On Sun, 2015-01-25 at 20:50 +0800, David Frank wrote: > Continue investigation from my previous thread, I manage to obtain a > decent capture of client log. > > > Basically test flow: > > connect to ocserv, put my iphone 6 to sleep, wake it from sleep after > 3 minutes, and observe reconnect attempt failed. > > > My ocserv settings: > > auth = "certificate" > cookie-timeout = 600 > cisco-client-compat = true > > > AnyConnect general timeline: [...] > TL;DR: So ocserv return 401 when AnyConnect send it the auth cookie? I > think there is something wonky happening, even though I set it to last > for 10minutes, and does not require certificate on reconnect, ocserv > still rejects AnyConnect reconnect attempts. What do you see on the ocserv side? Do you see the reason of not accepting the cookie? regards, Nikos
