I noticed that openconnect will block at "SSL negotiation with ...", when the peer would change its IP (it uses dyndns). From a quick glimpse it seems that there is no timeout enforced in the gnutls handshake, and that's what the attached patch does. regards, Nikos -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Added-a-default-timeout-value-in-CSTP-handshake-usin.patch Type: text/x-patch Size: 871 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140724/8fd3a7cb/attachment.bin>