hi again:)
if you could add a way that ocserv blocks IR ips it would be much harder for them to block and detect it

After rebooting server vpn is connecting but the download speed is showing zero and can not open anything is there any solution solve this problem?

I can't start ocserv after installing with a shell script, my system is Ubuntu23.04.

Hi,

Thank you for this great and easy-to-setup guide. I successfully created an openconnect connection using your guide and everything seems to be fine. However, my connection gets terminated by the server after roughly about 4 minutes. I tried tampering with dpd and keepalive variables as I thought something had to do with them but nothing changed. Every time I get this message at the end of the connection.

Received server disconnect
Send BYE packet: Server request
Session terminated by server; exiting.

Any ideas on how this can be fixed?

Thx

Anyconnect successfully connected, but no network, the network card displays' No network access permission '.
If installing using Docker, it will automatically disconnect after 4 minutes of connection and require reconnection.
How to solve this problem.

I am running docker on my VPS with Ubuntu 18.04.6 LTS , I test with "openconnect -v $myhostIP" command on my mac (the behavior is the same on my android phone) but for some reason after asking for user and pass it returns this error. Here is the tail of connection log: (I have redacted THE_KEY)

Got HTTP response: HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: text/xml
Content-Length: 189
X-Transcend-Version: 1
Set-Cookie: webvpncontext=ALV+Xl8mSC6ClMtGD7e0Ed9eBYpUet6upEB3XhLLjoM=; Secure
Set-Cookie: webvpn=; Secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure
Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:THE_KEY.; path=/; Secure
HTTP body length: (189)
Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Cookie is not acceptable
Creating SSL connection failed
Cookie was rejected by server; exiting.

I am not sure if it is related to ipv6, but shouldn't ipv6 be disabled in sysctl?

Hi, thank you for this amazing work.
I have 2 questions (docker version):

1. How can we change the port number after creating the container.
   Let's say we have configured like 443:443
   and now we want to change it to 1234:443
   Is there an option to do it without deleting and recreating the container?

2. How can we backup and restore the user/password file?
   It should be under /etc/ocserv but how can we access it?
   If we want to rebuild the image with our own ocserv.conf file, we need to backup this file before that.

Thank you again.

OC: CentOS 8

Command history:

# docker run --name ocserv --privileged -p 443:443 -p 443:443/udp -d --restart unless-stopped ocserv
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
1b12cc60ca1d65e234acb6096ea5679367d4084e3482a041ed6c3b67306c1230

# docker exec -ti ocserv ocpasswd -c /etc/ocserv/ocpasswd username
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Error: can only start exec sessions when their container is running: container state improper

How to fix this?

hi
is it possible to add domain in docker install and use domain instead of ip add?
and it would be great if you add more features to it
tnx!

hello
can i help me to see users and how much spendn data

Hi, Thank you for your repo and contribution.
Is it possible to make it work over ArvanCloud CDN ?
I am currently running shadowsocks over v2ray with CDN method.
would they be able to still detect udp traffic if i run this over CDN ?

Thanks

Hi
can we limit server to 1 username / password that only used by one device at same time?
another question, iPhone devices can connect to server with AnyConnect App downloaded from Apple AppStore?

systemctl status ocserv.service

× ocserv.service - OpenConnect SSL VPN server
Loaded: loaded (/etc/systemd/system/ocserv.service; enabled; vendo> Active: failed (Result: exit-code) since Mon 2022-11-21 09:48:25 U> Docs: man:ocserv(8)
Process: 512191 ExecStart=/usr/local/sbin/ocserv --foreground --pid> Main PID: 512191 (code=exited, status=1/FAILURE)
CPU: 11ms

Nov 21 09:48:25 Danial systemd[1]: Started OpenConnect SSL VPN server.
Nov 21 09:48:25 Danial ocserv[512191]: This application is part of ocse>Nov 21 09:48:25 Danial systemd[1]: ocserv.service: Main process exited,>Nov 21 09:48:25 Danial systemd[1]: ocserv.service: Failed with result '>lines 1-12/12 (END)

Hi for docker build it stuck at connecting to ftp is it only for me? Is there something i can do?

Hello man, I set the VPN server up and I am able to connect to it with OpenConnect application. now I was wondering how can I connect to the server with android devices?
Thanks

I ran the script on my ubuntu server and it's working. I can connect via windows client openconnect app. But the android client is not working.

11:48:08 LIB: SSL connection failure: The operation timed out
11:48:08 LIB: Failed to open HTTPS connection to vpn..org
11:48:08 VPN terminated with errors
11:49:28 STAT: attempt=1; first=10/1/22 11:47 AM; prev=10/1/22 11:47 AM
11:49:28 STAT: connect=0; first=NEVER; prev=NEVER
11:49:28 STAT: cancel=1; first=10/1/22 11:48 AM; prev=10/1/22 11:48 AM
11:49:28 LIB: POST https://vpn.***
11:49:32 LIB: Attempting to connect to server ***:443
11:49:32 LIB: Connected to ***:443
11:49:32 LIB: SSL negotiation with vpn..org
11:50:12 LIB: SSL connection failure: The operation timed out
11:50:12 LIB: Failed to open HTTPS connection to vpn..org
11:50:12 Error obtaining cookie
11:50:16 VPN terminated with errors

I always get this and i cant connect to vpn
ocserv[814753]: PAM-auth pam_auth_pass: Authentication failure

Can you add ipv6 support in docker, thanks

HOW DO I ENABLE IPV6 IN DOCKER? I HAVE AN IPV6 ADDRESS AND I WANT TO ENABLE IPV6 EXIT.

shell_exec("docker exec -ti ocserv ocpasswd -c /etc/ocserv/ocpasswd testUserName");
is working but it needs password in second step is there anyway to add new user by one command?

after install on ubonto 16.04, i can connect suscessfuly by android openconnect app to server ,but cant access to internet
rx data is 0 byte
how i can solve this problem?

Hi.
I watch youtube toturial and config the server step by step.

when I want to connect to the server with openconnect -b [SERVER IP ADDRESS]
i get this :

SSL negotiation with [SERVER IP ADDRESS]
Server certificate verify failed: signer not found

Certificate from VPN server "[SERVER IP ADDRESS]" failed verification.
Reason: signer not found

then ask me if I want to continue or NOT,
after accepting that I enter my username and password and then connected successfully.

everything is ok and I have internet access well. But after a few minutes openconnect failed with :

received server disconnect
Send BYE packet: Server request
Session terminated by server; exiting.

i tried with anyConnect Cisco(ubuntu)/openconnect(ubuntu)/openconnect(android) and give same error.
How can I fix it?

this is the ubuntu 22.04 openconnect client version :

OpenConnect version v8.20-1
Using GnuTLS 3.7.3. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /usr/share/vpnc-scripts/vpnc-script

Hello good time
Thank you for your strong and good source code
I have a problem. I installed it on my Ubuntu server through Docker, but it connects to some ISPs and not to others
Is there a way I can connect to more ISP (internet service provider) ?

After about four minutes, the VPN connection is disconnected with this error and I have to log in again to connect.

"The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication."

Hello. I don't know if this is the right place to ask the question.

I am using ocserv 1.1.3 for Rocky linux. And if I follow the authorization link in the browser, I will get the browser's xml response.(GET 200 ok)

<config-auth client="vpn" type="auth-request">
<version who="sg">0.1(1)</version>
<auth id="main">
<message>Please enter your username.</message>
<form method="post" action="/auth"> </form>
</auth>
</config-auth> 

This is strange, because I do not use a browser for authorization, but use a special client program. How can I disable the display of the authorization message in the browser or replace it with my own custom message? I don’t need other people to know that I had a vpn on port 443, and the message in the browser unmasks this

Hi
I get this log in anyconnect client:

POST https://x.x.x.x/
Attempting to connect to server x.x.x.x:443
Connected to x.x.x.x:443
There was a non-CA certificate in the trusted list: OU=Copyright (c) 1997 Microsoft Corp.,OU=Microsoft Corporation,CN=Microsoft Root Authority.
There was a non-CA certificate in the trusted list: C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority.
There was a non-CA certificate in the trusted list: CN=Root Agency.
SSL negotiation with x.x.x.x
SSL connection failure: The operation timed out
Failed to open HTTPS connection to x.x.x.x
Authentication error; cannot obtain cookie
Disconnected

I am using this repository on 3 ubuntu servers.
On 2 of them it works perfectly but I can not connect to the other one.
I've tried both AnyConnect and OpenConnect.

The message from AnyConnect:
The secure gateway had rejected the connection attempt.

And the logs from OpenConnect after posting the password:
18:16:48 LIB: Got HTTP response: HTTP/1.1 200 OK
18:16:48 LIB: Connection: Keep-Alive
18:16:48 LIB: Content-Type: text/xml
18:16:48 LIB: Content-Length: 189
18:16:48 LIB: X-Transcend-Version: 1
18:16:48 LIB: Set-Cookie: webvpncontext=AFYAJ.../gO4Mo.../5qps...; Secure
18:16:48 LIB: Set-Cookie: webvpn=<elided>; Secure
18:16:48 LIB: Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure
18:16:48 LIB: Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:1C27B8C...; path=/; Secure
18:16:48 LIB: HTTP body length: (189)
18:16:48 LIB: TCP_INFO rcv mss 1408, snd mss 1408, adv mss 1448, pmtu 1500
18:16:48 LIB: Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Cookie is not acceptable
18:16:48 Error establishing CSTP connection
18:16:50 VPN terminated with errors

It might be because of the expiration date of the cookie which is 01-01-1970. Or maybe not?
How can I fix this?

Wrong. This is not the issue, as the dates on the other servers are the same: 01011970.

Any help will be appreciated.
Thanks

It is not possible to connect to a VPN by connecting to the internet through some ISPs such as Irancell (one of Iran's operators).
Is there a solution to this problem?

Does ocserv-install.sh script support debian12?

I configured open connect server on docker on an Ubuntu 22.04 . every time the connection is terminated after a while. as I see the config file there has been put in this repo is a parameter named "auth_timeout". how can I edit that parameter value?

Hi,
1- i cannot connect to the ocserv ( run with docker ) with anyconnect client

2- when i try connect to the osserv in android with openconnect client more than once i can't connect.

how to config ocserv.conf ?
how can i fix this ?

thank's

Hi
My Installation process finished successfully and Although I can connect through AnyConnect GUI, but still can't open any site, where did I mistake?

2023-01-14 18:57:00 | 45bc | Please enter your password.
2023-01-14 18:57:00 | 45bc | Password form: password
2023-01-14 18:57:04 | 45bc | POST https://[ip of my vps]/auth
2023-01-14 18:57:04 | 45bc | Got HTTP response: HTTP/1.1 200 OK
2023-01-14 18:57:04 | 45bc | Connection: Keep-Alive
2023-01-14 18:57:04 | 45bc | Content-Type: text/xml
2023-01-14 18:57:04 | 45bc | Content-Length: 189
2023-01-14 18:57:04 | 45bc | X-Transcend-Version: 1
2023-01-14 18:57:04 | 45bc | Set-Cookie: webvpncontext=AOb9aSq47n2R71AhI6XSXKzn4EM+4gAESINc9I9tWaE=; Secure
2023-01-14 18:57:04 | 45bc | Set-Cookie: webvpn=; Secure
2023-01-14 18:57:04 | 45bc | Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure
2023-01-14 18:57:04 | 45bc | Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:4DADD575EBD27C634B891030BB14C9FCEA3E1EEE; path=/; Secure
2023-01-14 18:57:04 | 45bc | HTTP body length: (189)
2023-01-14 18:57:04 | 45bc | Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Cookie is not acceptable
2023-01-14 18:57:04 | 45bc | Error establishing the CSTP channel
2023-01-14 18:57:04 | 1ac4 | Disconnected

vps vultr

First of all, thanks for this script. It really help a lot.

I tried two installation modes, for the second script mode, it's working well.

For the docker mode, following the guide, can install and connect successfully, but seems unstable.
Every 2 or 3 minutes, it disconnected automatically and need to re-connect, after almost same time, it disconnected again.
Server OS: Ubuntu 22 LTS
Client OS: macOS 12
Client: Anyconnect (latest version)
Server docker version: 23.03

Hope this issue be fixed.

I used to implement your script with no fault. Recently however it looks like there is a couple of bugs showing up. Server DNS e.g. is disrupted after the install and I need to reconfigure it. On which Linux releases have you tried it?

So when I run the script on my server, everything is fine for 2 or 3 days. But after that, my IP address doesn't change when I connect to the server. It seems like the traffic is not going through the VPN server and something is wrong with the routing. I compared the logs from the first and last day. No differences.

hi,

I installed it with the installer and created a user,then I tried to connect with anyconnect,after entering username and password, it says login failed

Hi
Thanks for amazing script

I saw only 1 iptables command that iptables -t nat -A POSTROUTING -j MASQUERADE!
what should I do if want to start service on another port?

and another question is , I have a censored network but with a vps in my country I can access to uncensored network
how I can tunnel openconnect with iptables or firewalld in my country vps to my openconnect server?

btw I config open connect on Centos 7 and its work great , just want to tunnel from my country server to my openconnect server because sometimes I can't access directly to my openconnect server

Thanks in Advance. <3

Hi! how to install web panel of ocserv any idea can you plz share Thanks!

Debian 12.1 No network after installing links using sh scripts

Hi,
this setup works perfectly for openconnect on android devices but from a brief search on internet I found out you need to import your certification for anyconnect os android or ios
tryin to import my server-cert.pem i realized it's password protected and i dont know the password.
can anyone help with ios connection ?

Install version 1.1.7 of ocserv and support Ubuntu 22.04.

Connection keeps reconnecting.

2023-07-03 17:21:33 | 614c | SSL read error: The TLS connection was non-properly terminated.; reconnecting.
2023-07-03 17:21:33 | 614c | SSL negotiation with 129.153.152.36
2023-07-03 17:21:33 | 614c | Server certificate verify failed: signer not found
2023-07-03 17:21:34 | 614c | Connected to HTTPS on 129.153.152.36

非常感谢

ocserv[18851]: error in plain authentication; cannot open: /etc/ocserv/ocpasswd

upon connecting with a client this message is shown.