Hi, On Sat, Nov 15, 2014 at 5:19 PM, ?smail D?nmez <ismail at donmez.ws> wrote: > Hi, > > On Sat, Nov 15, 2014 at 5:03 PM, Nikos Mavrogiannopoulos > <nmav at gnutls.org> wrote: >> An untested patch for openconnect follows. Would that Ismail fix the >> issue you notice? > > Testing the patch now, but... > >> (in an unrelated issue for some reason DPD detection here didn't work >> for DTLS which didn't try to reconnect - I don't know if Ismail has the >> output of openconnect) > > I don't have the openconnect logs BUT it said DPD detected and > reconnect, this is when the ocserv sets up the second connection and > at this point everything goes berserk. Patch didn't help, here is the openconnect(.git) logs: POST https://i10z.com:1443/ [37/37] Attempting to connect to server 104.40.138.253:1443 SSL negotiation with i10z.com Connected to HTTPS on i10z.com XML POST enabled Please enter your username POST https://i10z.com:1443/auth Please enter your password. Password: POST https://i10z.com:1443/auth Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 Connected tun1 as 10.10.0.121, using SSL Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 DTLS Dead Peer Detection detected dead peer! Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 DTLS Dead Peer Detection detected dead peer! DTLS handshake failed: Resource temporarily unavailable, try again. Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 DTLS Dead Peer Detection detected dead peer! Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 DTLS Dead Peer Detection detected dead peer! DTLS handshake failed: Resource temporarily unavailable, try again. Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 DTLS Dead Peer Detection detected dead peer! Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 DTLS Dead Peer Detection detected dead peer! DTLS handshake failed: Resource temporarily unavailable, try again. Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 DTLS Dead Peer Detection detected dead peer! DTLS handshake failed: Resource temporarily unavailable, try again. Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 DTLS Dead Peer Detection detected dead peer! Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM). CSTP Dead Peer Detection detected dead peer! SSL negotiation with i10z.com Connected to HTTPS on i10z.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 440, Keepalive 32400 Even though log says connected, I don't have any internet connection. Server is just printing this in a loop: Nov 15 17:49:22 i10z ocserv[54495]: main: 212.156.31.134:28910[ismail] received UDP connection too soon from 212.156.31.134:21539 Nov 15 17:49:22 i10z ocserv[54495]: main: new DTLS session from 212.156.31.134:21539 (record v254.253, hello v0.1) Nov 15 17:49:22 i10z ocserv[54495]: main: 212.156.31.134:21539: unexpected DTLS content type: 23; a firewall disassociated a UDP session
