On Sat, 2010-08-07 at 12:46 -0500, Matthew Kitchin (public/usenet) wrote: > > AND Never mind..... > I can ping something on the 10.92.X.X segment. That works! I just can't > ping anything on the the 10.85.0.X segment. That could very well be > something on our end. Almost certainly. > I am up and running though! I will start putting it through some stress > tests to see if I can get better results that the workaround we had to > do with VPNC. If you're going to do any serious testing, I would advise that you fix this first: On Fri, 2010-08-06 at 23:25 -0500, Matthew Kitchin (public/usenet) wrote: > SSL_set_session() failed with old protocol version 0x100 > Are you using a version of OpenSSL older than 0.9.8m? > See http://rt.openssl.org/Ticket/Display.html?id=1751 > Use the --no-dtls command line option to avoid this message > Set up DTLS failed; using SSL instead As it is you're going to be using TCP instead of UDP, with all the associated TCP-over-TCP problems if you have any kind of packet loss on the underlying link between you and your VPN server. You'd do better using a more modern distribution like Fedora for your testing -- everything should Just Work? out of the box. Failing that, rebuild openconnect so it statically links against a more recent version of OpenSSL. Or just be aware of the issue, and how it may affect certain aspects of your testing. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation
