On 8/7/2010 1:33 PM, David Woodhouse wrote: > > If you're going to do any serious testing, I would advise that you fix > this first: > > On Fri, 2010-08-06 at 23:25 -0500, Matthew Kitchin (public/usenet) wrote: >> SSL_set_session() failed with old protocol version 0x100 >> Are you using a version of OpenSSL older than 0.9.8m? >> See http://rt.openssl.org/Ticket/Display.html?id=1751 >> Use the --no-dtls command line option to avoid this message >> Set up DTLS failed; using SSL instead > As it is you're going to be using TCP instead of UDP, with all the > associated TCP-over-TCP problems if you have any kind of packet loss on > the underlying link between you and your VPN server. > > You'd do better using a more modern distribution like Fedora for your > testing -- everything should Just Work? out of the box. > > Failing that, rebuild openconnect so it statically links against a more > recent version of OpenSSL. Or just be aware of the issue, and how it may > affect certain aspects of your testing. > [root at VM-MKLinux script]# openssl version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 I guess I missed it by a few letters. I will upgrade openssl on my CentOS box. The version I have seems to be the most recent in the Yum repository.... I will get the newest manually. OpenWRT looks like it runs openssl-util_0.9.8m-3_ar71xx.ipk so I should be ok if/when I get to that point.