On Thu, 2015-03-26 at 23:08 +0000, Olda Bartunek wrote: > David Woodhouse <dwmw2 <at> infradead.org> writes: > > > > > Hm. And with --no-dtls it works OK, I presume? > > > > This is verify_packet_seqno() in esp.c. Can you make it print the > > values of esp->seq_backlog and esp->seq so we can see what's > > happening? > > > > And try just making it return zero :) > > With --no-dtls this message about discarding disappear but still nothing > pass the tunnel (while on linux everything works ok even without --no-dtls) With -v -v do you see traffic in either direction? Is vpnc-script-win actually doing the right thing? > Is there a way how to get debug output or I need to touch esp.c? I ripped out all that debugging when I declared the sequence number checking to be working. You'll have to add it back. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150326/1c6b5e52/attachment-0001.bin>
