I just realized I sent this personally to David and not the mailing list, my apologies. On Wed, Oct 7, 2009 at 1:36 AM, David Woodhouse <dwmw2 at infradead.org> wrote: > > Hm, I've no idea what that means. Does the official Cisco client work, > and can you compare the traffic it generates with the traffic from > openconnect? Thank you for the quick response. The official cisco client does work, below is the tcpdump comparing anyconnect to openconnect. Here's the tcpdump of the official cisco anyconnect client performing a successful authentication: 12:20:01.060513 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [S], seq 1236045847, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 560059998 ecr 0,sackOK,eol], length 0 12:20:01.089790 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [S.], seq 2668914402, ack 1236045848, win 8192, options [mss 1380], length 0 12:20:01.089857 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [.], ack 1, win 65535, length 0 12:20:01.091027 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [P.], seq 1:61, ack 1, win 65535, length 60 12:20:01.120728 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [.], ack 61, win 8192, length 0 12:20:01.120886 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [P.], seq 1:865, ack 61, win 8192, length 864 12:20:01.120933 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [.], ack 865, win 65535, length 0 12:20:01.182111 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [P.], seq 61:247, ack 865, win 65535, length 186 12:20:01.196182 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [.], ack 247, win 8192, length 0 12:20:01.197513 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [P.], seq 865:912, ack 247, win 8192, length 47 12:20:01.197547 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [.], ack 912, win 65535, length 0 12:20:01.197813 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [P.], seq 247:452, ack 912, win 65535, length 205 12:20:01.214195 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [.], ack 452, win 8192, length 0 12:20:01.222321 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [P.], seq 912:1233, ack 452, win 8192, length 321 12:20:01.222366 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [.], ack 1233, win 65535, length 0 12:20:01.222902 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [P.], seq 452:676, ack 1233, win 65535, length 224 12:20:01.240819 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [.], ack 676, win 8192, length 0 12:20:01.240901 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [P.], seq 1233:1474, ack 676, win 8192, length 241 12:20:01.240943 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [.], ack 1474, win 65535, length 0 12:20:01.241050 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [P.], seq 676:703, ack 1474, win 65535, length 27 12:20:01.241132 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [F.], seq 703, ack 1474, win 65535, length 0 12:20:01.241460 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [FP.], seq 1474, ack 676, win 8192, length 0 12:20:01.241472 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [F.], seq 703, ack 1475, win 65535, length 0 12:20:01.241527 IP 192.168.1.100.54955 > vpn.mycompany.com.https: Flags [S], seq 3308797588, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 560060000 ecr 0,sackOK,eol], length 0 12:20:01.257767 IP vpn.mycompany.com.https > 192.168.1.100.54954: Flags [R], seq 2668915876, win 8192, length 0 12:20:01.270032 IP vpn.mycompany.com.https > 192.168.1.100.54955: Flags [S.], seq 1016403697, ack 3308797589, win 8192, options [mss 1380], length 0 12:20:01.270089 IP 192.168.1.100.54955 > vpn.mycompany.com.https: Flags [.], ack 1, win 65535, length 0 12:20:01.270299 IP 192.168.1.100.54955 > vpn.mycompany.com.https: Flags [P.], seq 1:93, ack 1, win 65535, length 92 12:20:01.286664 IP vpn.mycompany.com.https > 192.168.1.100.54955: Flags [.], ack 93, win 8192, length 0 12:20:01.288218 IP vpn.mycompany.com.https > 192.168.1.100.54955: Flags [P.], seq 1:1025, ack 93, win 8192, length 1024 12:20:01.288261 IP 192.168.1.100.54955 > vpn.mycompany.com.https: Flags [.], ack 1025, win 65535, length 0 12:20:02.222850 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [FP.], seq 676:703, ack 1475, win 65535, length 27 12:20:04.224729 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [FP.], seq 676:703, ack 1475, win 65535, length 27 12:20:08.228230 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [FP.], seq 676:703, ack 1475, win 65535, length 27 12:20:12.754228 IP 192.168.1.100.54955 > vpn.mycompany.com.https: Flags [P.], seq 93:1179, ack 1025, win 65535, length 1086 12:20:12.777123 IP vpn.mycompany.com.https > 192.168.1.100.54955: Flags [.], ack 1179, win 8192, length 0 12:20:12.796408 IP vpn.mycompany.com.https > 192.168.1.100.54955: Flags [P.], seq 1025:1072, ack 1179, win 8192, length 47 12:20:12.796439 IP 192.168.1.100.54955 > vpn.mycompany.com.https: Flags [.], ack 1072, win 65535, length 0 12:20:12.796654 IP 192.168.1.100.54955 > vpn.mycompany.com.https: Flags [F.], seq 1179, ack 1072, win 65535, length 0 12:20:12.824161 IP vpn.mycompany.com.https > 192.168.1.100.54955: Flags [.], ack 1180, win 8192, length 0 12:20:12.824166 IP vpn.mycompany.com.https > 192.168.1.100.54955: Flags [FP.], seq 1072, ack 1180, win 8192, length 0 12:20:12.824232 IP 192.168.1.100.54955 > vpn.mycompany.com.https: Flags [.], ack 1072, win 65535, length 0 12:20:12.824259 IP 192.168.1.100.54955 > vpn.mycompany.com.https: Flags [.], ack 1073, win 65535, length 0 12:20:16.236835 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [FP.], seq 676:703, ack 1475, win 65535, length 27 12:20:18.580082 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [S], seq 3875404239, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 560060173 ecr 0,sackOK,eol], length 0 12:20:18.601083 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [S.], seq 3995705430, ack 3875404240, win 8192, options [mss 1380], length 0 12:20:18.601154 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [.], ack 1, win 65535, length 0 12:20:18.601282 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [P.], seq 1:61, ack 1, win 65535, length 60 12:20:18.615561 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [.], ack 61, win 8192, length 0 12:20:18.616968 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [P.], seq 1:1025, ack 61, win 8192, length 1024 12:20:18.617038 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [.], ack 1025, win 65535, length 0 12:20:18.625429 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [P.], seq 61:1147, ack 1025, win 65535, length 1086 12:20:18.647783 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [.], ack 1147, win 8192, length 0 12:20:18.655313 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [P.], seq 1025:1072, ack 1147, win 8192, length 47 12:20:18.655389 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [.], ack 1072, win 65535, length 0 12:20:18.655643 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [P.], seq 1147:1352, ack 1072, win 65535, length 205 12:20:18.694396 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [.], ack 1352, win 8192, length 0 12:20:18.702518 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [P.], seq 1072:1393, ack 1352, win 8192, length 321 12:20:18.702583 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [.], ack 1393, win 65535, length 0 12:20:18.702915 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [P.], seq 1352:1576, ack 1393, win 65535, length 224 12:20:18.721530 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [.], ack 1576, win 8192, length 0 12:20:18.724336 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [P.], seq 1393:2442, ack 1576, win 8192, length 1049 12:20:18.724365 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [.], ack 2442, win 65535, length 0 12:20:18.728120 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [P.], seq 2442:2591, ack 1576, win 8192, length 149 12:20:18.728183 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [.], ack 2591, win 65535, length 0 12:20:18.728263 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [P.], seq 1576:1603, ack 2591, win 65535, length 27 12:20:18.728342 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [F.], seq 1603, ack 2591, win 65535, length 0 12:20:18.728978 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [FP.], seq 2591, ack 1576, win 8192, length 0 12:20:18.728992 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [F.], seq 1603, ack 2592, win 65535, length 0 12:20:18.771409 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [.], ack 1576, win 8192, length 0 12:20:18.771414 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [.], ack 1576, win 8192, length 0 12:20:18.771465 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [FP.], seq 1576:1603, ack 2592, win 65535, length 27 12:20:19.740257 IP 192.168.1.100.54964 > vpn.mycompany.com.https: Flags [FP.], seq 1576:1603, ack 2592, win 65535, length 27 12:20:19.760490 IP vpn.mycompany.com.https > 192.168.1.100.54964: Flags [R], seq 3995708022, win 8192, length 0 12:20:32.256530 IP 192.168.1.100.54954 > vpn.mycompany.com.https: Flags [FP.], seq 676:703, ack 1475, win 65535, length 27 12:20:36.089459 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [S], seq 1733500268, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 560060348 ecr 0,sackOK,eol], length 0 12:20:36.106647 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [S.], seq 550699935, ack 1733500269, win 8192, options [mss 1380], length 0 12:20:36.106689 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 1, win 65535, length 0 12:20:36.106847 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [P.], seq 1:93, ack 1, win 65535, length 92 12:20:36.125834 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [.], ack 93, win 8192, length 0 12:20:36.125862 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 1:127, ack 93, win 8192, length 126 12:20:36.125883 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 127, win 65535, length 0 12:20:36.126385 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [P.], seq 93:140, ack 127, win 65535, length 47 12:20:36.148046 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [.], ack 140, win 8192, length 0 12:20:36.148137 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [P.], seq 140:496, ack 127, win 65535, length 356 12:20:36.169853 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [.], ack 496, win 8192, length 0 12:20:36.177141 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 127:864, ack 496, win 8192, length 737 12:20:36.177189 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 864, win 65535, length 0 12:20:36.178151 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [P.], seq 496:983, ack 864, win 65535, length 487 12:20:36.195746 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [.], ack 983, win 8192, length 0 12:20:36.196261 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 864:1913, ack 983, win 8192, length 1049 12:20:36.196318 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 1913, win 65535, length 0 12:20:36.198001 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 1913:2962, ack 983, win 8192, length 1049 12:20:36.198077 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 2962, win 65535, length 0 12:20:36.198281 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 2962:4011, ack 983, win 8192, length 1049 12:20:36.198336 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 4011, win 65535, length 0 12:20:36.198706 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 4011:5060, ack 983, win 8192, length 1049 12:20:36.198752 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 5060, win 65535, length 0 12:20:36.199105 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 5060:6109, ack 983, win 8192, length 1049 12:20:36.199139 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 6109, win 65535, length 0 12:20:36.200862 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 6109:7158, ack 983, win 8192, length 1049 12:20:36.200919 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 7158, win 65535, length 0 12:20:36.203464 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 7158:8207, ack 983, win 8192, length 1049 12:20:36.203505 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 8207, win 65535, length 0 12:20:36.203843 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 8207:9140, ack 983, win 8192, length 933 12:20:36.203903 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 9140, win 65535, length 0 12:20:36.204241 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [P.], seq 983:1471, ack 9140, win 65535, length 488 12:20:36.229103 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [.], ack 1471, win 8192, length 0 12:20:36.231108 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [P.], seq 9140:9261, ack 1471, win 8192, length 121 12:20:36.231149 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 9261, win 65535, length 0 12:20:36.231268 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [P.], seq 1471:1498, ack 9261, win 65535, length 27 12:20:36.231308 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [F.], seq 1498, ack 9261, win 65535, length 0 12:20:36.231796 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [S], seq 3616133424, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 560060349 ecr 0,sackOK,eol], length 0 12:20:36.256469 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [.], ack 1498, win 8192, length 0 12:20:36.256499 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [.], ack 1499, win 8192, length 0 12:20:36.256533 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [F.], seq 1498, ack 9261, win 65535, length 0 12:20:36.256573 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 9261, win 65535, length 0 12:20:36.257302 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [S.], seq 446283481, ack 3616133425, win 8192, options [mss 1380], length 0 12:20:36.257361 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 1, win 65535, length 0 12:20:36.257556 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [P.], seq 1:93, ack 1, win 65535, length 92 12:20:36.257698 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [FP.], seq 9261, ack 1499, win 8192, length 0 12:20:36.257748 IP 192.168.1.100.54974 > vpn.mycompany.com.https: Flags [.], ack 9262, win 65535, length 0 12:20:36.271818 IP vpn.mycompany.com.https > 192.168.1.100.54974: Flags [.], ack 1499, win 8192, length 0 12:20:36.280949 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [.], ack 93, win 8192, length 0 12:20:36.280982 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 1:127, ack 93, win 8192, length 126 12:20:36.281034 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 127, win 65535, length 0 12:20:36.281308 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [P.], seq 93:140, ack 127, win 65535, length 47 12:20:36.299883 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [.], ack 140, win 8192, length 0 12:20:36.299961 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [P.], seq 140:627, ack 127, win 65535, length 487 12:20:36.315984 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [.], ack 627, win 8192, length 0 12:20:36.316337 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 127:1176, ack 627, win 8192, length 1049 12:20:36.316374 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 1176, win 65535, length 0 12:20:36.317202 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 1176:2225, ack 627, win 8192, length 1049 12:20:36.317246 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 2225, win 65535, length 0 12:20:36.317746 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 2225:3274, ack 627, win 8192, length 1049 12:20:36.317810 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 3274, win 65535, length 0 12:20:36.318293 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 3274:4323, ack 627, win 8192, length 1049 12:20:36.318361 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 4323, win 65535, length 0 12:20:36.318871 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 4323:5372, ack 627, win 8192, length 1049 12:20:36.318934 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 5372, win 65535, length 0 12:20:36.324035 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 5372:6421, ack 627, win 8192, length 1049 12:20:36.324077 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 6421, win 65535, length 0 12:20:36.325204 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 6421:7470, ack 627, win 8192, length 1049 12:20:36.325259 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 7470, win 65535, length 0 12:20:36.325595 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 7470:8253, ack 627, win 8192, length 783 12:20:36.325610 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 8253, win 65535, length 0 12:20:36.325872 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [P.], seq 627:1115, ack 8253, win 65535, length 488 12:20:36.345905 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [.], ack 1115, win 8192, length 0 12:20:36.346631 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 8253:8395, ack 1115, win 8192, length 142 12:20:36.346655 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 8395, win 65535, length 0 12:20:36.346989 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [P.], seq 1115:1611, ack 8395, win 65535, length 496 12:20:36.367203 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [.], ack 1611, win 8192, length 0 12:20:36.368408 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [P.], seq 8395:8572, ack 1611, win 8192, length 177 12:20:36.368479 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 8572, win 65535, length 0 12:20:36.582802 IP 192.168.1.100.54977 > vpn.mycompany.com.https: Flags [S], seq 23323294, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 560060353 ecr 0,sackOK,eol], length 0 12:20:36.594739 IP vpn.mycompany.com.https > 192.168.1.100.54977: Flags [S.], seq 4218039093, ack 23323295, win 8192, options [mss 1380], length 0 12:20:36.594774 IP 192.168.1.100.54977 > vpn.mycompany.com.https: Flags [.], ack 1, win 65535, length 0 12:20:36.596063 IP 192.168.1.100.54977 > vpn.mycompany.com.https: Flags [P.], seq 1:65, ack 1, win 65535, length 64 12:20:36.616774 IP vpn.mycompany.com.https > 192.168.1.100.54977: Flags [.], ack 65, win 8192, length 0 12:20:36.617011 IP vpn.mycompany.com.https > 192.168.1.100.54977: Flags [P.], seq 1:1025, ack 65, win 8192, length 1024 12:20:36.617042 IP 192.168.1.100.54977 > vpn.mycompany.com.https: Flags [.], ack 1025, win 65535, length 0 12:20:36.617460 IP 192.168.1.100.54977 > vpn.mycompany.com.https: Flags [P.], seq 65:72, ack 1025, win 65535, length 7 12:20:36.617577 IP 192.168.1.100.54977 > vpn.mycompany.com.https: Flags [F.], seq 72, ack 1025, win 65535, length 0 12:20:36.617679 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [S], seq 1434024797, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 560060353 ecr 0,sackOK,eol], length 0 12:20:36.633318 IP vpn.mycompany.com.https > 192.168.1.100.54977: Flags [.], ack 72, win 8192, length 0 12:20:36.633323 IP vpn.mycompany.com.https > 192.168.1.100.54977: Flags [FP.], seq 1025, ack 72, win 8192, length 0 12:20:36.633383 IP 192.168.1.100.54977 > vpn.mycompany.com.https: Flags [F.], seq 72, ack 1025, win 65535, length 0 12:20:36.633424 IP 192.168.1.100.54977 > vpn.mycompany.com.https: Flags [F.], seq 72, ack 1026, win 65535, length 0 12:20:36.633457 IP vpn.mycompany.com.https > 192.168.1.100.54977: Flags [.], ack 73, win 8192, length 0 12:20:36.633484 IP 192.168.1.100.54977 > vpn.mycompany.com.https: Flags [.], ack 1026, win 65535, length 0 12:20:36.634324 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [S.], seq 152462263, ack 1434024798, win 8192, options [mss 1380], length 0 12:20:36.634388 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 1, win 65535, length 0 12:20:36.634506 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [P.], seq 1:65, ack 1, win 65535, length 64 12:20:36.645198 IP vpn.mycompany.com.https > 192.168.1.100.54977: Flags [.], ack 73, win 8192, length 0 12:20:36.651503 IP vpn.mycompany.com.https > 192.168.1.100.54977: Flags [.], ack 73, win 8192, length 0 12:20:36.654826 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [.], ack 65, win 8192, length 0 12:20:36.655398 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [P.], seq 1:1025, ack 65, win 8192, length 1024 12:20:36.655516 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 1025, win 65535, length 0 12:20:36.656345 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [P.], seq 65:263, ack 1025, win 65535, length 198 12:20:36.674990 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [.], ack 263, win 8192, length 0 12:20:36.676538 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [P.], seq 1025:1072, ack 263, win 8192, length 47 12:20:36.676589 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 1072, win 65535, length 0 12:20:36.676789 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [P.], seq 263:549, ack 1072, win 65535, length 286 12:20:36.693863 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [.], ack 549, win 8192, length 0 12:20:36.697054 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [P.], seq 1072:1287, ack 549, win 8192, length 215 12:20:36.697110 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 1287, win 65535, length 0 12:20:36.697210 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [P.], seq 1287:1380, ack 549, win 8192, length 93 12:20:36.697251 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 1380, win 65535, length 0 12:20:36.697373 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [P.], seq 1380:1412, ack 549, win 8192, length 32 12:20:36.697404 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 1412, win 65535, length 0 12:20:36.741962 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [P.], seq 549:792, ack 1412, win 65535, length 243 12:20:36.765536 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [.], ack 792, win 8192, length 0 12:20:36.765742 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [P.], seq 