Hi,
I've just installed and configured ocserv. I'm using openconnect as a
client on two Windows 10 laptops. If I attempt from, say, a hotel xDSL
network, I connect and am able to access my lab environment remotely.
However, if I attempt to connect by tethering the laptops over a mobile
network, it fails with:
SSL connection failure: Error in the pull function.
I've tried connecting with gnutls-cli and this fails with:
*** Fatal error: The TLS connection was non-properly terminated.
*** Handshake has failed: The TLS connection was non-properly terminated.
If I use gnutls-cli-debug, it tells me that it it has to disable all SSL
and TLS before exiting with:
Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 and TLS 1.2
However, if I try to connect with openssl s_client -connect I get a
successful TLS connection.
So it seems that gnutls can't connect to ocserv over a mobile network,
while openssl can.
If I revert to a non-mobile network, then all the above tests work as
expected. I've also tried this with two different UK mobile providers -
Three and Vodafone - with the same results.
Using Wireshark shows that the server returns a RSK, ACK to the client's
CLIENT HELLO message; while messages in ocserv log (jounralctl -xe)
shows the client has disconnected unexpectedly. This suggests the
mobile network is sending the reset, but that doesn't explain why
openssl s_client connects successfully over mobile networks.
Can anyone shed any light on this?
Thanks in advance,
Gareth Williams
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
openconnect-devel mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/openconnect-devel
