On Sat, 2015-01-10 at 20:39 +0000, David Woodhouse wrote: > > I found my server had two IPs, and the source IP of the "Server Hello" > > is not the same as the destination IP of the "Client Hello". After > > chaning the server IP, now the "DTLS handshake failed" problem with > > OpenConnect-GUI is gone. > > I would argue that's a server bug. If we accept incoming DTLS on a given > IP address the we should also bind() to that address before replying. Correct. I expected that would have been trivial to fix, but it seems the sockets API is so much system-specific, and ipv4-ipv6 specific when it comes to these corner cases. Anyway should be fixed in ocserv master. regards, Nikos
