No certificate was found and reduced MTU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 14, 2015 at 7:33 PM, Sheng Yu <magicfish1990 at gmail.com> wrote:
> Hi all,
> Recently, I have noticed that some clients can not connect (should be
> iOS and OS X).
> ocserv[2614]: worker:  tlslib.c:378: no certificate was found
> ocserv[2614]: sec-mod: initiating session for user 'User' (session: HqLQN)
> ocserv[2613]: main[User]: x.x.x.x:xxxxx new user session
> ocserv[2613]: main[User]: x.x.x.x:xxxxx user logged in
> ocserv[2790]: worker[User]: x.x.x.x:xxxxx worker-vpn.c:1048: GnuTLS
> error (at worker-vpn.c:1048): The TLS connection was non-properly
> terminated.
> ocserv[2613]: main[User]: x.x.x.x:xxxxx user disconnected
> ocserv[2614]: sec-mod: temporarily closing session for User (session: HqLQN)
> ocserv[2613]: main: x.x.x.x:xxxxx: too short UDP packet
> It was worked, and I do not have to modify any configuration.

That doesn't seem to be the openconnect client. If it is the
anyconnect client, you'll need to provide more information as I have
access to neither of these platforms. Is it a new client, or an old
one?

> Another problem, I noticed same clients sometimes MTU will be reduced to less than 200,
> this what happened? MTU is greater than 1300 at the beginning
> connection.

The MTU can be reduced if ocserv receives EMSGSIZE from the kernel,
i.e., the kernel believed we were exceeding the MTU. When the MTU goes
too low the connection switches to TCP only.

> Are these two issues related?

Doesn't seem so.



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux