ocserv: config-per-group not read if group comes from certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Wed, 24 Sep 2014, Nikos Mavrogiannopoulos wrote:

> On Wed, Sep 24, 2014 at 2:41 PM, Norbert Paschedag <noe at physik.uzh.ch> wrote:
>> Hi,
>> I'm trying to set up ocserv so it can be used by anyconnect users.
>> Authentication is done via certificates and passwords (via pam).
>> The group is determined from the cert DN and there's no group selector
>> (although anyconnect displays the group).
>> Both user and group are correctly shown in the debug output:
>> ocserv[12766]: sec-mod: auth init for user 'testuser' (group: 'vpntest')
>> from '192.168.2.13'
>
>> The config-per-group files, however, are not being read at all and it
>> seems that the proc->groupname seen in get_sup_config() is empty.
>> config-per-user _is_ read correctly.
>
> Hi,
> Could you elaborate on the scenario at hand. Do you have both a config
> per user and config per group, and both should be read for this particular user?

The original idea was to have per-group configs only. But after seeing 
they're not read, I tried per-user configs as well. Only the per-user 
configs are ever read.

> What is the log (with debugging) output when that user connects?
>
> If both apply, ocserv should load the group configuration, and then the user
> configuration will override it.

Ok, log obtained from 'ocserv -f -d 6' is attached below.
Both the files /etc/ocserv/config-per-group/vpntest and /etc/ocserv/config-per-group/testuser
exist and contain the route shown in the log at line 202.

Regards,
    Norbert



  001  listening (TCP) on 192.168.2.66:443...
  002  listening (UDP) on 192.168.2.66:443...
  003  ocserv[16604]: main: initialized ocserv 0.8.4
  004  ocserv[16606]: sec-mod: sec-mod initialized (socket: /etc/ocserv/chroot///var/run/ocserv-socket.16604)
  005  ocserv[16604]: error connecting to sec-mod socket '/var/run/ocserv-socket.16604': No such file or directory
  006  ocserv[16604]: main: processed 1 CA certificate(s)
  007  ocserv[16604]: main: putting process 16607 to cgroup 'cpuset:test'
  008  ocserv[16604]: main: main-misc.c:743: cannot open: /sys/fs/cgroup/cpuset/test/tasks
  009  ocserv[16607]: worker: 192.168.2.13:43912 accepted connection
  010  ocserv[16607]: worker: 192.168.2.13:43912 client certificate verification succeeded
  011  ocserv[16606]: sec-mod: received request from pid 16607 and uid 99
  012  ocserv[16606]: sec-mod: cmd [size=261] sm: decrypt
  013  ocserv[16607]: worker: 192.168.2.13:43912 sending message 'resume data store request' to main
  014  ocserv[16607]: worker: 192.168.2.13:43912 TLS handshake completed
  015  ocserv[16604]: main: 192.168.2.13:43912 main received message 'resume data store request' of 2419 bytes
  016  ocserv[16604]: main: 192.168.2.13:43912 TLS session DB storing 24ad4a81ce0f677f6474aee1e5359150bb0aa28cc7e9ff6e8218b273e2daeb82
  017  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170
  018  ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170'
  019  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */*
  020  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity
  021  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1
  022  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1
  023  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64
  024  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Connection: close
  025  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2
  026  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Length: 289
  027  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Type: application/x-www-form-urlencoded
  028  ocserv[16607]: worker: 192.168.2.13:43912 HTTP POST /
  029  ocserv[16607]: worker: 192.168.2.13:43912 POST body: '<?xml version="1.0" encoding="UTF-8"?>
  030  <config-auth client="vpn" type="init" aggregate-auth-version="2">
  031  <version who="vpn">3.1.05170</version>
  032  <device-id>linux-64</device-id>
  033  <group-select>vpntest</group-select>
  034  <group-access>https://vpn2</group-access>
  035  </config-auth>
  036  '
  037  ocserv[16607]: worker: 192.168.2.13:43912 cannot find 'username' in client XML message
  038  ocserv[16607]: worker: 192.168.2.13:43912 failed reading username
  039  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170
  040  ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170'
  041  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */*
  042  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity
  043  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1
  044  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1
  045  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64
  046  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2
  047  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Length: 36
  048  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Type: application/x-www-form-urlencoded
  049  ocserv[16607]: worker: 192.168.2.13:43912 HTTP POST /auth
  050  ocserv[16607]: worker: 192.168.2.13:43912 POST body: 'group_list=vpntest&username=testuser'
  051  ocserv[16607]: worker: 192.168.2.13:43912 cannot find 'group%5flist' in client message
  052  ocserv[16607]: worker: 192.168.2.13:43912 sending message 'sm: auth init' to secmod
  053  ocserv[16606]: sec-mod: received request from pid 16607 and uid 99
  054  ocserv[16606]: sec-mod: cmd [size=59] sm: auth init
  055  ocserv[16606]: sec-mod: auth init for user 'testuser' (group: 'vpntest') from '192.168.2.13'
  056  ocserv[16607]: worker: 192.168.2.13:43912 received auth reply message (value: 2)
  057  ocserv[16607]: worker: 192.168.2.13:43912 continuing authentication for 'testuser'
  058  ocserv[16607]: worker: 192.168.2.13:43912 sent sid: 9XNKjjbHsm/CvxQu
  059  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170
  060  ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170'
  061  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */*
  062  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity
  063  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Cookie: webvpncontext=9XNKjjbHsm/CvxQu
  064  ocserv[16607]: worker: 192.168.2.13:43912 received sid: 9XNKjjbHsm/CvxQu
  065  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1
  066  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1
  067  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64
  068  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2
  069  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Length: 18
  070  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Content-Type: application/x-www-form-urlencoded
  071  ocserv[16607]: worker: 192.168.2.13:43912 HTTP POST /auth
  072  ocserv[16607]: worker: 192.168.2.13:43912 POST body: 'password=XXXX'
  073  ocserv[16607]: worker: 192.168.2.13:43912 sending message 'sm: auth cont' to secmod
  074  ocserv[16606]: sec-mod: received request from pid 16607 and uid 99
  075  ocserv[16606]: sec-mod: cmd [size=27] sm: auth cont
  076  ocserv[16606]: sec-mod: auth cont for user 'testuser'
  077  ocserv[16606]: pam_krb5[16606]: error reading keytab 'FILE:/etc/krb5.keytab'
  078  ocserv[16606]: pam_krb5[16606]: TGT verified
  079  ocserv[16606]: pam_krb5[16606]: authentication succeeds for 'testuser' (testuser at MYREALM)
  080  ocserv[16606]: sec-mod: auth deinit for user 'testuser'
  081  ocserv[16607]: worker: 192.168.2.13:43912 received auth reply message (value: 1)
  082  ocserv[16607]: worker: 192.168.2.13:43912 user 'testuser' obtained cookie
  083  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170
  084  ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170'
  085  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */*
  086  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity
  087  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Cookie: webvpnc=bu:/&p:t&iu:1/&sh:DCA943A4171DCB665B8D9C8446D758DC7C7ECE63&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/userprofile.xml&fh:5D18881D36B7521A0FE1A55503385F80AD25BD5C; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr; webvpncontext=9XNKjjbHsm/CvxQu; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALML
  088  ocserv[16607]: worker: 192.168.2.13:43912 received sid: 9XNKjjbHsm/CvxQu
  089  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1
  090  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1
  091  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64
  092  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2
  093  ocserv[16607]: worker: 192.168.2.13:43912 HTTP GET /1/index.html
  094  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170
  095  ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170'
  096  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */*
  097  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity
  098  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Cookie: webvpnc=bu:/&p:t&iu:1/&sh:DCA943A4171DCB665B8D9C8446D758DC7C7ECE63&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/userprofile.xml&fh:5D18881D36B7521A0FE1A55503385F80AD25BD5C; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr; webvpncontext=9XNKjjbHsm/CvxQu; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALML
  099  ocserv[16607]: worker: 192.168.2.13:43912 received sid: 9XNKjjbHsm/CvxQu
  100  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1
  101  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1
  102  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64
  103  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2
  104  ocserv[16607]: worker: 192.168.2.13:43912 HTTP GET /1/Linux_64
  105  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: User-Agent: AnyConnect Linux_64 3.1.05170
  106  ocserv[16607]: worker: 192.168.2.13:43912 User-agent: 'AnyConnect Linux_64 3.1.05170'
  107  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept: */*
  108  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Accept-Encoding: identity
  109  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Cookie: webvpnc=bu:/&p:t&iu:1/&sh:DCA943A4171DCB665B8D9C8446D758DC7C7ECE63&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/userprofile.xml&fh:5D18881D36B7521A0FE1A55503385F80AD25BD5C; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr; webvpncontext=9XNKjjbHsm/CvxQu; webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALML
  110  ocserv[16607]: worker: 192.168.2.13:43912 received sid: 9XNKjjbHsm/CvxQu
  111  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Transcend-Version: 1
  112  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-Aggregate-Auth: 1
  113  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: X-AnyConnect-Platform: linux-64
  114  ocserv[16607]: worker: 192.168.2.13:43912 HTTP: Host: vpn2
  115  ocserv[16607]: worker: 192.168.2.13:43912 HTTP GET /1/binaries/update.txt
  116  ocserv[16607]: worker: 192.168.2.13:43912 requested fixed string: /1/binaries/update.txt
  117  ocserv[16604]: main: putting process 16615 to cgroup 'cpuset:test'
  118  ocserv[16604]: main: main-misc.c:743: cannot open: /sys/fs/cgroup/cpuset/test/tasks
  119  ocserv[16615]: worker: 192.168.2.13:43914 accepted connection
  120  ocserv[16615]: worker: 192.168.2.13:43914 tlslib.c:282: error verifying client certificate: No certificate was found.
  121  ocserv[16606]: sec-mod: received request from pid 16615 and uid 99
  122  ocserv[16606]: sec-mod: cmd [size=261] sm: decrypt
  123  ocserv[16615]: worker: 192.168.2.13:43914 sending message 'resume data store request' to main
  124  ocserv[16615]: worker: 192.168.2.13:43914 TLS handshake completed
  125  ocserv[16604]: main: 192.168.2.13:43914 main received message 'resume data store request' of 277 bytes
  126  ocserv[16604]: main: 192.168.2.13:43914 TLS session DB storing 13f5c642fdfd407a1ac364ed76186120fa82f9be89a5b75315393f78b936c0d3
  127  ocserv[16615]: worker: 192.168.2.13:43914 HTTP: User-Agent: AnyConnect Downloader 3.1.05170
  128  ocserv[16615]: worker: 192.168.2.13:43914 User-agent: 'AnyConnect Downloader 3.1.05170'
  129  ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Accept: */*
  130  ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Cookie: webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr
  131  ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Host: vpn2
  132  ocserv[16615]: worker: 192.168.2.13:43914 HTTP GET /1/VPNManifest.xml
  133  ocserv[16615]: worker: 192.168.2.13:43914 requested fixed string: /1/VPNManifest.xml
  134  ocserv[16615]: worker: 192.168.2.13:43914 HTTP: User-Agent: AnyConnect Downloader 3.1.05170
  135  ocserv[16615]: worker: 192.168.2.13:43914 User-agent: 'AnyConnect Downloader 3.1.05170'
  136  ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Accept: */*
  137  ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Cookie: webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr
  138  ocserv[16615]: worker: 192.168.2.13:43914 HTTP: Host: vpn2
  139  ocserv[16615]: worker: 192.168.2.13:43914 HTTP GET /+CSCOT+/translation-table?type=combined-manifest&textdomain=AnyConnect
  140  ocserv[16615]: worker: 192.168.2.13:43914 unexpected URL /+CSCOT+/translation-table?type=combined-manifest&textdomain=AnyConnect
  141  ocserv[16604]: main: 192.168.2.13:43914 main-misc.c:414: command socket closed
  142  ocserv[16604]: main: 192.168.2.13:43914 removing client '' with id '16615'
  143  ocserv[16604]: main: putting process 16616 to cgroup 'cpuset:test'
  144  ocserv[16604]: main: main-misc.c:743: cannot open: /sys/fs/cgroup/cpuset/test/tasks
  145  ocserv[16616]: worker: 192.168.2.13:43915 accepted connection
  146  ocserv[16616]: worker: 192.168.2.13:43915 sending message 'resume data fetch request' to main
  147  ocserv[16604]: main: 192.168.2.13:43915 main received message 'resume data fetch request' of 34 bytes
  148  ocserv[16604]: main: 192.168.2.13:43915 TLS session DB resuming 13f5c642fdfd407a1ac364ed76186120fa82f9be89a5b75315393f78b936c0d3
  149  ocserv[16604]: main: 192.168.2.13:43915 sending message 'resume data fetch reply' to worker
  150  ocserv[16616]: worker: 192.168.2.13:43915 tlslib.c:282: error verifying client certificate: No certificate was found.
  151  ocserv[16616]: worker: 192.168.2.13:43915 TLS handshake completed
  152  ocserv[16616]: worker: 192.168.2.13:43915 HTTP: User-Agent: AnyConnect Downloader 3.1.05170
  153  ocserv[16616]: worker: 192.168.2.13:43915 User-agent: 'AnyConnect Downloader 3.1.05170'
  154  ocserv[16616]: worker: 192.168.2.13:43915 HTTP: Accept: */*
  155  ocserv[16616]: worker: 192.168.2.13:43915 HTTP: Cookie: webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr
  156  ocserv[16616]: worker: 192.168.2.13:43915 HTTP: Host: vpn2
  157  ocserv[16616]: worker: 192.168.2.13:43915 HTTP GET /+CSCOT+/oem-customization?app=AnyConnect&type=manifest&platform=linux-64
  158  ocserv[16616]: worker: 192.168.2.13:43915 unexpected URL /+CSCOT+/oem-customization?app=AnyConnect&type=manifest&platform=linux-64
  159  ocserv[16604]: main: 192.168.2.13:43915 main-misc.c:414: command socket closed
  160  ocserv[16604]: main: 192.168.2.13:43915 removing client '' with id '16616'
  161  ocserv[16604]: main: putting process 16617 to cgroup 'cpuset:test'
  162  ocserv[16604]: main: main-misc.c:743: cannot open: /sys/fs/cgroup/cpuset/test/tasks
  163  ocserv[16617]: worker: 192.168.2.13:43917 accepted connection
  164  ocserv[16617]: worker: 192.168.2.13:43917 tlslib.c:282: error verifying client certificate: No certificate was found.
  165  ocserv[16606]: sec-mod: received request from pid 16617 and uid 99
  166  ocserv[16606]: sec-mod: cmd [size=261] sm: decrypt
  167  ocserv[16617]: worker: 192.168.2.13:43917 sending message 'resume data store request' to main
  168  ocserv[16617]: worker: 192.168.2.13:43917 TLS handshake completed
  169  ocserv[16604]: main: 192.168.2.13:43917 main received message 'resume data store request' of 277 bytes
  170  ocserv[16604]: main: 192.168.2.13:43917 TLS session DB storing 8ba1750d0a8ed807fe9c34931088b9f4aaf51bd7ec528601a31094c874e7391a
  171  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: Host: vpn2
  172  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: User-Agent: Cisco AnyConnect VPN Agent for Linux 3.1.05170
  173  ocserv[16617]: worker: 192.168.2.13:43917 User-agent: 'Cisco AnyConnect VPN Agent for Linux 3.1.05170'
  174  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: Cookie: webvpn=j2XNckFotMbwGjJo5Ma6LlOYvnO+o3EPgfYRxVrkDYztgbwQeMTLbpLiPhJALMLM/2ORMeHcm+9nT5I+chCf7DfxfeFvGJ4IAutsqr7qLIo8e0uDMp0uzWpRfh8i7IJNCUf/eIJTO5QB2l3QoO42PWNyRJR5Gshr
  175  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Version: 1
  176  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Hostname: vpntest
  177  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-MTU: 1399
  178  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Address-Type: IPv6,IPv4
  179  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Local-Address-IP4: 192.168.122.135
  180  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Base-MTU: 1500
  181  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Remote-Address-IP4: 192.168.2.66
  182  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Full-IPv6-Capability: false
  183  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-DTLS-Master-Secret: C1C5BCF3D71DC77692E3A0680DB4D31A57E2CDA3903945C853E0EEDF8CD31D440278790DFF4A9DA467B1FDB48BAA9A35
  184  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA
  185  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-DTLS-Accept-Encoding: lzs
  186  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-DTLS-Header-Pad-Length: 0
  187  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Accept-Encoding: lzs
  188  ocserv[16617]: worker: 192.168.2.13:43917 HTTP: X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.
  189  ocserv[16617]: worker: 192.168.2.13:43917 HTTP CONNECT /CSCOSSLC/tunnel
  190  ocserv[16617]: worker: 192.168.2.13:43917 sending message 'auth cookie request' to main
  191  ocserv[16604]: main: 192.168.2.13:43917 main received message 'auth cookie request' of 124 bytes
  192  ocserv[16604]: Loading user configuration '/etc/ocserv/config-per-user//testuser'
  193  ocserv[16604]: main: 192.168.2.13:43917 new cookie for 'testuser' (16617)
  194  ocserv[16604]: main: 192.168.2.13:43917 accepting user 'testuser'
  195  ocserv[16604]: main: 192.168.2.13:43917 selected IP for 'testuser': 10.42.5.52
  196  ocserv[16604]: main: pinged 10.42.5.52 and 10.42.5.53 and are not in use
  197  ocserv[16604]: main: 192.168.2.13:43917 assigned IPv4 to 'testuser': 10.42.5.53
  198  ocserv[16604]: main: 192.168.2.13:43917 assigning tun device vpns0
  199  ocserv[16604]: main: 192.168.2.13:43917 user 'testuser' of group 'vpntest' authenticated (using cookie)
  200  ocserv[16620]: main: 192.168.2.13:43917 executing script /etc/vpn/scripts/connect
  201  ocserv[16604]: main: 192.168.2.13:43917 connect-script exit status: 0
  202  ocserv[16604]: main: 192.168.2.13:43917 sending route '10.9.0.0/255.255.0.0'
  203  ocserv[16604]: main: 192.168.2.13:43917 sending (socket) message 2 to worker
  204  ocserv[16617]: worker: 192.168.2.13:43917 received auth reply message (value: 1)
  205  ocserv[16617]: worker: 192.168.2.13:43917 suggesting DPD of 90 secs
  206  ocserv[16617]: worker: 192.168.2.13:43917 sending IPv4 10.42.5.53
  207  ocserv[16617]: worker: 192.168.2.13:43917 adding private route 10.9.0.0/255.255.0.0
  208  ocserv[16617]: worker: 192.168.2.13:43917 peer's base MTU is 1500
  209  ocserv[16617]: worker: 192.168.2.13:43917 TCP MSS is 1435
  210  ocserv[16617]: worker: 192.168.2.13:43917 reducing MTU due to TCP MSS to 1435
  211  ocserv[16617]: worker: 192.168.2.13:43917 CSTP Base MTU is 1435 bytes
  212  ocserv[16617]: worker: 192.168.2.13:43917 DTLS ciphersuite: AES128-SHA
  213  ocserv[16617]: worker: 192.168.2.13:43917 DTLS overhead is 94
  214  ocserv[16617]: worker: 192.168.2.13:43917 suggesting DTLS MTU 1341
  215  ocserv[16617]: worker: 192.168.2.13:43917 sending message 'tun mtu change' to main
  216  ocserv[16617]: worker: 192.168.2.13:43917 setting MTU to 1341
  217  ocserv[16604]: main: 192.168.2.13:43917 main received message 'tun mtu change' of 3 bytes
  218  ocserv[16604]: main: 192.168.2.13:43917 setting vpns0 MTU to 1341
  219  ocserv[16617]: worker: 192.168.2.13:43917 sending message 'session info' to main
  220  ocserv[16604]: main: 192.168.2.13:43917 main received message 'session info' of 97 bytes
  221  ocserv[16604]: main: 192.168.2.13:43912 main-misc.c:414: command socket closed
  222  ocserv[16604]: main: 192.168.2.13:43912 removing client '' with id '16607'
  223  ocserv[16617]: worker: 192.168.2.13:43917 received 61 byte(s) (TLS)
  224  ocserv[16617]: worker: 192.168.2.13:43917 received BYE packet; exiting
  225  ocserv[16617]: worker: 192.168.2.13:43917 sending message 'cli stats' to main
  226  ocserv[16617]: worker: 192.168.2.13:43917 sending stats (in: 0, out: 0) to main
  227  ocserv[16604]: main: 192.168.2.13:43917 main received message 'cli stats' of 4 bytes
  228  ocserv[16604]: main: 192.168.2.13:43917 main-misc.c:414: command socket closed
  229  ocserv[16604]: main: 192.168.2.13:43917 removing client 'testuser' with id '16617'
  230  ocserv[16639]: main: 192.168.2.13:43917 executing script /etc/vpn/scripts/disconnect
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux