Comments (8)
What kind of client are you using?
from docker-ocserv.
I got the same error on both clients:
- Android: https://play.google.com/store/apps/details?id=app.openconnect
- MacOS (openconnect v7.08, installed via
brew install openconnect
)
from docker-ocserv.
Can you try the AnyConnect client instead of OpenConnect?
In the config file, it was set to compliant with Cisco AnyConnect.
from docker-ocserv.
I tried Windows AnyConnect Client 3.1.13015 and failed with different errors:
-
when group
All[全局代理 All Proxy]
is choosen, user and password are entered, nothing happened and Message History showed:[2018/1/15 下午 11:32:10] Contacting 192.168.1.101:8443. [2018/1/15 下午 11:32:11] Please enter your username. [2018/1/15 下午 11:32:13] Please enter your username. [2018/1/15 下午 11:32:14] User credentials entered. [2018/1/15 下午 11:32:14] Please enter your password. [2018/1/15 下午 11:32:15] User credentials entered. [2018/1/15 下午 11:32:16] Please enter your password. [2018/1/15 下午 11:32:16] User credentials prompt cancelled.
-
when group
Route[仅海外代理 Exclude CN]
is choosen, user and password are entered, first alert prompted:The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication.
Then the second alert prompted:
AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
And Message History showed:
[2018/1/15 下午 11:34:03] Contacting 192.168.1.101:8443. [2018/1/15 下午 11:34:04] Please enter your username. [2018/1/15 下午 11:34:07] User credentials entered. [2018/1/15 下午 11:34:07] Please enter your password. [2018/1/15 下午 11:34:09] User credentials entered. [2018/1/15 下午 11:34:09] Establishing VPN session... [2018/1/15 下午 11:34:09] Checking for profile updates... [2018/1/15 下午 11:34:09] Checking for product updates... [2018/1/15 下午 11:34:12] Checking for customization updates... [2018/1/15 下午 11:34:12] Performing any required updates... [2018/1/15 下午 11:34:12] Establishing VPN session... [2018/1/15 下午 11:34:12] Establishing VPN - Initiating connection... [2018/1/15 下午 11:36:52] Connection attempt has failed. [2018/1/15 下午 11:37:36] VPN session ended.
Update:
Changing the starting command to ocserv -c /etc/ocserv/ocserv.conf -f -d1
, I got the debug log from docker container:
ocserv[1]: main[test]: 172.17.0.1:37895 new user session
ocserv[1]: main: tun.c:552: Can't open /dev/net/tun: No such device
ocserv[1]: main[test]: 172.17.0.1:37895 failed authentication attempt for user 'test'
ocserv[71]: worker: 172.17.0.1 failed cookie authentication attempt
ocserv[22]: sec-mod: temporarily closing session for test (session: JlG+Lh)
ocserv[1]: main[test]: 172.17.0.1:37895 user disconnected (reason: unspecified, rx: 0, tx: 0)
ocserv[72]: worker: could not disable system calls, kernel might not support seccomp
ocserv[1]: main: 172.17.0.1:37896 user disconnected (reason: unspecified, rx: 0, tx: 0)
This is probably problem of my kernel.
Update 2:
My suspicion above should be valid. Changed to use docker daemon on a Mac, successfully launched with the same docker run command.
@ly0 You should try launch you container with the debug flag and check the log message to see if there's any hint, e.g:
docker run --name ocserv --privileged -p 443:443 -p 443:443/udp -d tommylau/ocserv ocserv -c /etc/ocserv/ocserv.conf -f -d1
# try connect to trigger error
docker logs ocserv
from docker-ocserv.
tun is needed as far as I know to use ocserv, I'm using Ubuntu as the host.
And, till the last time I know, AnyConnect can only connect to port 443 (SSL) other than any other ports.
@lacek Can AnyConnect client on Mac connect to the server other than port 443 now?
from docker-ocserv.
@ly0
Do u have other devices connected to the server at the same time?
Disconnect them and try again.
There might be problems w/ multiple clients.
from docker-ocserv.
Hello Tommy, I also meet this question. My VPN client is Cisco anyconnect 4.9 and I list the operation steps below:
- docker run
- connect to the server, for example, use group [All projects]
- if use correct username/password, the server will reject the connection request as "Connection attempt has failed"
- Follow point3, if using the wrong username/password, the server will notice me the username or password is incorrect
- Switch the group to [Exclude CN], the correct username/password will work fine
- Switch back to [Proxy All], the connection also works smoothly
From my view, ocserv can identify the user information from ocpasswd file. Due to the fewer log messages in docker, I can't identify more information about this case. Do you have any idea?
from docker-ocserv.
@swanduron You can mount the config file to your host, so that you can modify the config file to output more useful information.
And you could also remove group settings as a test.
Personally, I prefer using "Certificate" method other than username/password method.
from docker-ocserv.
Related Issues (20)
- Is there a way to integrate with traefik container HOT 2
- Cannot write to '/etc/ocserv/ocpasswd'. HOT 5
- how to enable debug modle ? HOT 2
- ocserv fails to startup HOT 1
- log ips connection to openconnect
- pls add radius support . HOT 4
- Server certificate verify failed: signer not found HOT 4
- manage bandwidth?
- DTLS handshake failed HOT 1
- how do I set group as all automatically?
- whats the default web folder for server ? HOT 5
- Running with docker user-namespace HOT 2
- not working on AWS EC2
- pls update to 0.12.5
- Updated clone of this repo
- openconnect disconnect every 5 min HOT 2
- Locking error in OpenConnect account creation
- Check user traffic
- can't use all option for group
- Suggestion: Let's merge the https://github.com/aminvakil/docker-ocserv fork here HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-ocserv.