 122 ocserv[16606]: sec-mod: cmd [size=261] sm: decrypt 123 ocserv[16615]: worker: 192.168.2.13:43914 sending message 'resume data store request' to main 124 ocserv[16615]: worker: 192.168.2.13:43914 TLS handshake completed 125 ocserv[16604]: main: 192.168.2.13:43914 main received message 'resume data store request' of 277 bytes 126 ocserv[16604]: main: 192.168.2.13:43914 TLS session DB storing 13f5c642fdfd407a1ac364ed76186120fa82f9be89a5b75315393f78b936c0d3 127 ocserv[16615]: worker: 192.168.2.13:43914 HTTP: User-Agent: AnyConnect Downloader 3.1.05170 128 ocserv[16615]: worker: 192.168.2.13:43914 User-agent: 'AnyConnect Downloader 3.1.05170' 129 ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Accept: */* 130 ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Cookie: webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr 131 ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Host: vpn2 132 ocserv[16615]: worker: 192.168.2.13:43914 HTTP GET /1/VPNManifest.xml 133 ocserv[16615]: worker: 192.168.2.13:43914 requested fixed string: /1/VPNManifest.xml 134 ocserv[16615]: worker: 192.168.2.13:43914 HTTP: User-Agent: AnyConnect Downloader 3.1.05170 135 ocserv[16615]: worker: 192.168.2.13:43914 User-agent: 'AnyConnect Downloader 3.1.05170' 136 ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Accept: */* 137 ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Cookie: webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr 138 ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Host: vpn2 139 ocserv[16615]: worker: 192.168.2.13:43914 HTTP GET /+CSCOT+/translation-table?type=combined-manifest&textdomain=AnyConnect 140 ocserv[16615]: worker: 192.168.2.13:43914 unexpected URL /+CSCOT+/translation-table?type=combined-manifest&textdomain=AnyConnect 141 ocserv[16604]: main: 192.168.2.13:43914 main-misc.c:414: command socket closed 142 ocserv[16604]: main: 192.168.2.13:43914 removing client '' with id '16615' 143 ocserv[16604]: main: putting process 16616 to cgroup 'cpuset:test' 144 ocserv[16604]: main: main-misc.c:743: cannot open: /sys/fs/cgroup/cpuset/test/tasks 145 ocserv[16616]: worker: 192.168.2.13:43915 accepted connection 146 ocserv[16616]: worker: 192.168.2.13:43915 sending message 'resume data fetch request' to main 147 ocserv[16604]: main: 192.168.2.13:43915 main received message 'resume data fetch request' of 34 bytes 148 ocserv[16604]: main: 192.168.2.13:43915 TLS session DB resuming 13f5c642fdfd407a1ac364ed76186120fa82f9be89a5b75315393f78b936c0d3 149 ocserv[16604]: main: 192.168.2.13:43915 sending message 'resume data fetch reply' to worker 150 ocserv[16616]: worker: 192.168.2.13:43915 tlslib.c:282: error verifying client certificate: No certificate was found. 151 ocserv[16616]: worker: 192.168.2.13:43915 TLS handshake completed 152 ocserv[16616]: worker: 192.168.2.13:43915 HTTP: User-Agent: AnyConnect Downloader 3.1.05170 153 ocserv[16616]: worker: 192.168.2.13:43915 User-agent: 'AnyConnect Downloader 3.1.05170' 154 ocserv[16616]: worker: 192.168.2.13:43915 HTTP: Accept: */* 155 ocserv[16616]: worker: 192.168.2.13:43915 HTTP: Cookie: webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr 156 ocserv[16616]: worker: 192.168.2.13:43915 HTTP: Host: vpn2 157 ocserv[16616]: worker: 192.168.2.13:43915 HTTP GET /+CSCOT+/oem-customization?app=AnyConnect&type=manifest&platform=linux-64 158 ocserv[16616]: worker: 192.168.2.13:43915 unexpected URL /+CSCOT+/oem-customization?app=AnyConnect&type=manifest&platform=linux-64 159 ocserv[16604]: main: 192.168.2.13:43915 main-misc.c:414: command socket closed 160 ocserv[16604]: main: 192.168.2.13:43915 removing client '' with id '16616' 161 ocserv[16604]: main: putting process 16617 to cgroup 'cpuset:test' 162 ocserv[16604]: main: main-misc.c:743: cannot open: /sys/fs/cgroup/cpuset/test/tasks 163 ocserv[16617]: worker: 192.168.2.13:43917 accepted connection 164 ocserv[16617]: worker: 192.168.2.13:43917 tlslib.c:282: error verifying client certificate: No certificate was found. 165 ocserv[16606]: sec-mod: received request from pid 16617 and uid 99 166 ocserv[16606]: sec-mod: cmd [size=261] sm: decrypt 167 ocserv[16617]: worker: 192.168.2.13:43917 sending message 'resume data store request' to main 168 ocserv[16617]: worker: 192.168.2.13:43917 TLS handshake completed 169 ocserv[16604]: main: 192.168.2.13:43917 main received message 'resume data store request' of 277 bytes 170 ocserv[16604]: main: 192.168.2.13:43917 TLS session DB storing 8ba1750d0a8ed807fe9c34931088b9f4aaf51bd7ec528601a31094c874e7391a 171 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: Host: vpn2 172 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: User-Agent: Cisco AnyConnect VPN Agent for Linux 3.1.05170 173 ocserv[16617]: worker: 192.168.2.13:43917 User-agent: 'Cisco AnyConnect VPN Agent for Linux 3.1.05170' 174 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: Cookie: webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr 175 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Version: 1 176 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Hostname: vpntest 177 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-MTU: 1399 178 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Address-Type: IPv6,IPv4 179 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Local-Address-IP4: 192.168.122.135 180 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Base-MTU: 1500 181 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Remote-Address-IP4: 192.168.2.66 182 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Full-IPv6-Capability: false 183 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-DTLS-Master-Secret: C1C5BCF3D71DC77692E3A0680DB4D31A57E2CDA3903945C853E0EEDF8CD31D440278790DFF4A9DA467B1FDB48BAA9A35 184 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA 185 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-DTLS-Accept-Encoding: lzs 186 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-DTLS-Header-Pad-Length: 0 187 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Accept-Encoding: lzs 188 ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc. 189 ocserv[16617]: worker: 192.168.2.13:43917 HTTP CONNECT /CSCOSSLC/tunnel 190 ocserv[16617]: worker: 192.168.2.13:43917 sending message 'auth cookie request' to main 191 ocserv[16604]: main: 192.168.2.13:43917 main received message 'auth cookie request' of 124 bytes 192 ocserv[16604]: Loading user configuration '/etc/ocserv/config-per-user//testuser' 193 ocserv[16604]: main: 192.168.2.13:43917 new cookie for 'testuser' (16617) 194 ocserv[16604]: main: 192.168.2.13:43917 accepting user 'testuser' 195 ocserv[16604]: main: 192.168.2.13:43917 selected IP for 'testuser': 10.42.5.52 196 ocserv[16604]: main: pinged 10.42.5.52 and 10.42.5.53 and are not in use 197 ocserv[16604]: main: 192.168.2.13:43917 assigned IPv4 to 'testuser': 10.42.5.53 198 ocserv[16604]: main: 192.168.2.13:43917 assigning tun device vpns0 199 ocserv[16604]: main: 192.168.2.13:43917 user 'testuser' of group 'vpntest' authenticated (using cookie) 200 ocserv[16620]: main: 192.168.2.13:43917 executing script /etc/vpn/scripts/connect 201 ocserv[16604]: main: 192.168.2.13:43917 connect-script exit status: 0 202 ocserv[16604]: main: 192.168.2.13:43917 sending route '10.9.0.0/255.255.0.0' 203 ocserv[16604]: main: 192.168.2.13:43917 sending (socket) message 2 to worker 204 ocserv[16617]: worker: 192.168.2.13:43917 received auth reply message (value: 1) 205 ocserv[16617]: worker: 192.168.2.13:43917 suggesting DPD of 90 secs 206 ocserv[16617]: worker: 192.168.2.13:43917 sending IPv4 10.42.5.53 207 ocserv[16617]: worker: 192.168.2.13:43917 adding private route 10.9.0.0/255.255.0.0 208 ocserv[16617]: worker: 192.168.2.13:43917 peer's base MTU is 1500 209 ocserv[16617]: worker: 192.168.2.13:43917 TCP MSS is 1435 210 ocserv[16617]: worker: 192.168.2.13:43917 reducing MTU due to TCP MSS to 1435 211 ocserv[16617]: worker: 192.168.2.13:43917 CSTP Base MTU is 1435 bytes 212 ocserv[16617]: worker: 192.168.2.13:43917 DTLS ciphersuite: AES128-SHA 213 ocserv[16617]: worker: 192.168.2.13:43917 DTLS overhead is 94 214 ocserv[16617]: worker: 192.168.2.13:43917 suggesting DTLS MTU 1341 215 ocserv[16617]: worker: 192.168.2.13:43917 sending message 'tun mtu change' to main 216 ocserv[16617]: worker: 192.168.2.13:43917 setting MTU to 1341 217 ocserv[16604]: main: 192.168.2.13:43917 main received message 'tun mtu change' of 3 bytes 218 ocserv[16604]: main: 192.168.2.13:43917 setting vpns0 MTU to 1341 219 ocserv[16617]: worker: 192.168.2.13:43917 sending message 'session info' to main 220 ocserv[16604]: main: 192.168.2.13:43917 main received message 'session info' of 97 bytes 221 ocserv[16604]: main: 192.168.2.13:43912 main-misc.c:414: command socket closed 222 ocserv[16604]: main: 192.168.2.13:43912 removing client '' with id '16607' 223 ocserv[16617]: worker: 192.168.2.13:43917 received 61 byte(s) (TLS) 224 ocserv[16617]: worker: 192.168.2.13:43917 received BYE packet; exiting 225 ocserv[16617]: worker: 192.168.2.13:43917 sending message 'cli stats' to main 226 ocserv[16617]: worker: 192.168.2.13:43917 sending stats (in: 0, out: 0) to main 227 ocserv[16604]: main: 192.168.2.13:43917 main received message 'cli stats' of 4 bytes 228 ocserv[16604]: main: 192.168.2.13:43917 main-misc.c:414: command socket closed 229 ocserv[16604]: main: 192.168.2.13:43917 removing client 'testuser' with id '16617' 230 ocserv[16639]: main: 192.168.2.13:43917 executing script /etc/vpn/scripts/disconnect