Losing connection with Unknown DTLS packet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 28, 2016 at 10:47 AM, Stuart Luppescu <slu at ccsr.uchicago.edu> wrote:
> On Sat, 2016-11-26 at 12:23 -0500, Daniel Lenski wrote:
>> Can you run as openconnect -vvvvv to show maximal verbosity of
>> debugging output? Does the more verbose output give additional
>> information about what's going wrong?
>
> I tried this and got a 56MB file with 1325033 lines. I grep'ed for
> error but nothing came up. I don't know what to search for in that big
> file. However, at the console I got these messages:

Search for the original errors in the more verbose output ("Unknown
DTLS packet").

Does the more verbose output show additional pertinent information
*around* these errors?

>
>  CSTP Dead Peer Detection detected dead peer!
> Failed to reconnect to host cvpn.uchicago.edu: No route to host
> DTLS got write error: Error in the push function.. Falling back to SSL
> DTLS handshake failed: Resource temporarily unavailable, try again.
> CSTP Dead Peer Detection detected dead peer!
> Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> Reconnect failed
> RTNETLINK answers: No such process
> Unknown error; exiting.

These errors are indicating that OC can't connect to the HTTPS side of
the VPN (port 443). What does the log show *before* these errors?

Your previous errors suggest a different problem, something specific
to the DTLS tunnel, not the HTTPS tunnel.

If you run with `openconnect --no-dtls` do you get a stable connection?

This prevents OC from using the better-performing DTLS tunnel, and
forces it to only use the HTTPS tunnel, which is usually "less
broken."

-Dan



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux