Quote:
Originally Posted by Junxi
Hi experts,
I've setup ocserv 0.11.6 on Debian 9.2 by apt-get. So far everything works well except for one thing: On my Windows 10 Client, Cisco AnyConnect v3.1, it says TLS protocol is being used. However, it's supposed to be working with DTLS.
I did some search but failed to find documentation on how to set it to work with DTLS, guessing DTLS should be the default protocol prior to TLS.
I'm posting here, hoping to get some advice on how to investigate why it's not using DTLS. Any idea is appreciated! :-)
Some info about my config:
I'm using certificate for authentication;
I'm using the same port number for tcp-port and udp-port;
This shouldn't be a firewall problem as I've shut down my firewall;
My Windows client can connect to other server, working with DTLS.
|
Quite by change, I've manage to figure out how to make it work with DTLS.
Installed by apt-get, there are two files under /lib/systemd/system, ocserv.service and ocserv.socket, and in ocserv.service there're two lines:
'Requires=ocserv.socket'
'Also=ocserv.socket'
I commented these lines, and reloaded/re-enabled the ocserv service by:
sudo systemctl stop ocserv
sudo systemctl disable ocserv.service
sudo systemctl disable ocserv.socket
sudo systemctl daemon-reload
sudo systemctl start ocserv
sudo systemctl enable ocserv
Then I reconnected on Windows client, and finally I've got DTLS there... :-)
Although I consider it 'solved' but still I'm courious why 'Requires=ocserv.socket' can possibly blocks ocserv from working with DTLS...