1412:1750, ack 792, win 8192, length 338 12:20:36.765789 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 1750, win 65535, length 0 12:20:36.766764 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [P.], seq 792:1081, ack 1750, win 65535, length 289 12:20:36.785302 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [.], ack 1081, win 8192, length 0 12:20:36.787790 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [P.], seq 1750:1965, ack 1081, win 8192, length 215 12:20:36.787821 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [P.], seq 1965:2058, ack 1081, win 8192, length 93 12:20:36.787866 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 1965, win 65535, length 0 12:20:36.787905 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 2058, win 65535, length 0 12:20:36.788278 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [P.], seq 2058:2090, ack 1081, win 8192, length 32 12:20:36.788297 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 2090, win 65535, length 0 12:20:36.789205 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [P.], seq 1081:1108, ack 2090, win 65535, length 27 12:20:36.789247 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [F.], seq 1108, ack 2090, win 65535, length 0 12:20:36.805811 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [.], ack 1108, win 8192, length 0 12:20:36.805816 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [.], ack 1109, win 8192, length 0 12:20:36.805889 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [F.], seq 1108, ack 2090, win 65535, length 0 12:20:36.805911 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 2090, win 65535, length 0 12:20:36.806013 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [FP.], seq 2090, ack 1109, win 8192, length 0 12:20:36.806026 IP 192.168.1.100.54978 > vpn.mycompany.com.https: Flags [.], ack 2091, win 65535, length 0 12:20:36.818231 IP vpn.mycompany.com.https > 192.168.1.100.54978: Flags [.], ack 1109, win 8192, length 0 12:20:37.001393 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [S], seq 826985517, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 560060357 ecr 0,sackOK,eol], length 0 12:20:37.019579 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [S.], seq 715852496, ack 826985518, win 8192, options [mss 1380], length 0 12:20:37.019627 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [.], ack 1, win 65535, length 0 12:20:37.020048 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [P.], seq 1:61, ack 1, win 65535, length 60 12:20:37.036620 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [.], ack 61, win 8192, length 0 12:20:37.037014 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [P.], seq 1:1025, ack 61, win 8192, length 1024 12:20:37.037039 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [.], ack 1025, win 65535, length 0 12:20:37.114578 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [P.], seq 61:259, ack 1025, win 65535, length 198 12:20:37.130078 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [.], ack 259, win 8192, length 0 12:20:37.132345 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [P.], seq 1025:1072, ack 259, win 8192, length 47 12:20:37.132397 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [.], ack 1072, win 65535, length 0 12:20:37.132875 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [P.], seq 259:885, ack 1072, win 65535, length 626 12:20:37.154141 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [.], ack 885, win 8192, length 0 12:20:37.156021 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [P.], seq 1072:1761, ack 885, win 8192, length 689 12:20:37.156047 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [.], ack 1761, win 65535, length 0 12:20:39.362390 IP 192.168.1.100.64134 > vpn.mycompany.com.https: UDP, length 99 12:20:39.380738 IP vpn.mycompany.com.https > 192.168.1.100.64134: UDP, length 28 12:20:39.380930 IP 192.168.1.100.64134 > vpn.mycompany.com.https: UDP, length 99 12:20:39.397862 IP vpn.mycompany.com.https > 192.168.1.100.64134: UDP, length 188 12:20:39.398255 IP 192.168.1.100.64134 > vpn.mycompany.com.https: UDP, length 93 12:20:39.430862 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [P.], seq 1611:1638, ack 8572, win 65535, length 27 12:20:39.430942 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [F.], seq 1638, ack 8572, win 65535, length 0 12:20:39.448277 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [.], ack 1638, win 8192, length 0 12:20:39.448329 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [F.], seq 1638, ack 8572, win 65535, length 0 12:20:39.448420 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [.], ack 1639, win 8192, length 0 12:20:39.448454 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 8572, win 65535, length 0 12:20:39.448762 IP vpn.mycompany.com.https > 192.168.1.100.54975: Flags [FP.], seq 8572, ack 1639, win 8192, length 0 12:20:39.448799 IP 192.168.1.100.54975 > vpn.mycompany.com.https: Flags [.], ack 8573, win 65535, length 0 12:20:43.119769 IP 192.168.1.100.64134 > vpn.mycompany.com.https: UDP, length 61 12:20:43.120728 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [P.], seq 885:971, ack 1761, win 65535, length 86 12:20:43.120805 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [P.], seq 971:998, ack 1761, win 65535, length 27 12:20:43.120821 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [F.], seq 998, ack 1761, win 65535, length 0 12:20:43.139655 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [.], ack 971, win 8192, length 0 12:20:43.139688 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [F.], seq 998, ack 1761, win 65535, length 0 12:20:43.141935 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [.], ack 998, win 8192, length 0 12:20:43.141949 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [F.], seq 998, ack 1761, win 65535, length 0 12:20:43.145763 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [.], ack 999, win 8192, length 0 12:20:43.145824 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [P.], seq 1761:1809, ack 999, win 8192, length 48 12:20:43.146049 IP vpn.mycompany.com.https > 192.168.1.100.54981: Flags [FP.], seq 1809, ack 999, win 8192, length 0 12:20:43.146408 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [.], ack 1761, win 65535, length 0 12:20:43.146427 IP 192.168.1.100.54981 > vpn.mycompany.com.https: Flags [R], seq 826986516, win 0, length 0 Here's the tcpdump of the failed openconnect session: 12:34:01.695690 IP 192.168.1.100.53539 > vpn.mycompany.com.https: S 2360598965:2360598965(0) win 5840 <mss 1460,sackOK,timestamp 822967 0,nop,wscale 7> 12:34:01.710685 IP vpn.mycompany.com.https > 192.168.1.100.53539: S 2523350849:2523350849(0) ack 2360598966 win 8192 <mss 1380> 12:34:01.710730 IP 192.168.1.100.53539 > vpn.mycompany.com.https: . ack 1 win 5840 12:34:01.778328 IP 192.168.1.100.53539 > vpn.mycompany.com.https: P 1:112(111) ack 1 win 5840 12:34:01.792094 IP vpn.mycompany.com.https > 192.168.1.100.53539: . ack 112 win 8192 12:34:01.792197 IP vpn.mycompany.com.https > 192.168.1.100.53539: P 1:865(864) ack 112 win 8192 12:34:01.792214 IP 192.168.1.100.53539 > vpn.mycompany.com.https: . ack 865 win 6912 12:34:01.813671 IP 192.168.1.100.53539 > vpn.mycompany.com.https: P 112:298(186) ack 865 win 6912 12:34:01.826095 IP vpn.mycompany.com.https > 192.168.1.100.53539: . ack 298 win 8192 12:34:01.827860 IP vpn.mycompany.com.https > 192.168.1.100.53539: P 865:912(47) ack 298 win 8192 12:34:01.828111 IP 192.168.1.100.53539 > vpn.mycompany.com.https: P 298:500(202) ack 912 win 6912 12:34:01.842259 IP vpn.mycompany.com.https > 192.168.1.100.53539: . ack 500 win 7990 12:34:01.842980 IP vpn.mycompany.com.https > 192.168.1.100.53539: . ack 500 win 8192 12:34:01.844777 IP vpn.mycompany.com.https > 192.168.1.100.53539: P 912:1112(200) ack 500 win 8192 12:34:01.844923 IP vpn.mycompany.com.https > 192.168.1.100.53539: P 1112:1291(179) ack 500 win 8192 12:34:01.844934 IP vpn.mycompany.com.https > 192.168.1.100.53539: P 1291:1323(32) ack 500 win 8192 12:34:01.845327 IP 192.168.1.100.53539 > vpn.mycompany.com.https: . ack 1323 win 10368 12:34:01.846101 IP 192.168.1.100.53539 > vpn.mycompany.com.https: F 500:500(0) ack 1323 win 10368 12:34:01.864047 IP vpn.mycompany.com.https > 192.168.1.100.53539: . ack 501 win 8192 12:34:01.864091 IP vpn.mycompany.com.https > 192.168.1.100.53539: FP 1323:1323(0) ack 501 win 8192 12:34:01.864108 IP 192.168.1.100.53539 > vpn.mycompany.com.https: . ack 1324 win 10368 If there's anything else I can provide to help debug the situation, please let me know. I would love to use openconnect, as all of our linux machines are 64bit and anyconnect is a pain to get working in 64bit environs. Thanks, James > > -- > dwmw2 > > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel at lists.infradead.org > http://bombadil.infradead.org/mailman/listinfo/openconnect-devel >
