Hi Nikos, >From 0.10.3, I find AnyConnect Client on iOS refuse to reconnnect to server when roaming from cellular network (3G/4G) to WiFi, but it's ok when roaming from WiFi to 3G/4G. I have tested 0.10.2 and 0.9.2, both work fine, I think maybe due to this change from v0.10.3: - Invalidate cookies when the user terminates the session explicitly. PS: I use pure certificate authentication, here is some ocserv log: ocserv[27196]: sec-mod: temporarily closing session for vpnuser (session: AI8xQ) ocserv[27196]: sec-mod: invalidating session user 'vpnuser' (session: AI8xQ) ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:42703 user disconnected ocserv[27279]: worker: tlslib.c:378: no certificate was found ocserv[27196]: sec-mod: session open received in unauthenticated client vpnuser (session: AI8xQ)! ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 could not initiate session for 'vpnuser' ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 could not open session ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 failed authentication attempt for user 'vpnuser' ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 user logged in ocserv[27279]: worker: IP.IP.IP.IP error receiving cookie authentication reply ocserv[27279]: worker: IP.IP.IP.IP failed cookie authentication attempt ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:55136 user disconnected -- BR Jacky He 2015-04-25 16:18 GMT+08:00 Nikos Mavrogiannopoulos <nmav at gnutls.org>: > Hello, > I've just released ocserv 0.10.2. This is a bug fix release which > resolves all known issues in the 0.10.x branch. > > * Version 0.10.3 (2015-04-25) > - Detection of gnutls capabilities was made dynamic. That would allow > the server to be compiled with old gnutls version but still use new > functionality when linked with a newer version. > - The DBUS communication channel with occtl was brought up in par > with the unix socket based one. > - Fixed issues with FreeBSD tun device handling. Reports and patches > by Brian Chu. > - When multiple authentication methods are set and the primary includes > a certificate, no longer require a certificate for all clients. > - When receiving non-minimal DPD messages, reflect their contents. > This allows using DPD for MTU detection. > - The 'try-mtu-discovery' config option was fixed to affect the DF bit > setting in UDP packets. > - Invalidate cookies when the user terminates the session explicitly. > - Fixed 'user-profile' option when isolate-workers is set to true. > - sec-mod: Do not impose timeouts on reads from main. That would prevent > issues when reading in a very busy system. > > > The current release is available at: > ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.3.tar.xz > ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.3.tar.xz.sig > > The VPN server's web-site is at: > http://www.infradead.org/ocserv > > regards, > Nikos > > > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel at lists.infradead.org > http://lists.infradead.org/mailman/listinfo/openconnect-devel
