On Sat, 2016-11-26 at 12:23 -0500, Daniel Lenski wrote: > Can you run as openconnect -vvvvv to show maximal verbosity of > debugging output? Does the more verbose output give additional > information about what's going wrong? I tried this and got a 56MB file with 1325033 lines. I grep'ed for error but nothing came up. I don't know what to search for in that big file. However, at the console I got these messages: ?CSTP Dead Peer Detection detected dead peer! Failed to reconnect to host cvpn.uchicago.edu: No route to host DTLS got write error: Error in the push function.. Falling back to SSL DTLS handshake failed: Resource temporarily unavailable, try again. CSTP Dead Peer Detection detected dead peer! Failed to reconnect to host cvpn.uchicago.edu: Connection timed out Failed to reconnect to host cvpn.uchicago.edu: Connection timed out Failed to reconnect to host cvpn.uchicago.edu: Connection timed out Failed to reconnect to host cvpn.uchicago.edu: Connection timed out Failed to reconnect to host cvpn.uchicago.edu: Connection timed out Failed to reconnect to host cvpn.uchicago.edu: Connection timed out Failed to reconnect to host cvpn.uchicago.edu: Connection timed out Failed to reconnect to host cvpn.uchicago.edu: Connection timed out Failed to reconnect to host cvpn.uchicago.edu: Connection timed out Reconnect failed RTNETLINK answers: No such process Unknown error; exiting. > The source code of dtls.c suggests that the bad packets may be due to > bugs in particular versions of OpenSSL. It looks like the default > Gentoo packages build with GnuTLS instead, however Yes, this is built with gnutls. There is that message above that DTLS failed and tried to fall back to SSL. Is that an issue? -- Stuart Luppescu Chief Psychometrician (ret.) UChicago Consortium on School Research http://consortium.uchicago.edu