On Thu, Apr 17, 2014 at 2:29 PM, John Hendy <jw.hendy at gmail.com> wrote: > I finally got openconnect to work with my company's Cisco VPN system > via some various help from the web and a co-worker on setting up a > csd-wrapper. However, I'm getting constant disconnection/reconnection > behaviors. Here's the output from my recent session: > - http://pastebin.com/wyHTzjwR > > That error is generated every few seconds. One internal site seems to > go on operating reasonably fine (though very slow), while my company > mail client (browser-based) won't send any emails and requests > frequent re-authentication. > > Here's the ~/.cisco/csd-wrapper.sh script used: I would not expect the CSD wrapper to interfere with a connection that has already been established. It should be a one-shot deal, pre-logon. Can you confirm that cstub isn't running in the background while the connection is up? > Is this the case of a simple openconnect argument I'm not using/need > to specify or something else? Consider me completely ignorant with > respect to network/tunneling/etc., but I'm happy to collect any other > information suggested and post back. This is what seemed obvious to > start with, and I couldn't find any hits for the exact error I'm > getting. In fact, searching google for the exact phrase "SSL read > error: The TLS connection was non-properly terminated" only gets me > the pastebin I just posted. > > Is this an error message specific to my company, or should these > messages be standard across all of them? The error corresponds to GNUTLS_E_PREMATURE_TERMINATION I think this means that we were expecting to read a TLS record, but the connection was unexpectedly closed. You could check this with tcpdump/wireshark and see if there is a TCP RST originating from the other side. What versions of openconnect and GnuTLS are you running? Have you tried upgrading?
