I configured the ocserv on my Ubuntu server with this specefication in /etc/ocserv/ocserv.conf file:
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
tcp-port = 443
udp-port = 443
run-as-user = nobody
run-as-group = daemon
socket-file = /run/ocserv.socket
server-cert = /etc/ocserv/ssl/server-cert.pem
server-key = /etc/ocserv/ssl/server-key.pem
ca-cert = /etc/ocserv/ssl/ca-cert.pem
isolate-workers = true
#banner = Welcome
max-clients = 128
max-same-clients = 2
server-stats-reset-time = 604800
keepalive = 300
dpd = 60
mobile-dpd = 300
switch-to-tcp-timeout = 25
try-mtu-discovery = false
cert-user-oid = 0.9.2342.19200300.100.1.1
compression = true
no-compress-limit = 256
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
auth-timeout = 240
idle-timeout = 1200
mobile-idle-timeout = 1800
min-reauth-time = 300
max-ban-score = 80
ban-reset-time = 300
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = SERVER_IP
ipv4-network = 10.11.12.0
ipv4-netmask = 255.255.255.0
tunnel-all-dns = true
dns = 8.8.8.8
dns = 8.8.4.4
ping-leases = false
cisco-client-compat = true
dtls-legacy = true
Then when I want to connect to the server with my Ubuntu machine using OpenConnect, the connection will established but I'm receiving this message:
DTLS handshake failed: Resource temporarily unavailable, try again.
Configured as 10.11.12.127, with SSL + LZ4 connected and DTLS + LZ4 in progress
And then the first line will repeat every minute.
Is there any solution to fix that? Does my config file has some problems?
regarding to this source The problem was in firewall allowed list.
I allowed only PORT/tcp in ufw, then when I allowed the PORT/udp , the problem had been fixed.
ufw allow 443/tcp
ufw allow 443/udp