Hi! openconnect client (for Android v1.12) gets disconnected ~every 30 minutes:
server log (ocserv 1.3.0-2 amd64 from debian 13) === Oct 22 11:43:58 server_fqdn ocserv[122365]: TLS[<3>]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:568 Oct 22 11:43:58 server_fqdn ocserv[122365]: TLS[<3>]: ASSERT: ../../lib/record.c[recv_headers]:1169 Oct 22 11:43:58 server_fqdn ocserv[122365]: TLS[<3>]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1292 Oct 22 11:43:58 server_fqdn ocserv[122365]: TLS[<3>]: ASSERT: ../../lib/record.c[gnutls_record_recv_packet]:1875 Oct 22 11:43:58 server_fqdn ocserv[122365]: worker[username]: user_ip GnuTLS error (at worker-vpn.c:1573): Error in the pull function. Oct 22 11:43:58 server_fqdn ocserv[122362]: sec-mod: received request from pid 122365 and uid 104 Oct 22 11:43:58 server_fqdn ocserv[122365]: worker[username]: user_ip sending message 'sm: worker cli stats' to secmod Oct 22 11:43:58 server_fqdn ocserv[122362]: sec-mod: cmd [size=100] sm: worker cli stats Oct 22 11:43:58 server_fqdn ocserv[122365]: worker[username]: user_ip sent periodic stats (in: 185292, out: 395975) to sec-mod Oct 22 11:43:58 server_fqdn systemd-networkd[1250]: vpns0: Link DOWN Oct 22 11:43:58 server_fqdn ocserv[122354]: main[username]:user_ip:4125 worker terminated Oct 22 11:43:58 server_fqdn ocserv[122354]: main[username]:user_ip:4125 sending msg sm: session close to sec-mod Oct 22 11:43:58 server_fqdn systemd-networkd[1250]: vpns0: Lost carrier Oct 22 11:43:58 server_fqdn ocserv[122362]: sec-mod: received request sm: session close Oct 22 11:43:58 server_fqdn ocserv[122362]: sec-mod: cmd [size=43] sm: session close Oct 22 11:43:58 server_fqdn ocserv[122362]: sec-mod: temporarily closing session for username (session: jLtp2B) Oct 22 11:43:58 server_fqdn ocserv[122354]: main[username]:user_ip:4125 user disconnected (reason: unspecified error, rx: 185292, tx: 395975) === client does not notice this for quite a long time (10 minutes - is there a way to shorten this somehow, btw?) and finally gets: === 2025-10-22 11:54:16 LIB: Read error on SSL session: Error in the pull function. 2025-10-22 11:54:16 LIB: SSL negotiation with server_fqdn 2025-10-22 11:54:16 LIB: Connected to HTTPS on server_fqdn with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-256-GCM) 2025-10-22 11:54:16 LIB: Got inappropriate HTTP CONNECT response: HTTP/1.1 405 Method Not Allowed === This probably happens only with UDP/DTLS enabled (need to double-check that). Seems like (https://gitlab.com/gnutls/gnutls/-/blob/master/lib/record.c?ref_type=heads#L1875 , https://gitlab.com/gnutls/gnutls/-/blob/master/lib/buffers.c?ref_type=heads#L568 ) gnutls_read() returns negative value (but why there is no assertion param in the log?!), but why that happens... deeper investigation is needed. Any tips on debugging this would be welcome (this is, let's say, a test/non-production server, so I could build a server with any debug). Thanks. _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
