Self hosted ocserv reject clients

Question

Score:0

Server

Self hosted ocserv reject clients

M.J

1/10/24, 10:37 AM

I deployed an ocserv on my VPS but my android client raise below error:

AnyConnect

Connection attempt has timed out. Please verify Internet connectivity.

I stop ocserv service on the VPS and run as debug mode, output messages of ocserv when this client try to connect is:

# /usr/sbin/ocserv --foreground --pid-file /tmp/ocserv.pid --config /etc/ocserv/ocserv.conf --debug=10
note: skipping 'pid-file' config option                                                                   
note: vhost:default: setting 'plain' as primary authentication method                        
note: setting 'file' as supplemental config option                                                        
listening (TCP) on 0.0.0.0:443...      
listening (TCP) on [::]:443...                                                                            
ocserv[2166087]: main: Starting 1 instances of ocserv-sm             
ocserv[2166087]: main: created sec-mod socket file (/tmp/ocserv.socket.8ebc1713.0)
ocserv[2166087]: main: initializing control unix socket: /var/run/occtl.socket        
ocserv[2166087]: main: initialized ocserv 1.1.3   
ocserv[2166088]: sec-mod: reading supplemental config from files
ocserv[2166088]: TLS[<3>]: ASSERT: ../../../lib/x509/attributes.c[_x509_parse_attribute]:103
ocserv[2166088]: TLS[<3>]: ASSERT: ../../../lib/x509/attributes.c[_x509_parse_attribute]:174
ocserv[2166088]: sec-mod: loaded 1 keys    
ocserv[2166088]: sec-mod: sec-mod initialized (socket: /tmp/ocserv.socket.8ebc1713.0)
                                                                                                          
                                                     
                                                                                                          
ocserv[2166087]: main: added 1 points (total 1) for IP 'xxx.xxx.xxx.xxx' to ban list
note: skipping 'pid-file' config option         
note: vhost:default: setting 'plain' as primary authentication method                 
ocserv[2166088]: sec-mod: received request from pid 2166314 and uid 0
ocserv[2166088]: sec-mod: cmd [size=57] sm: sign                                                          
ocserv[2166088]: TLS[<3>]: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
note: setting 'file' as supplemental config option
ocserv[2166314]: worker: xxx.xxx.xxx.xxx accepted connection             
ocserv[2166087]: main: added 1 points (total 2) for IP 'xxx.xxx.xxx.xxx' to ban list
note: skipping 'pid-file' config option         
note: vhost:default: setting 'plain' as primary authentication method                 
ocserv[2166088]: sec-mod: received request from pid 2166707 and uid 0
ocserv[2166088]: sec-mod: cmd [size=57] sm: sign                                                          
ocserv[2166088]: TLS[<3>]: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
note: setting 'file' as supplemental config option                                                        
ocserv[2166707]: worker: xxx.xxx.xxx.xxx accepted connection
ocserv[2166087]: main: added 1 points (total 3) for IP 'xxx.xxx.xxx.xxx' to ban list
note: skipping 'pid-file' config option
note: vhost:default: setting 'plain' as primary authentication method
ocserv[2166088]: sec-mod: received request from pid 2167044 and uid 0
ocserv[2166088]: sec-mod: cmd [size=57] sm: sign
ocserv[2166088]: TLS[<3>]: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
note: setting 'file' as supplemental config option
ocserv[2167044]: worker: xxx.xxx.xxx.xxx accepted connection
ocserv[2166087]: main: Latency: Median Total 0 RMS Total 0 Sample Count 0

416

0 + 0

vpn

openconnect

Self hosted ocserv reject clients

Post an answer