On Wed, Dec 9, 2015 at 2:33 PM, Eugene Istomin <E.Istomin at edss.ee> wrote:
> Nikos,
> ocserv[16828]: worker[VPN]: {IP} writing 60 byte(s) to TUN
> ocserv[16828]: worker[VPN]: {IP} received 272 byte(s) (TLS)
> ocserv[16828]: worker[VPN]: {IP} unexpected CSTP length (have 60, should be 264)
> ocserv[16828]: worker[VPN]: {IP} worker-vpn.c:1094: error parsing CSTP data
> ...
Ok. My understanding is that haproxy breaks a TLS packet received
(with 264 bytes of payload) into multiple writes to ocserv socket.
That's a bummer. Because ocserv doesn't attempt to reconstruct the
packet (in the TLS case it is not necessary as the TLS boundaries are
sufficient), this error occurs. Is there a way to instruct haproxy to
pass the full packet received rather than doing multiple writes?
Otherwise we may need some reconstruction logic for that situation.
regards,
Nikos
