On Fri, Aug 14, 2015 at 7:33 PM, Sheng Yu <magicfish1990 at gmail.com> wrote: > Hi all, > Recently, I have noticed that some clients can not connect (should be > iOS and OS X). > ocserv[2614]: worker: tlslib.c:378: no certificate was found > ocserv[2614]: sec-mod: initiating session for user 'User' (session: HqLQN) > ocserv[2613]: main[User]: x.x.x.x:xxxxx new user session > ocserv[2613]: main[User]: x.x.x.x:xxxxx user logged in > ocserv[2790]: worker[User]: x.x.x.x:xxxxx worker-vpn.c:1048: GnuTLS > error (at worker-vpn.c:1048): The TLS connection was non-properly > terminated. > ocserv[2613]: main[User]: x.x.x.x:xxxxx user disconnected > ocserv[2614]: sec-mod: temporarily closing session for User (session: HqLQN) > ocserv[2613]: main: x.x.x.x:xxxxx: too short UDP packet > It was worked, and I do not have to modify any configuration. That doesn't seem to be the openconnect client. If it is the anyconnect client, you'll need to provide more information as I have access to neither of these platforms. Is it a new client, or an old one? > Another problem, I noticed same clients sometimes MTU will be reduced to less than 200, > this what happened? MTU is greater than 1300 at the beginning > connection. The MTU can be reduced if ocserv receives EMSGSIZE from the kernel, i.e., the kernel believed we were exceeding the MTU. When the MTU goes too low the connection switches to TCP only. > Are these two issues related? Doesn't seem so.
