Random connectivity loss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm on Gentoo with OpenConnect 7.08 and GnuTLS 3.5.13.

When I connect to my company's VPN, it prompts me to enter my username and
password as well as an access token, which I receive via SMS. After
connecting, I'm able to access internal resources, but only for a limited
time. Usually the connection drops after a random amount of time, but there's
nothing in the output from openconnect that indicates so. I'm just unable to
access the internal resources anymore, so I have to reconnect. Sending a
SIGUSR2 signal to the process doesn't fix the issue, either. I have to kill
the process and enter my credentials again, which uses up another access
token.

I've asked the infrastructure team for support on this issue, but they don't
support Linux systems or anything other than Cisco AnyConnect, which works
fine but only on Mac or Windows systems.

I've tried enabling verbose output but haven't noticed anything useful. I've
also tried using the "--force-dpd" option with values from 2-10 but the result
is the same.

Here's a sample of the output from openconnect:

    POST https://vpn.mycompany.com/
    Attempting to connect to server 111.222.333.444:443
    Connected to 111.222.333.444:443
    SSL negotiation with vpn.mycompany.com
    Connected to HTTPS on vpn.mycompany.com
    Got HTTP response: HTTP/1.0 302 Object Moved
    Content-Type: text/html; charset=utf-8
    Content-Length: 0
    Cache-Control: no-cache
    Pragma: no-cache
    Connection: Close
    Date: Tue, 25 Jul 2017 18:20:15 GMT
    X-Frame-Options: SAMEORIGIN
    Location: /+webvpn+/index.html
    Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
    HTTP body length:  (0)
    GET https://vpn.mycompany.com/
    Attempting to connect to server 111.222.333.444:443
    Connected to 111.222.333.444:443
    SSL negotiation with vpn.mycompany.com
    Connected to HTTPS on vpn.mycompany.com
    Got HTTP response: HTTP/1.0 302 Object Moved
    Content-Type: text/html; charset=utf-8
    Content-Length: 0
    Cache-Control: no-cache
    Pragma: no-cache
    Connection: Close
    Date: Tue, 25 Jul 2017 18:20:15 GMT
    X-Frame-Options: SAMEORIGIN
    Location: /+webvpn+/index.html
    Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
    HTTP body length:  (0)
    GET https://vpn.mycompany.com/+webvpn+/index.html
    SSL negotiation with vpn.mycompany.com
    Connected to HTTPS on vpn.mycompany.com
    Got HTTP response: HTTP/1.1 200 OK
    Transfer-Encoding: chunked
    Content-Type: text/xml
    Cache-Control: max-age=0
    Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
    Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
    Set-Cookie: webvpnlogin=1; secure
    X-Transcend-Version: 1
    HTTP body chunked (-2)
    Please enter your username and password.
    Username:Password:
    Password:
    POST https://vpn.mycompany.com/+webvpn+/index.html
    Got HTTP response: HTTP/1.1 200 OK
    Transfer-Encoding: chunked
    Content-Type: text/xml
    Cache-Control: max-age=0
    Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
    Set-Cookie: webvpn=<elided>; path=/; secure
    Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:ABCDEFGHIJLKMNOPQRSTUVWXYZ1234567890&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2Freconnect.xml&fh:ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890; path=/; secure
    Set-Cookie: webvpnx=
    Set-Cookie: webvpnaac=1; path=/; secure
    X-Transcend-Version: 1
    HTTP body chunked (-2)
    TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500
    Got CONNECT response: HTTP/1.1 200 OK
    X-CSTP-Version: 1
    X-CSTP-Address: 10.2.229.236
    X-CSTP-Netmask: 255.255.255.0
    X-CSTP-DNS: 10.24.50.10
    X-CSTP-DNS: 10.2.110.10
    X-CSTP-NBNS: 10.1.110.10
    X-CSTP-NBNS: 10.2.110.10
    X-CSTP-Lease-Duration: 86400
    X-CSTP-Session-Timeout: 86400
    X-CSTP-Idle-Timeout: 7200
    X-CSTP-Disconnected-Timeout: 7200
    X-CSTP-Default-Domain: mycompany.ad
    X-CSTP-Split-Include: 10.4.1.0/255.255.255.0
    X-CSTP-Split-Include: 10.5.0.0/255.255.0.0
    X-CSTP-Split-Include: 10.6.0.0/255.255.0.0
    X-CSTP-Split-Include: 10.7.1.0/255.255.255.0
    X-CSTP-Split-Include: ...
    X-CSTP-Keep: true
    X-CSTP-Tunnel-All-DNS: false
    X-CSTP-DPD: 30
    X-CSTP-Keepalive: 20
    X-CSTP-MSIE-Proxy-Lockdown: true
    X-CSTP-Smartcard-Removal-Disconnect: true
    X-DTLS-Session-ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
    X-DTLS-Port: 443
    X-DTLS-Keepalive: 20
    X-DTLS-DPD: 30
    X-CSTP-MTU: 1406
    X-DTLS-CipherSuite: DES-CBC3-SHA
    X-CSTP-Routing-Filtering-Ignore: false
    X-CSTP-Quarantine: false
    X-CSTP-Disable-Always-On-VPN: false
    X-CSTP-TCP-Keepalive: true
    CSTP connected. DPD 30, Keepalive 20
    CSTP Ciphersuite: (TLS1.0)-(RSA)-(3DES-CBC)-(SHA1)
    DTLS option X-DTLS-Session-ID : ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
    DTLS option X-DTLS-Port : 443
    DTLS option X-DTLS-Keepalive : 20
    DTLS option X-DTLS-DPD : 30
    DTLS option X-DTLS-CipherSuite : DES-CBC3-SHA
    DTLS initialised. DPD 30, Keepalive 20
    Connected as 10.2.229.236, using SSL
    No work to do; sleeping for 1000 ms...
    No work to do; sleeping for 1000 ms...
    Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(3DES-CBC)-(SHA1).
    Initiating IPv4 MTU detection (min=703, max=1406)
    Sending MTU DPD probe (1406 bytes, min=703, max=1406)
    Received MTU DPD probe (1407 bytes of 1406)
    No change in MTU after detection (was 1406)
    No work to do; sleeping for 1000 ms...
    Sent DTLS packet of 61 bytes; DTLS send returned 62
    Received DTLS packet 0x00 of 124 bytes
    Send CSTP Keepalive
    Send CSTP DPD
    Got CSTP DPD response
    Send DTLS Keepalive
    Send DTLS DPD
    Got DTLS DPD response
    ...
    Send BYE packet: Aborted by caller
    User canceled (SIGINT); exiting;

Lines 111-119 are repeated (in various order) until I kill the program because
I lost connectivity.




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux