On Wed, Sep 27, 2017 at 11:41 PM, Abdulla Bubshait <darkstego at gmail.com> wrote: > > I have been trying to connect to my office Cisco 800 router using openconnect. > While a VPN connection can be made it doesn't use UDP, but fallbacks to TCP/SSL. > > I can connect with DTLS using the anyconnect phone app. So I know the > server supports it. > I just can't seem to figure out why openconnect falls back to SSL. > Here is the part with log > > Got CONNECT response: HTTP/1.1 200 OK > X-CSTP-Version: 1 > X-CSTP-Address: 10.200.200.190 > X-CSTP-Netmask: 255.255.255.0 > X-CSTP-Keep: true > X-CSTP-DNS: 10.200.200.11 > X-CSTP-Lease-Duration: 43200 > X-CSTP-MTU: 1406 > X-CSTP-Default-Domain: company.com > X-CSTP-Split-Include: 10.200.200.0/255.255.255.0 > X-CSTP-Split-Include: 10.200.0.0/255.255.0.0 > X-CSTP-Rekey-Time: 3600 > X-CSTP-Rekey-Method: new-tunnel > X-CSTP-DPD: 300 > X-CSTP-Disconnected-Timeout: 2100 > X-CSTP-Idle-Timeout: 2100 > X-CSTP-Session-Timeout: 0 > X-CSTP-Keepalive: 30 > CSTP connected. DPD 300, Keepalive 30 > CSTP Ciphersuite: (TLS1.0)-(RSA)-(AES-256-CBC)-(SHA1) > Set up DTLS failed; using SSL instead > Connected as 10.200.200.190, using SSL It appears from your log that the server is not sending any information to the client about how to connect with DTLS; there are no X-DTLS-* response headers. The log you sent only includes the headers in the *server response* to the CONNECT. Can you include more of the log, including the headers *sent by openconnect* along with the CONNECT request? -Dan
