Hi, I have ocserv running on an ASUS Merlin platform and used the general opkg (entware) for install. I followed several setups around the net and got ocserv to fire up and accept a VPN connection from Anyconnect clients on IOS and the Mac. It connects just fine and the client even says that it has connected. The connection lasts for about 10-15 seconds, then the client disconnects with the following message: ?The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication.? I try to reconnect, and of course it connects? but again, 10-15 seconds with the exact same message and results. The log shows that it connects fine and you can see the TLS/worker/main packets going just fine. After the 10-15 seconds (about when the disconnect occurs) I get this in the log (I scrubbed the file with xxxxxxxx for any potentially identifying sessions ids/cookies/etc): ocserv[13469]: worker[lwk]: 63.197.197.76 received 44 byte(s) (TLS) ocserv[13469]: worker[lwk]: 63.197.197.76 received BYE packet; exiting ocserv[13465]: sec-mod: received request from pid 13469 and uid 65534 ocserv[13469]: worker[lwk]: 63.197.197.76 sending message 'sm: worker cli stats' to secmod ocserv[13465]: sec-mod: cmd [size=75] sm: worker cli stats ocserv[13469]: worker[lwk]: 63.197.197.76 sent periodic stats (in: 3620, out: 0) to sec-mod ocserv[13464]: main: added 1 points (total 5) for IP '63.197.197.76' to ban list ocserv[13475]: worker: accepted connection ocserv[13475]: TLS[<5>]: REC[0x8e008]: Allocating epoch #0 ocserv[13475]: TLS[<3>]: ASSERT: constate.c[_gnutls_epoch_get]:600 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Allocating epoch #1 ocserv[13475]: TLS[<3>]: ASSERT: buffers.c[get_last_packet]:1159 ocserv[13475]: TLS[<5>]: REC[0x8e008]: SSL 3.1 Handshake packet received. Epoch 0, length: 135 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Expected Packet Handshake(22) ocserv[13475]: TLS[<5>]: REC[0x8e008]: Received Packet Handshake(22) with length: 135 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Decrypted Packet[0] Handshake(22) with length: 135 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: CLIENT HELLO (1) was received. Length 131[131], frag offset 0, frag length: 131, sequence: 0 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Client's version: 3.3 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Selected version TLS1.2 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Found extension 'Supported ECC Point Formats/11' ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Found extension 'Supported curves/10' ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Found extension 'Signature Algorithms/13' ocserv[13475]: TLS[<3>]: ASSERT: db.c[_gnutls_server_restore_session]:272 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Found extension 'Supported ECC Point Formats/11' ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Found extension 'Supported curves/10' ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Found extension 'Signature Algorithms/13' ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Parsing extension 'Supported ECC Point Formats/11' (4 bytes) ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Parsing extension 'Supported curves/10' (10 bytes) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Selected ECC curve SECP521R1 (4) ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Parsing extension 'Signature Algorithms/13' (32 bytes) ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (6.1) RSA-SHA512 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (6.2) DSA-SHA512 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (6.3) ECDSA-SHA512 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (5.1) RSA-SHA384 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (5.2) DSA-SHA384 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (5.3) ECDSA-SHA384 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (4.1) RSA-SHA256 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (4.2) DSA-SHA256 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (4.3) ECDSA-SHA256 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (3.1) RSA-SHA224 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (3.2) DSA-SHA224 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (3.3) ECDSA-SHA224 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (2.1) RSA-SHA1 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (2.2) DSA-SHA1 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: rcvd signature algo (2.3) ECDSA-SHA1 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Received safe renegotiation CS ocserv[13475]: TLS[<3>]: ASSERT: server_name.c[gnutls_server_name_get]:310 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Requested server name: '' ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Requested PK algorithm: EC/ECDSA (4) -- ctype: X.509 (1) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Requested PK algorithm: RSA (1) -- ctype: X.509 (1) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 (C0.30) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CHACHA20_POLY1305 (CC.A8) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 (C0.14) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 (C0.28) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 (C0.13) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 (C0.27) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_AES_256_GCM_SHA384 (00.9D) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 (C0.7B) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CCM (C0.9D) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA1 (00.35) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA256 (00.3D) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 (00.84) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 (00.C0) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_AES_128_GCM_SHA256 (00.9C) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 (C0.7A) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CCM (C0.9C) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA256 (00.3C) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 (00.41) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 (00.BA) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_RSA_3DES_EDE_CBC_SHA1 (00.0A) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_GCM_SHA384 (00.9F) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_CHACHA20_POLY1305 (CC.AA) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CCM (C0.9F) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA1 (00.39) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA256 (00.6B) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_GCM_SHA256 (00.9E) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CCM (C0.9E) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA1 (00.33) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA256 (00.67) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Keeping ciphersuite: GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 (00.16) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Requested cipher suites[size: 32]: ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Selected cipher suite: ECDHE_RSA_AES_256_GCM_SHA384 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Selected Compression Method: NULL ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Found extension 'Supported ECC Point Formats/11' ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Found extension 'Supported curves/10' ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Found extension 'Signature Algorithms/13' ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Safe renegotiation succeeded ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Sending extension Safe Renegotiation (1 bytes) ocserv[13475]: TLS[<4>]: EXT[0x8e008]: Sending extension Supported ECC Point Formats (2 bytes) ocserv[13475]: TLS[<4>]: HSK[0x8e008]: SessionID: xxxxxxxxxxxxxx ocserv[13475]: TLS[<4>]: HSK[0x8e008]: SERVER HELLO was queued [87 bytes] ocserv[13475]: TLS[<4>]: HSK[0x8e008]: CERTIFICATE was queued [1111 bytes] ocserv[13475]: TLS[<4>]: HSK[0x8e008]: signing handshake data: using RSA-SHA512 ocserv[13465]: sec-mod: received request from pid 13475 and uid 65534 ocserv[13465]: sec-mod: cmd [size=87] sm: sign ocserv[13464]: main[lwk]: 63.197.197.76:49562 worker terminated ocserv[13464]: main[lwk]: 63.197.197.76:49562 sending msg sm: session close to sec-mod ocserv[13475]: TLS[<4>]: HSK[0x8e008]: SERVER KEY EXCHANGE was queued [529 bytes] ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (4.1) RSA-SHA256 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (4.3) ECDSA-SHA256 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (5.1) RSA-SHA384 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (5.3) ECDSA-SHA384 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (6.1) RSA-SHA512 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (6.3) ECDSA-SHA512 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (3.1) RSA-SHA224 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (3.3) ECDSA-SHA224 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (2.1) RSA-SHA1 ocserv[13475]: TLS[<4>]: EXT[0x8e008]: sent signature algo (2.3) ECDSA-SHA1 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: CERTIFICATE REQUEST was queued [68 bytes] ocserv[13475]: TLS[<4>]: HSK[0x8e008]: SERVER HELLO DONE was queued [4 bytes] ocserv[13475]: TLS[<5>]: REC[0x8e008]: Preparing Packet Handshake(22) with length: 87 and min pad: 0 ocserv[13475]: TLS[<9>]: ENC[0x8e008]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Sent Packet[1] Handshake(22) in epoch 0 and length: 92 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Preparing Packet Handshake(22) with length: 1111 and min pad: 0 ocserv[13475]: TLS[<9>]: ENC[0x8e008]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Sent Packet[2] Handshake(22) in epoch 0 and length: 1116 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Preparing Packet Handshake(22) with length: 529 and min pad: 0 ocserv[13475]: TLS[<9>]: ENC[0x8e008]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Sent Packet[3] Handshake(22) in epoch 0 and length: 534 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Preparing Packet Handshake(22) with length: 68 and min pad: 0 ocserv[13475]: TLS[<9>]: ENC[0x8e008]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Sent Packet[4] Handshake(22) in epoch 0 and length: 73 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Preparing Packet Handshake(22) with length: 4 and min pad: 0 ocserv[13475]: TLS[<9>]: ENC[0x8e008]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Sent Packet[5] Handshake(22) in epoch 0 and length: 9 ocserv[13475]: TLS[<3>]: ASSERT: buffers.c[get_last_packet]:1159 ocserv[13465]: sec-mod: received request sm: session close ocserv[13465]: sec-mod: cmd [size=40] sm: session close ocserv[13464]: main[lwk]: 63.197.197.76:49562 user disconnected (reason: user disconnected, rx: 3620, tx: 0) ocserv[13465]: sec-mod: invalidating session of user 'lwk' (session: dmdkdx) ocserv[13465]: sec-mod: permamently closing session of user 'lwk' (session: dmdkdx) ocserv[13475]: TLS[<5>]: REC[0x8e008]: SSL 3.3 Handshake packet received. Epoch 0, length: 7 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Expected Packet Handshake(22) ocserv[13475]: TLS[<5>]: REC[0x8e008]: Received Packet Handshake(22) with length: 7 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Decrypted Packet[1] Handshake(22) with length: 7 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: CERTIFICATE (11) was received. Length 3[3], frag offset 0, frag length: 3, sequence: 0 ocserv[13475]: TLS[<3>]: ASSERT: cert.c[_gnutls_proc_x509_server_crt]:1018 ocserv[13475]: worker: tlslib.c:475: no certificate was found ocserv[13475]: TLS[<3>]: ASSERT: buffers.c[get_last_packet]:1159 ocserv[13475]: TLS[<5>]: REC[0x8e008]: SSL 3.3 Handshake packet received. Epoch 0, length: 138 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Expected Packet Handshake(22) ocserv[13475]: TLS[<5>]: REC[0x8e008]: Received Packet Handshake(22) with length: 138 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Decrypted Packet[2] Handshake(22) with length: 138 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: CLIENT KEY EXCHANGE (16) was received. Length 134[134], frag offset 0, frag length: 134, sequence: 0 ocserv[13475]: TLS[<5>]: REC[0x8e008]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Expected Packet ChangeCipherSpec(20) ocserv[13475]: TLS[<5>]: REC[0x8e008]: Received Packet ChangeCipherSpec(20) with length: 1 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Decrypted Packet[3] ChangeCipherSpec(20) with length: 1 ocserv[13475]: TLS[<9>]: INT: PREMASTER SECRET[66]: xxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<9>]: INT: CLIENT RANDOM[32]: xxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<9>]: INT: SERVER RANDOM[32]: xxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<9>]: INT: MASTER SECRET: xxxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<5>]: REC[0x8e008]: Initializing epoch #1 ocserv[13475]: TLS[<9>]: INT: KEY BLOCK[72]: xxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<9>]: INT: CLIENT WRITE KEY [32]: xxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<9>]: INT: SERVER WRITE KEY [32]: xxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<9>]: INT: CLIENT WRITE IV [4]: xxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<9>]: INT: SERVER WRITE IV [4]: xxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<5>]: REC[0x8e008]: Epoch #1 ready ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384 ocserv[13475]: TLS[<3>]: ASSERT: buffers.c[get_last_packet]:1159 ocserv[13475]: TLS[<5>]: REC[0x8e008]: SSL 3.3 Handshake packet received. Epoch 0, length: 40 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Expected Packet Handshake(22) ocserv[13475]: TLS[<5>]: REC[0x8e008]: Received Packet Handshake(22) with length: 40 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Decrypted Packet[0] Handshake(22) with length: 16 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: recording tls-unique CB (recv) ocserv[13475]: TLS[<4>]: REC[0x8e008]: Sent ChangeCipherSpec ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384 ocserv[13475]: TLS[<4>]: HSK[0x8e008]: Initializing internal [write] cipher sessions ocserv[13475]: TLS[<4>]: HSK[0x8e008]: FINISHED was queued [16 bytes] ocserv[13475]: TLS[<5>]: REC[0x8e008]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 ocserv[13475]: TLS[<9>]: ENC[0x8e008]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Sent Packet[6] ChangeCipherSpec(20) in epoch 0 and length: 6 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Preparing Packet Handshake(22) with length: 16 and min pad: 0 ocserv[13475]: TLS[<9>]: ENC[0x8e008]: cipher: AES-256-GCM, MAC: AEAD, Epoch: 1 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45 ocserv[13465]: sec-mod: received request from pid 13475 and uid 65534 ocserv[13475]: worker: sending message 'resume data store request' to secmod ocserv[13465]: sec-mod: cmd [size=363] resume data store request ocserv[13465]: sec-mod: TLS session DB storing xxxxxxxxxxxxxxxxxx ocserv[13475]: TLS[<5>]: REC[0x8e008]: Start of epoch cleanup ocserv[13475]: TLS[<5>]: REC[0x8e008]: Epoch #0 freed ocserv[13475]: TLS[<5>]: REC[0x8e008]: End of epoch cleanup ocserv[13475]: worker: TLS handshake completed ocserv[13475]: worker: sending message 'session info' to main ocserv[13464]: main: 63.197.197.76:49563 main received worker's message 'session info' of 6 bytes ocserv[13475]: TLS[<5>]: REC[0x8e008]: SSL 3.3 Application Data packet received. Epoch 0, length: 1197 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Expected Packet Application Data(23) ocserv[13475]: TLS[<5>]: REC[0x8e008]: Received Packet Application Data(23) with length: 1197 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Decrypted Packet[1] Application Data(23) with length: 1173 ocserv[13475]: worker: 63.197.197.76 HTTP processing: Host: moab.savoirtech.com ocserv[13475]: worker: 63.197.197.76 HTTP processing: User-Agent: Cisco AnyConnect VPN Agent for Apple iPhone 4.0.05066 ocserv[13475]: worker: 63.197.197.76 User-agent: 'Cisco AnyConnect VPN Agent for Apple iPhone 4.0.05066' ocserv[13475]: worker: 63.197.197.76 HTTP processing: Cookie: webvpn=xxxxxxxxxxxxxxxxxx= ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-Version: 1 ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-Hostname: Virus ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-MTU: 1184 ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-Address-Type: IPv6,IPv4 ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-Local-Address-IP4: 63.197.197.76 ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-Base-MTU: 1404 ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-Remote-Address-IP4: 67.82.83.84 ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-Full-IPv6-Capability: true ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-License: mobile ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-AnyConnect-Identifier-ClientVersion: 4.0.05066 ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-AnyConnect-Identifier-Platform: apple-ios ocserv[13475]: worker: 63.197.197.76 Platform: 'apple-ios' (mobile) ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-AnyConnect-Identifier-PlatformVersion: 10.3.1 ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-AnyConnect-Identifier-DeviceType: iPhone9,4 ocserv[13475]: worker: 63.197.197.76 Device-type: 'iPhone9,4' ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-AnyConnect-Identifier-Device-UniqueID: xxxxxxxxxxxxxxxxxx ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-AnyConnect-Identifier-Device-MacAddress: unknown ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-AnyConnect-Identifier-Device-Imei: unknown ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-DTLS-Master-Secret: xxxxxxxxxxxxxxxxxx ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-DTLS-Accept-Encoding: lzs ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-DTLS-Header-Pad-Length: 0 ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-Accept-Encoding: lzs ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc. ocserv[13475]: worker: 63.197.197.76 HTTP processing: X-CSTP-TCP-Keepalive: false ocserv[13475]: worker: 63.197.197.76 HTTP CONNECT /CSCOSSLC/tunnel ocserv[13475]: worker: 63.197.197.76 sending message 'auth cookie request' to main ocserv[13464]: main: 63.197.197.76:49563 main received worker's message 'auth cookie request' of 34 bytes ocserv[13464]: main: 63.197.197.76:49563 sending msg sm: session open to sec-mod ocserv[13465]: sec-mod: received request sm: session open ocserv[13465]: sec-mod: cmd [size=34] sm: session open ocserv[13465]: sec-mod: session open but with non-existing SID! ocserv[13464]: main: 63.197.197.76:49563 could not initiate session ocserv[13464]: main: 63.197.197.76:49563 could not open session ocserv[13464]: main: 63.197.197.76:49563 failed authentication attempt for user '' ocserv[13464]: main: 63.197.197.76:49563 sending message 'auth cookie reply' to worker ocserv[13475]: worker: 63.197.197.76 received auth reply message (value: 3) ocserv[13475]: worker: 63.197.197.76 error receiving cookie authentication reply ocserv[13475]: worker: 63.197.197.76 failed cookie authentication attempt ocserv[13475]: TLS[<5>]: REC[0x8e008]: Preparing Packet Application Data(23) with length: 41 and min pad: 0 ocserv[13475]: TLS[<9>]: ENC[0x8e008]: cipher: AES-256-GCM, MAC: AEAD, Epoch: 1 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Sent Packet[2] Application Data(23) in epoch 1 and length: 70 ocserv[13475]: TLS[<5>]: REC: Sending Alert[2|49] - Access was denied ocserv[13475]: TLS[<5>]: REC[0x8e008]: Preparing Packet Alert(21) with length: 2 and min pad: 0 ocserv[13475]: TLS[<9>]: ENC[0x8e008]: cipher: AES-256-GCM, MAC: AEAD, Epoch: 1 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Sent Packet[3] Alert(21) in epoch 1 and length: 31 ocserv[13475]: TLS[<5>]: REC[0x8e008]: Start of epoch cleanup ocserv[13475]: TLS[<5>]: REC[0x8e008]: End of epoch cleanup ocserv[13475]: TLS[<5>]: REC[0x8e008]: Epoch #1 freed ocserv[13464]: main: 63.197.197.76:49563 worker terminated ocserv[13464]: main: 63.197.197.76:49563 user disconnected (reason: unspecified, rx: 0, tx: 0) Any ideas on how to fix this and keep the connection stable? I am running ocserv 0.11.7 Compiled with: AnyConnect GnuTLS version: 3.5.9. Thanks!
