LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-02-2017, 10:25 AM   #1
Junxi
LQ Newbie
 
Registered: Dec 2017
Posts: 2

Rep: Reputation: Disabled
OpenConnect not working with DTLS


Hi experts,
I've setup ocserv 0.11.6 on Debian 9.2 by apt-get. So far everything works well except for one thing: On my Windows 10 Client, Cisco AnyConnect v3.1, it says TLS protocol is being used. However, it's supposed to be working with DTLS.
I did some search but failed to find documentation on how to set it to work with DTLS, guessing DTLS should be the default protocol prior to TLS.

I'm posting here, hoping to get some advice on how to investigate why it's not using DTLS. Any idea is appreciated! :-)

Some info about my config:
I'm using certificate for authentication;
I'm using the same port number for tcp-port and udp-port;
This shouldn't be a firewall problem as I've shut down my firewall;
My Windows client can connect to other server, working with DTLS.
 
Old 12-03-2017, 09:34 AM   #2
Junxi
LQ Newbie
 
Registered: Dec 2017
Posts: 2

Original Poster
Rep: Reputation: Disabled
Wink [Solved]

Quote:
Originally Posted by Junxi View Post
Hi experts,
I've setup ocserv 0.11.6 on Debian 9.2 by apt-get. So far everything works well except for one thing: On my Windows 10 Client, Cisco AnyConnect v3.1, it says TLS protocol is being used. However, it's supposed to be working with DTLS.
I did some search but failed to find documentation on how to set it to work with DTLS, guessing DTLS should be the default protocol prior to TLS.

I'm posting here, hoping to get some advice on how to investigate why it's not using DTLS. Any idea is appreciated! :-)

Some info about my config:
I'm using certificate for authentication;
I'm using the same port number for tcp-port and udp-port;
This shouldn't be a firewall problem as I've shut down my firewall;
My Windows client can connect to other server, working with DTLS.
Quite by change, I've manage to figure out how to make it work with DTLS.
Installed by apt-get, there are two files under /lib/systemd/system, ocserv.service and ocserv.socket, and in ocserv.service there're two lines:
'Requires=ocserv.socket'
'Also=ocserv.socket'
I commented these lines, and reloaded/re-enabled the ocserv service by:
sudo systemctl stop ocserv
sudo systemctl disable ocserv.service
sudo systemctl disable ocserv.socket
sudo systemctl daemon-reload
sudo systemctl start ocserv
sudo systemctl enable ocserv

Then I reconnected on Windows client, and finally I've got DTLS there... :-)

Although I consider it 'solved' but still I'm courious why 'Requires=ocserv.socket' can possibly blocks ocserv from working with DTLS...

Last edited by Junxi; 12-03-2017 at 10:33 AM. Reason: Update my answer
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Pulse Secure with 2fa and openconnect HMW Linux - General 0 06-07-2017 09:45 PM
Slack-current, NetworkManager, & openconnect karabot Slackware 3 04-03-2016 12:37 PM
openconnect problem R3V0LV3R Slackware 1 04-06-2013 01:59 PM
OpenConnect Build Error vxrcorsa90 Linux - Software 4 09-11-2012 08:40 AM
openconnect asking for hostname R3V0LV3R Slackware 3 01-31-2012 08:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration