The No DTLS option seems to have fixed it. I guess I'm stuck using that. On 1/26/2012 9:47 PM, Matthew Kitchin (Public/Usenet) wrote: > Sorry for replying to my own email. I resolved the group issue. I > needed to use --authgroup= instead of --usergroup= > > This problem remains. I get this after the connection takes about 30 > seconds to start > > Established DTLS connection > DTLS Dead Peer Detection detected dead peer! > DTLS handshake failed: 1 > 22407:error:14102410:lib(20):func(258):reason(1040):NA:0:SSL alert > number 40 > > The last line is repeated every few seconds. > > On 1/26/2012 3:02 PM, Matthew Kitchin (public/usenet) wrote: >> I've been connecting to a Cisco ASA for some time with no issues. I'm >> now moving over to a different one at a new company. I get this error >> below. >> 20454:error:14102410:lib(20):func(258):reason(1040):NA:0:SSL alert >> number 40 >> every few minutes. >> The hits I can find on this are similar to this: >> http://www.mail-archive.com/openssl-users at openssl.org/msg51636.html >> Is this anything I should worry about? >> >> The initial connection also fails for about 30 seconds, and then >> comes up as soon as this text is displayed: >> Established DTLS connection >> DTLS Dead Peer Detection detected dead peer! >> DTLS handshake failed: 1 >> 20800:error:14102410:lib(20):func(258):reason(1040):NA:0:SSL alert >> number 40 >> I find this error on this topic: >> http://lists.infradead.org/pipermail/openconnect-devel/2011-May/000302.html >> >> >> I'm using OpenConnect version v2.25-unknown on OpenWRT backfire. I >> realize it is not the newest, but the package for OpenWRT doesn;t >> seem to get updated, I i completely failed when I attempted to do it >> myself. >> >> The only other issue I'm having is related to the group. My previous >> connection did not prompt for a group. This one does. I'm trying to >> keep this as an automated process, but I"m not having any luck with >> the --usergroup=GROUP switch. I doubt this is related to my issue, >> and so far I assume it is user error on my part. >> >> I'm not sure if my 2 problems above are related. If so, which one >> should I tackle first? >
