On 0.10.4: 1) I connect to vpn by using WiFi 2) I switch to cellular network, successfully roaming and reconnect 3) I switch again to WiFi network, but can't reconnect. here is ocserv log: ocserv[442]: worker: client certificate verification succeeded ocserv[382]: sec-mod: using 'certificate' authentication to authenticate user (session: eflZJ) ocserv[443]: worker: tlslib.c:378: no certificate was found ocserv[378]: main: WiFi Network IP:62504 user disconnected ocserv[444]: worker: tlslib.c:378: no certificate was found ocserv[382]: sec-mod: initiating session for user 'vpnuser' (session: eflZJ) ocserv[378]: main[vpnuser]: WiFi Network IP:62505 new user session ocserv[378]: main[vpnuser]: WiFi Network IP:62505 user logged in ocserv[378]: main: WiFi Network IP:62503 user disconnected ocserv[461]: worker: tlslib.c:378: no certificate was found ocserv[382]: sec-mod: initiating session for user 'vpnuser' (session: eflZJ) ocserv[378]: main[vpnuser]: Cellular Network IP:9120 re-using session ocserv[378]: main[vpnuser]: Cellular Network IP:9120 user logged in ocserv[378]: main[vpnuser]: WiFi Network IP:62505 user disconnected ocserv[382]: sec-mod: temporarily closing session for vpnuser (session: eflZJ) ocserv[382]: sec-mod: invalidating session of user 'vpnuser' (session: eflZJ) ocserv[378]: main[vpnuser]: Cellular Network IP:9120 user disconnected ocserv[382]: sec-mod: temporarily closing session for vpnuser (session: eflZJ) ocserv[498]: GnuTLS error (at worker-vpn.c:448): The TLS connection was non-properly terminated. ocserv[378]: main: WiFi Network IP:62515 user disconnected ocserv[499]: worker: tlslib.c:378: no certificate was found ocserv[382]: sec-mod: session open received in unauthenticated client vpnuser (session: eflZJ)! ocserv[378]: main[vpnuser]: WiFi Network IP:62516 could not initiate session for 'vpnuser' ocserv[378]: main[vpnuser]: WiFi Network IP:62516 could not open session ocserv[378]: main[vpnuser]: WiFi Network IP:62516 failed authentication attempt for user 'vpnuser' ocserv[378]: main[vpnuser]: WiFi Network IP:62516 user logged in ocserv[499]: worker: WiFi Network IP error receiving cookie authentication reply ocserv[499]: worker: WiFi Network IP failed cookie authentication attempt ocserv[378]: main[vpnuser]: WiFi Network IP:62516 user disconnected -- Regards Jacky 2015-05-06 15:36 GMT+08:00 Nikos Mavrogiannopoulos <nmav at gnutls.org>: > On Mon, May 4, 2015 at 6:42 PM, jacky he <jacky.he at gmail.com> wrote: >> Hi Nikos, >> From 0.10.3, I find AnyConnect Client on iOS refuse to reconnnect to >> server when roaming >> from cellular network (3G/4G) to WiFi, but it's ok when roaming from >> WiFi to 3G/4G. >> I have tested 0.10.2 and 0.9.2, both work fine, I think maybe due to >> this change from v0.10.3: >> - Invalidate cookies when the user terminates the session explicitly. >> >> PS: I use pure certificate authentication, here is some ocserv log: >> >> ocserv[27196]: sec-mod: temporarily closing session for vpnuser (session: AI8xQ) >> ocserv[27196]: sec-mod: invalidating session user 'vpnuser' (session: AI8xQ) >> ocserv[27192]: main[vpnuser]: IP.IP.IP.IP:42703 user disconnected > > Could you quote the lines before these three in the log?