On Wed, 2014-03-12 at 18:07 +0200, Kaloyan Dimitrov wrote: > Established DTLS connection (using GnuTLS) > > CSTP Dead Peer Detection detected dead peer! > > Please advise why is this happening. This could be a routing issue. Obviously if we set up a default route that points to the VPN, we have to have a route to the *gateway* that still goes via the physical network. When we get that wrong, so packets for the VPN server are handed to openconnect and then send out again as a packet for the VPN server... it doesn't really work very well. You said that 5.01 worked and 5.03 did not. Did anything *else* change? Like your vpnc-script, for example? If not, it shouldn't be that hard to track it down. We could use 'git bisect' to narrow in on the offending commit. There weren't many commits between 5.01 and 5.03 in fact, and my first suspect would be this one: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/1fe3f43f What is the value of the $VPNGATEWAY environment variable, when you connect with 5.01 and with 5.03? -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140312/ade39179/attachment-0001.bin>
