On Wed, Jun 27, 2012 at 09:16:10PM +0100, David Woodhouse wrote: > On Wed, 2012-06-27 at 12:09 -0500, Jack Miller wrote: > > Recently, I noticed that it's been segfaulting about every hour, so I > > built from git and fired it up in GDB. I got this backtrace: > > Secondary concern: why in hell are you seeing a CSTP reconnect every > hour anyway? Is this happening even while the connection is in use? Yes, I've had it disconnect me quite a bit while in the middle of long-ish transfers. > > Can you show the output of openconnect with the '-v' option as you > connect, and also as the disconnect/reconnect happens? I've appended the relevant sections of the log and redacted some of the network topology stuff - better safe than sorry. It appears that it's just configured that way (DTLS-Rekey-Time = 3600). As I mentioned before, I can't comment on the validity of the setup =). - Jack -------------------------------------------------------------------------- Attempting to connect to []:443 SSL negotiation with [] Matched DNS altname '[]' Connected to HTTPS on [] GET https://[]/ Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=UTF-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Wed, 27 Jun 2012 20:44:33 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) SSL negotiation with [] Matched DNS altname '[]' Connected to HTTPS on [] GET https://[]/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Fixed options give POST https://[]/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=<elided>; path=/; secure Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:CB201E91F1BA1E094A5648B92EF6B7BE121DCF94&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2FWatsonProfile.xml&fh:BC1A54FB5A8DDAF76F18FF9E9D5474CCAB8663B1; path=/; secure Set-Cookie: webvpnx= Set-Cookie: webvpnaac=1; path=/; secure X-Transcend-Version: 1 HTTP body chunked (-2) TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK ... X-DTLS-Rekey-Time: 3600 X-CSTP-MTU: 1355 X-DTLS-CipherSuite: AES256-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-TCP-Keepalive: true CSTP connected. DPD 30, Keepalive 20 DTLS option X-DTLS-Session-ID : 245CBA11166427EAB403833741BFF884BC02781F1B4BBE384408843CD1BDD914 DTLS option X-DTLS-Port : 443 DTLS option X-DTLS-Keepalive : 20 DTLS option X-DTLS-DPD : 30 DTLS option X-DTLS-Rekey-Time : 3600 DTLS option X-DTLS-CipherSuite : AES256-SHA DTLS connected. DPD 30, Keepalive 20 Connected tun0 as [], using SSL -------------------------------------------------------------------------- Then, it's pretty much identical chatter for the rekey. This is running the patch from your previous mail, so it didn't crash. -------------------------------------------------------------------------- DTLS rekey due SSL negotiation with [] Matched DNS altname '[]' Connected to HTTPS on [] TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 ... X-CSTP-Keep: true X-CSTP-Rekey-Time: 3600 X-CSTP-Rekey-Method: new-tunnel X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: 25030952259265BACC034C81E78C596268E4C09863D72B9070617F96D5905796 X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-DTLS-Rekey-Time: 3600 X-CSTP-MTU: 1355 X-DTLS-CipherSuite: AES256-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-TCP-Keepalive: true CSTP connected. DPD 30, Keepalive 20 No work to do; sleeping for 20000 ms... No work to do; sleeping for 20000 ms... Established DTLS connection (using OpenSSL) --------------------------------------------------------------------------
