On Wed, 2016-10-12 at 00:55 +0100, David Woodhouse wrote: > It shouldn't be. If you don't have a DTLS/ESP connection then we > won't > use it. We'll just pass data over the TCP connection instead. > > I don't quite know how --no-dtls could fix anything, if ping was > still > working. If there was *no* traffic in the failure case, perhaps... > but > not if it was only DNS that was broken. > I've been messing around with the client today and I think I screwed up the ping. The ping *does* die when I don't put the '--no-dtls'. So ignore that part. It was my mistake.? I've been trying the openconnect release in Fedora 24 and I also compiled openconnect from git. The issue seems to be that --no-dtls is required for the connection to continue to work. Without the --no-dtls, the VPN works for a minute or so and then traffic stops coming back.? Is this a bug or something I should expect when using openconnect with some combinations of VPN servers? ...Jeff
