Hi. I've compiled the latest version from git and was finally able to connect, but I'm having problems that look related to MTU. A http connection seems to work, but ping with -s > 1394 fails with a message to the console "Received ESP packet with invalid HMAC". The rdp connection that I'm really after fails and Wireshark claims malformed packets. I'm all out of ideas at this point, so I'm grateful for any help. Here are the details. ( there?s more where these come from! ) With -v -v it looks like this ping -c1 -W 2 -s 1395 host.tld No work to do; sleeping for 15000 ms... Sent ESP packet of 1444 bytes Sent ESP packet of 100 bytes No work to do; sleeping for 15000 ms... Received ESP packet of 1460 bytes Received ESP packet with invalid HMAC No work to do; sleeping for 15000 ms... ping -c1 -W 2 -s 1394 host.tld No work to do; sleeping for 15000 ms... Sent ESP packet of 1444 bytes Sent ESP packet of 84 bytes No work to do; sleeping for 15000 ms... Received ESP packet of 1460 bytes No work to do; sleeping for 15000 ms... I presume the error message originates here: https://github.com/nmav/openconnect-mine/blob/master/gnutls-esp.c#L153 The mtu on tun0 is 1400 and --mtu 1200 did nothing to change that. I'm on Ubuntu 14.04.5 LTS openconnect is v7.07-187-gb8d3971 Using OpenSSL. Features present: TPM (OpenSSL ENGINE not present), HOTP software token, TOTP software token, DTLS ./configure --with-vpnc-script=/usr/share/vpnc-scripts/vpnc-script --without-gnutls with or without --without-gnutls seems to make no difference BUILD OPTIONS: SSL library: OpenSSL PKCS#11 support: no DTLS support: yes ESP support: yes libproxy support: no RSA SecurID support: no PSKC OATH file support: no GSSAPI support: no Yubikey support: no LZ4 compression: no Java bindings: no Build docs: no Unit tests: no make check PASS: lzstest PASS: seqtest FAIL: bad_dtls_test That may be because I don't have everything mentioned in README.TESTS G.
