Hi Nikos I deployed ocserv 0.10.8 compiled with gnutls-serv 3.3.15 and freeradius 3.0.9 cooperating with radiusclient 1.1.7 on a same server. And I used Cisco Anyconnect on IOS7 and windows 7 to test via both user-password and certificate. I repeated to log in, and log out within random interval time at 2:30am(I think the network was better) from China to server(US west) about 250ms+. Every time the client was checked offline with cmd "occtl show users" and "ifconfig". Of course when ocserv failed to send "closing session", the radius got nothing to response using radiusd -X. >From the log I suspect the oscerv treated such kinds of disconnect as "temporarily closing"(actually that session was gone,no one can re-initiate). If I sign in and sign out in 2-3 seconds quickly and frequently, such problems could be much more easily detected. Had I miss any information you need, please let me know. Regards, Yick The modified part of my ocserv config was listed below: auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]" enable-auth = certificate acct = "radius[config=/etc/radiusclient/radiusclient.conf]" tcp-port = 443 udp-port = 443 stats-report-time = 150 keepalive = 32400 dpd = 90 mobile-dpd = 1800 try-mtu-discovery = true tls-priorities = "PERFORMANCE:-CIPHER-ALL:+AES-128-CBC:+AES-128-GCM:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:+VERS-TLS1.2" auth-timeout = 120 min-reauth-time = 30 cookie-timeout = 1800 use-utmp = true use-occtl = true ipv4-network = 10.0.0.0 ipv4-netmask = 255.255.255.0 dns = 10.0.0.1 ping-leases = true output-buffer = 35 no-route = xxxxx ...... no-route = xxxxx bug log: ocserv[4563]: worker: tlslib.c:378: no certificate was found ocserv[4479]: sec-mod: using 'radius' authentication to authenticate user (session: Nn5+O) ocserv[4479]: radius-auth: communicating username (phone) and password ocserv[4564]: worker: tlslib.c:378: no certificate was found ocserv[4478]: main: *.*.*.*:51910 user disconnected ocserv[4565]: worker: tlslib.c:378: no certificate was found ocserv[4479]: radius-auth: opening session Nn5+OUNO8CMA1k3tgUEB3Q== ocserv[4478]: main[phone]: *.*.*.*:51911 new user session ocserv[4479]: sec-mod: initiating session for user 'phone' (session: Nn5+O) ocserv[4478]: main: pinged 10.0.0.59 and is not in use ocserv[4478]: main[phone]: *.*.*.*:51911 user logged in ocserv[4478]: main: *.*.*.*:51909 user disconnected (disconnect) ocserv[4478]: main[phone]: *.*.*.*:51911 user disconnected ocserv[4479]: sec-mod: temporarily closing session for phone (session: Nn5+O) (It's sometimes seen after several minutes "closing session" might be sent to amend it. Freeradius server received "Lost-Service" as a cause, then "Simultaneous-Use" feature may encounter a big challenge) ocserv[4479]: radius-auth: closing session normal log: ocserv[4544]: worker: tlslib.c:378: no certificate was found ocserv[4479]: sec-mod: using 'radius' authentication to authenticate user (session: dZxHU) ocserv[4479]: radius-auth: communicating username (phone) and password ocserv[4545]: worker: tlslib.c:378: no certificate was found ocserv[4478]: main: *.*.*.*:51900 user disconnected ocserv[4546]: worker: tlslib.c:378: no certificate was found ocserv[4479]: radius-auth: opening session dZxHUYLzDWcCdh8qu8X94Q== ocserv[4478]: main[phone]: *.*.*.*:51901 new user session ocserv[4479]: sec-mod: initiating session for user 'phone' (session: dZxHU) ocserv[4478]: main: pinged 10.0.0.59 and is not in use ocserv[4478]: main[phone]: *.*.*.*:51901 user logged in ocserv[4478]: main: *.*.*.*:51899 user disconnected (disconnect) ocserv[4479]: radius-auth: sending session interim update ocserv[4478]: main[phone]: *.*.*.*:51901 user disconnected ocserv[4479]: sec-mod: invalidating session of user 'phone' (session: dZxHU) ocserv[4479]: radius-auth: closing session
