Execution log: note: setting 'plain' as primary authentication method note: enabling 'certificate' as authentication method note: setting 'file' as supplemental config option listening (TCP) on 0.0.0.0:443... listening (TCP) on [::]:443... ocserv[14830]: main: initializing control unix socket: /var/run/occtl.socket ocserv[14830]: main: initialized ocserv 0.11.9 ocserv[14831]: sec-mod: reading supplemental config from files ocserv[14831]: sec-mod: sec-mod initialized (socket: /var/lib/ocserv/ocserv.sock.14830) ocserv[14830]: TLS[<3>]: ASSERT: extensions.c:65 ocserv[14831]: sec-mod: received request from pid 14830 and uid 0 ocserv[14831]: sec-mod: cmd [size=57] sm: sign ocserv[14830]: main: processed 1 CA certificate(s) ocserv[14830]: main: added 1 points (total 1) for IP '192.168.35.65' to ban list ocserv[14832]: worker: accepted connection ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Allocating epoch #0 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_constate.c:586 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Allocating epoch #1 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.1 Handshake packet received. Epoch 0, length: 219 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22) ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 219 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[0] Handshake(22) with length: 219 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CLIENT HELLO (1) was received. Length 215[215], frag offset 0, frag length: 215, sequence: 0 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Client's version: 3.3 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_db.c:263 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'STATUS REQUEST/5' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SESSION TICKET/35' (0 bytes) ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC/10' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC POINT FORMATS/11' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SIGNATURE ALGORITHMS/13' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'STATUS REQUEST/5' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SAFE RENEGOTIATION/65281' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SESSION TICKET/35' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC/10' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC POINT FORMATS/11' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SIGNATURE ALGORITHMS/13' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'STATUS REQUEST/5' (5 bytes) ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SAFE RENEGOTIATION/65281' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SESSION TICKET/35' ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SUPPORTED ECC/10' (12 bytes) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected ECC curve SECP256R1 (2) ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes) ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SIGNATURE ALGORITHMS/13' (22 bytes) ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (4.1) RSA-SHA256 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (4.3) ECDSA-SHA256 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (5.1) RSA-SHA384 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (5.3) ECDSA-SHA384 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (6.1) RSA-SHA512 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (6.3) ECDSA-SHA512 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (3.1) RSA-SHA224 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (3.3) ECDSA-SHA224 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (2.1) RSA-SHA1 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (2.3) ECDSA-SHA1 ocserv[14832]: TLS[<3>]: ASSERT: server_name.c:301 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested PK algorithm: EC (4) -- ctype: X.509 (1) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested PK algorithm: RSA (1) -- ctype: X.509 (1) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_ARCFOUR_128_MD5 (00.04) ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_GCM_SHA256 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_GCM_SHA384 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA256 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA256 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_GCM_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_GCM_SHA384 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested cipher suites[size: 108]: ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected Compression Method: NULL ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Safe renegotiation succeeded ocserv[14832]: TLS[<3>]: ASSERT: status_request.c:181 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Sending extension SAFE RENEGOTIATION (1 bytes) ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes) ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: SessionID: d8481129cd226888952e295996c2d12453228dfadb10869c3ee7f148ca7573b4 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER HELLO was queued [87 bytes] ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE was queued [849 bytes] ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: signing handshake data: using RSA-SHA256 ocserv[14831]: sec-mod: received request from pid 14832 and uid 986 ocserv[14831]: sec-mod: cmd [size=57] sm: sign ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER KEY EXCHANGE was queued [333 bytes] ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.1) RSA-SHA256 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.2) DSA-SHA256 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.3) ECDSA-SHA256 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (5.1) RSA-SHA384 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (5.3) ECDSA-SHA384 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (6.1) RSA-SHA512 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (6.3) ECDSA-SHA512 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.1) RSA-SHA224 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.2) DSA-SHA224 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.3) ECDSA-SHA224 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.1) RSA-SHA1 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.2) DSA-SHA1 ocserv[14832]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.3) ECDSA-SHA1 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE REQUEST was queued [78 bytes] ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER HELLO DONE was queued [4 bytes] ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 87 and min pad: 0 ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[1] Handshake(22) in epoch 0 and length: 92 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 849 and min pad: 0 ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[2] Handshake(22) in epoch 0 and length: 854 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 333 and min pad: 0 ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[3] Handshake(22) in epoch 0 and length: 338 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 78 and min pad: 0 ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[4] Handshake(22) in epoch 0 and length: 83 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 4 and min pad: 0 ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[5] Handshake(22) in epoch 0 and length: 9 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 846 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22) ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 846 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[1] Handshake(22) with length: 846 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE (11) was received. Length 842[842], frag offset 0, frag length: 842, sequence: 0 ocserv[14832]: TLS[<3>]: ASSERT: status_request.c:332 ocserv[14832]: TLS[<3>]: ASSERT: dn.c:990 ocserv[14832]: TLS[<3>]: ASSERT: common.c:1106 ocserv[14832]: TLS[<3>]: ASSERT: extensions.c:65 ocserv[14832]: TLS[<3>]: ASSERT: name_constraints.c:173 ocserv[14832]: TLS[<3>]: ASSERT: mpi.c:240 ocserv[14832]: worker: client certificate verification succeeded ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 70 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22) ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 70 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[2] Handshake(22) with length: 70 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CLIENT KEY EXCHANGE (16) was received. Length 66[66], frag offset 0, frag length: 66, sequence: 0 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 264 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22) ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 264 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[3] Handshake(22) with length: 264 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE VERIFY (15) was received. Length 260[260], frag offset 0, frag length: 260, sequence: 0 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: verify cert vrfy: using RSA-SHA256 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet ChangeCipherSpec(20) ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet ChangeCipherSpec(20) with length: 1 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[4] ChangeCipherSpec(20) with length: 1 ocserv[14832]: TLS[<9>]: INT: PREMASTER SECRET[32]: de6345619822e02b12cb6b2e13b1f3e384761c464feff7f417906eb544e50021 ocserv[14832]: TLS[<9>]: INT: CLIENT RANDOM[32]: 5a14e31215f1b64a6009825bbd1ea3112b7b3839ab5d43d75b3fdc0f62f7de93 ocserv[14832]: TLS[<9>]: INT: SERVER RANDOM[32]: 5a14e34635213f1912adc926626266f253ab2409ac46071afe7f87d08569faaa ocserv[14832]: TLS[<9>]: INT: MASTER SECRET: b528fe530f3232d6fb17dbb358b937acc2c0d198b4c3f9353df158f4063df422ddd03616349f4924afd7a43df19a8df2 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Initializing epoch #1 ocserv[14832]: TLS[<9>]: INT: KEY BLOCK[40]: b6520bd26f31710580607baceb03bf548acfd0bb43b2faa88f390b3d30a4574d ocserv[14832]: TLS[<9>]: INT: CLIENT WRITE KEY [16]: b6520bd26f31710580607baceb03bf54 ocserv[14832]: TLS[<9>]: INT: SERVER WRITE KEY [16]: 8acfd0bb43b2faa88f390b3d30a4574d ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Epoch #1 ready ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 40 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22) ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 40 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[0] Handshake(22) with length: 16 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: recording tls-unique CB (recv) ocserv[14832]: TLS[<4>]: REC[0x7f0ff24f5010]: Sent ChangeCipherSpec ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256 ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: Initializing internal [write] cipher sessions ocserv[14832]: TLS[<4>]: HSK[0x7f0ff24f5010]: FINISHED was queued [16 bytes] ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[6] ChangeCipherSpec(20) in epoch 0 and length: 6 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 16 and min pad: 0 ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45 ocserv[14832]: worker: sending message 'resume data store request' to secmod ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Start of epoch cleanup ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Epoch #0 freed ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: End of epoch cleanup ocserv[14832]: worker: TLS handshake completed ocserv[14832]: worker: sending message 'session info' to main ocserv[14831]: sec-mod: received request from pid 14832 and uid 986 ocserv[14831]: sec-mod: cmd [size=1187] resume data store request ocserv[14831]: sec-mod: TLS session DB storing d8481129cd226888952e295996c2d12453228dfadb10869c3ee7f148ca7573b4 ocserv[14830]: main: 192.168.35.65:43694 main received worker's message 'session info' of 6 bytes ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Application Data packet received. Epoch 0, length: 602 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Application Data(23) ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Application Data(23) with length: 602 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[1] Application Data(23) with length: 578 ocserv[14832]: worker: 192.168.35.65 HTTP processing: Host: 192.168.35.54 ocserv[14832]: worker: 192.168.35.65 HTTP processing: User-Agent: OpenConnect VPN Agent (NetworkManager) v7.06 ocserv[14832]: worker: 192.168.35.65 User-agent: 'OpenConnect VPN Agent (NetworkManager) v7.06' ocserv[14832]: worker: 192.168.35.65 HTTP processing: Accept: */* ocserv[14832]: worker: 192.168.35.65 HTTP processing: Accept-Encoding: identity ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-Transcend-Version: 1 ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-Aggregate-Auth: 1 ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-AnyConnect-Platform: linux-64 ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-Support-HTTP-Auth: true ocserv[14832]: worker: 192.168.35.65 HTTP processing: X-Pad: 0000000000000000000000000000000000000000000000000 ocserv[14832]: worker: 192.168.35.65 HTTP processing: Content-Type: application/x-www-form-urlencoded ocserv[14832]: worker: 192.168.35.65 HTTP processing: Content-Length: 207 ocserv[14832]: worker: 192.168.35.65 HTTP POST / ocserv[14832]: worker: 192.168.35.65 POST body: '<?xml version="1.0" encoding="UTF-8"?> <config-auth client="vpn" type="init"><version who="vpn">v7.06</version><device-id>linux-64</device-id><group-access>https://192.168.35.54</group-access></config-auth> ' ocserv[14832]: worker: 192.168.35.65 cannot find 'group-select' in client XML message ocserv[14832]: worker: 192.168.35.65 cannot find 'group-select' in client XML message ocserv[14832]: worker: 192.168.35.65 failed reading groupname ocserv[14832]: worker: 192.168.35.65 sending message 'sm: auth init' to secmod ocserv[14831]: sec-mod: received request from pid 14832 and uid 986 ocserv[14831]: sec-mod: cmd [size=88] sm: auth init ocserv[14831]: sec-mod: using 'certificate' authentication to authenticate user (session: d4WYzD) ocserv[14831]: sec-mod: auth init (with cert) for user '' (session: d4WYzD) of group: '' from '192.168.35.65' ocserv[14832]: worker: 192.168.35.65 received auth reply message (value: 1) ocserv[14832]: worker[user]: 192.168.35.65 user 'user' obtained cookie ocserv[14832]: worker[user]: 192.168.35.65 HTTP sending: 200 OK ocserv[14832]: worker[user]: 192.168.35.65 sent session id: d4WYzDksOfE9sstjTG+DhO2fMDc= ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Application Data(23) with length: 1026 and min pad: 0 ocserv[14832]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1 ocserv[14832]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[2] Application Data(23) in epoch 1 and length: 1055 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_buffers.c:576 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_record.c:1063 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_record.c:1184 ocserv[14832]: TLS[<3>]: ASSERT: gnutls_record.c:1436 ocserv[14830]: main: 192.168.35.65:43694 worker terminated ocserv[14830]: main: 192.168.35.65:43694 user disconnected (reason: unspecified, rx: 0, tx: 0) ocserv[14830]: main: added 1 points (total 2) for IP '192.168.35.65' to ban list ocserv[14833]: worker: accepted connection ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Allocating epoch #0 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_constate.c:586 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Allocating epoch #1 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.1 Handshake packet received. Epoch 0, length: 219 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22) ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 219 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[0] Handshake(22) with length: 219 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CLIENT HELLO (1) was received. Length 215[215], frag offset 0, frag length: 215, sequence: 0 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Client's version: 3.3 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_db.c:263 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'STATUS REQUEST/5' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SESSION TICKET/35' (0 bytes) ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC/10' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC POINT FORMATS/11' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SIGNATURE ALGORITHMS/13' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'STATUS REQUEST/5' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SAFE RENEGOTIATION/65281' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SESSION TICKET/35' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC/10' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SUPPORTED ECC POINT FORMATS/11' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SIGNATURE ALGORITHMS/13' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'STATUS REQUEST/5' (5 bytes) ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SAFE RENEGOTIATION/65281' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Found extension 'SESSION TICKET/35' ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SUPPORTED ECC/10' (12 bytes) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected ECC curve SECP256R1 (2) ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes) ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Parsing extension 'SIGNATURE ALGORITHMS/13' (22 bytes) ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (4.1) RSA-SHA256 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (4.3) ECDSA-SHA256 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (5.1) RSA-SHA384 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (5.3) ECDSA-SHA384 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (6.1) RSA-SHA512 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (6.3) ECDSA-SHA512 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (3.1) RSA-SHA224 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (3.3) ECDSA-SHA224 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (2.1) RSA-SHA1 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: rcvd signature algo (2.3) ECDSA-SHA1 ocserv[14833]: TLS[<3>]: ASSERT: server_name.c:301 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested PK algorithm: EC (4) -- ctype: X.509 (1) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested PK algorithm: RSA (1) -- ctype: X.509 (1) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: certificate[0] PK algorithm: RSA (1) - ctype: X.509 (1) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Keeping ciphersuite: RSA_ARCFOUR_128_MD5 (00.04) ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_GCM_SHA256 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_GCM_SHA384 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA256 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA256 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_handshake.c:3376 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_GCM_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_GCM_SHA384 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Removing ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Requested cipher suites[size: 108]: ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Selected Compression Method: NULL ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Safe renegotiation succeeded ocserv[14833]: TLS[<3>]: ASSERT: status_request.c:181 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Sending extension SAFE RENEGOTIATION (1 bytes) ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes) ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: SessionID: 813b69661fc8809d9ecb5687e649046df4fd93d75af67ed85b751d2735e6a824 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER HELLO was queued [87 bytes] ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE was queued [849 bytes] ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: signing handshake data: using RSA-SHA256 ocserv[14831]: sec-mod: received request from pid 14833 and uid 986 ocserv[14831]: sec-mod: cmd [size=57] sm: sign ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER KEY EXCHANGE was queued [333 bytes] ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.1) RSA-SHA256 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.2) DSA-SHA256 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (4.3) ECDSA-SHA256 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (5.1) RSA-SHA384 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (5.3) ECDSA-SHA384 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (6.1) RSA-SHA512 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (6.3) ECDSA-SHA512 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.1) RSA-SHA224 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.2) DSA-SHA224 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (3.3) ECDSA-SHA224 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.1) RSA-SHA1 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.2) DSA-SHA1 ocserv[14833]: TLS[<4>]: EXT[0x7f0ff24f5010]: sent signature algo (2.3) ECDSA-SHA1 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE REQUEST was queued [78 bytes] ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: SERVER HELLO DONE was queued [4 bytes] ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 87 and min pad: 0 ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[1] Handshake(22) in epoch 0 and length: 92 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 849 and min pad: 0 ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[2] Handshake(22) in epoch 0 and length: 854 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 333 and min pad: 0 ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[3] Handshake(22) in epoch 0 and length: 338 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 78 and min pad: 0 ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[4] Handshake(22) in epoch 0 and length: 83 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 4 and min pad: 0 ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[5] Handshake(22) in epoch 0 and length: 9 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 7 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22) ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 7 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[1] Handshake(22) with length: 7 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CERTIFICATE (11) was received. Length 3[3], frag offset 0, frag length: 3, sequence: 0 ocserv[14833]: TLS[<3>]: ASSERT: cert.c:1060 ocserv[14833]: worker: tlslib.c:488: no certificate was found ocserv[14833]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 70 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22) ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 70 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[2] Handshake(22) with length: 70 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: CLIENT KEY EXCHANGE (16) was received. Length 66[66], frag offset 0, frag length: 66, sequence: 0 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet ChangeCipherSpec(20) ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet ChangeCipherSpec(20) with length: 1 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[3] ChangeCipherSpec(20) with length: 1 ocserv[14833]: TLS[<9>]: INT: PREMASTER SECRET[32]: 5b5c33bdd2778545129f5e322c8c119c49037ffff723979bfc8f1791abfbe94f ocserv[14833]: TLS[<9>]: INT: CLIENT RANDOM[32]: 5a14e37e719ccf3178e1d9f28660236250eb2e5bb574873cc4076617b503f00a ocserv[14833]: TLS[<9>]: INT: SERVER RANDOM[32]: 5a14e3894357299d46b059cc678c12ed6b4bc5a0636a3db1757c0e467bc68d08 ocserv[14833]: TLS[<9>]: INT: MASTER SECRET: 07b80a3930548ba6c3dd7f4a5cbcc2f85d0eeb49f30bb6ab940fdc24b33dbbbdd45f354b328cab893a6735cee5b0ef3d ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Initializing epoch #1 ocserv[14833]: TLS[<9>]: INT: KEY BLOCK[40]: fca85cd499011e849198e22e44136e6a37aa69531750df710c698475b002949f ocserv[14833]: TLS[<9>]: INT: CLIENT WRITE KEY [16]: fca85cd499011e849198e22e44136e6a ocserv[14833]: TLS[<9>]: INT: SERVER WRITE KEY [16]: 37aa69531750df710c698475b002949f ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Epoch #1 ready ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256 ocserv[14833]: TLS[<3>]: ASSERT: gnutls_buffers.c:1138 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Handshake packet received. Epoch 0, length: 40 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Handshake(22) ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Handshake(22) with length: 40 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[0] Handshake(22) with length: 16 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: recording tls-unique CB (recv) ocserv[14833]: TLS[<4>]: REC[0x7f0ff24f5010]: Sent ChangeCipherSpec ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256 ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: Initializing internal [write] cipher sessions ocserv[14833]: TLS[<4>]: HSK[0x7f0ff24f5010]: FINISHED was queued [16 bytes] ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[6] ChangeCipherSpec(20) in epoch 0 and length: 6 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Handshake(22) with length: 16 and min pad: 0 ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45 ocserv[14833]: worker: sending message 'resume data store request' to secmod ocserv[14831]: sec-mod: received request from pid 14833 and uid 986 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Start of epoch cleanup ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Epoch #0 freed ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: End of epoch cleanup ocserv[14833]: worker: TLS handshake completed ocserv[14833]: worker: sending message 'session info' to main ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Application Data packet received. Epoch 0, length: 623 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Application Data(23) ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Application Data(23) with length: 623 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[1] Application Data(23) with length: 599 ocserv[14833]: worker: 192.168.35.65 HTTP processing: Host: 192.168.35.54 ocserv[14833]: worker: 192.168.35.65 HTTP processing: User-Agent: Open AnyConnect VPN Agent v7.06 ocserv[14830]: main: 192.168.35.65:43696 main received worker's message 'session info' of 6 bytes ocserv[14833]: worker: 192.168.35.65 User-agent: 'Open AnyConnect VPN Agent v7.06' ocserv[14833]: worker: 192.168.35.65 HTTP processing: Cookie: webvpn=cq9MrwrZXFyJSv+9uu2SSQFrLRch6XsRuOz7cP13QBE= ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Version: 1 ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Hostname: zhangsan ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Accept-Encoding: oc-lz4,lzs ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-MTU: 1406 ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Address-Type: IPv6,IPv4 ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-CSTP-Full-IPv6-Capability: true ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-DTLS-Master-Secret: E13BFF3EA0C3D8DF17091D81064574DA892910B87EC5A54B2BC0BE968D6B0934E7CFD6B8F07F573653CB134D1333B1A5 ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-DTLS-CipherSuite: OC-DTLS1_2-AES256-GCM:OC-DTLS1_2-AES128-GCM:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA ocserv[14833]: worker: 192.168.35.65 HTTP processing: X-DTLS-Accept-Encoding: oc-lz4,lzs ocserv[14833]: worker: 192.168.35.65 HTTP CONNECT /CSCOSSLC/tunnel ocserv[14833]: worker: 192.168.35.65 sending message 'auth cookie request' to main ocserv[14831]: sec-mod: cmd [size=347] resume data store request ocserv[14831]: sec-mod: TLS session DB storing 813b69661fc8809d9ecb5687e649046df4fd93d75af67ed85b751d2735e6a824 ocserv[14830]: main: 192.168.35.65:43696 main received worker's message 'auth cookie request' of 34 bytes ocserv[14830]: main: 192.168.35.65:43696 sending msg sm: session open to sec-mod ocserv[14831]: sec-mod: received request sm: session open ocserv[14831]: sec-mod: cmd [size=34] sm: session open ocserv[14831]: sec-mod: initiating session for user 'user' (session: d4WYzD) ocserv[14830]: main[user]: 192.168.35.65:43696 new user session ocserv[14830]: main[user]: 192.168.35.65:43696 selected IP: 192.168.1.193 ocserv[14830]: main[user]: 192.168.35.65:43696 assigned IPv4: 192.168.1.193 ocserv[14830]: main[user]: 192.168.35.65:43696 assigning tun device vpns0 ocserv[14830]: main[user]: 192.168.35.65:43696 user of group '[unknown]' authenticated (using cookie) ocserv[14830]: main[user]: 192.168.35.65:43696 sending (socket) message 2 to worker ocserv[14830]: main[user]: 192.168.35.65:43696 user logged in ocserv[14833]: worker: 192.168.35.65 received auth reply message (value: 1) ocserv[14833]: worker[user]: 192.168.35.65 suggesting DPD of 90 secs ocserv[14833]: worker[user]: 192.168.35.65 disabling UDP (DTLS) connection ocserv[14833]: worker[user]: 192.168.35.65 configured link MTU is 1500 ocserv[14833]: worker[user]: 192.168.35.65 peer's data MTU is 1406 / link is 1500 ocserv[14833]: worker[user]: 192.168.35.65 sending IPv4 192.168.1.193 ocserv[14833]: worker[user]: 192.168.35.65 adding DNS 192.168.0.1 ocserv[14833]: worker[user]: 192.168.35.65 adding DNS 192.168.0.2 ocserv[14833]: worker[user]: 192.168.35.65 Link MTU is 1500 bytes ocserv[14833]: worker[user]: 192.168.35.65 sending message 'tun mtu change' to main ocserv[14833]: worker[user]: 192.168.35.65 setting data MTU to 1472 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Preparing Packet Application Data(23) with length: 626 and min pad: 0 ocserv[14833]: TLS[<9>]: ENC[0x7f0ff24f5010]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Sent Packet[2] Application Data(23) in epoch 1 and length: 655 ocserv[14830]: main[user]: 192.168.35.65:43696 main received worker's message 'tun mtu change' of 3 bytes ocserv[14830]: main[user]: 192.168.35.65:43696 setting vpns0 MTU to 1472 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: SSL 3.3 Application Data packet received. Epoch 0, length: 80 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Expected Packet Application Data(23) ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Received Packet Application Data(23) with length: 80 ocserv[14833]: TLS[<5>]: REC[0x7f0ff24f5010]: Decrypted Packet[2] Application Data(23) with length: 56 ocserv[14833]: worker[user]: 192.168.35.65 received 56 byte(s) (TLS) > ? 2017?11?21????7:11?Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> ??? > > Do you use the rhel7.4 version of centos7? That seems like a > regression from the epel to the rhel protobuf-c libraries. > > Does the new build over that version address that? > https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-35c633c003 > > On Tue, Nov 21, 2017 at 8:35 AM, ping gao ??(0) <ping.gao at corp.elong.com> wrote: >> hi all >> I use openconnect to connect ocserv server, you can connect successfully, but can not receive downlink data? >> Trouble to help answer the next >> >> OS Info: >> >> Server: >> Centos7 >> Ocserv 0.11.8 >> Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect >> GnuTLS version: 3.3.26 (compiled with 3.3.24) >> >> Client: >> Ubuntu 16.04 >> OpenConnect version v7.06 >> Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, System keys, DTLS >> >> The following ocserv server debug 100 output? >> >> ocserv[5123]: main: performing maintenance (banned IPs: 1) >> ocserv[5124]: sec-mod: performing maintenance >> ocserv[5124]: sec-mod: active sessions 1 >> ocserv[5123]: main: main received message 'unknown (248)' from sec-mod of 10 bytes >> ocserv[5127]: TLS[<5>]: REC[0x7f6c443e1010]: SSL 3.3 Application Data packet received. Epoch 0, length: 108 >> ocserv[5127]: TLS[<5>]: REC[0x7f6c443e1010]: Expected Packet Application Data(23) >> ocserv[5127]: TLS[<5>]: REC[0x7f6c443e1010]: Received Packet Application Data(23) with length: 108 >> ocserv[5127]: TLS[<5>]: REC[0x7f6c443e1010]: Decrypted Packet[590] Application Data(23) with length: 84 >> ocserv[5127]: worker[user]: 192.168.35.65 received 84 byte(s) (TLS) >> ocserv[5127]: worker[user]: 192.168.35.65 writing 76 byte(s) to TUN >> _______________________________________________ >> openconnect-devel mailing list >> openconnect-devel at lists.infradead.org >> http://lists.infradead.org/mailman/listinfo/openconnect-devel
