Hi Dan, Thanks for responding! On Wed, Oct 23, 2019 at 8:32 PM Daniel Lenski <dlenski@xxxxxxxxx> wrote: > > Are you saying that during the intervening ~300s, you can't access > *anything* on the network? Can't even ping the DNS servers, or get > packets back from them (e.g. `dig @10.90.110.51 @10.90.110.52 > some.server.noaa.gov`) > That is correct. I cannot get ping responses from anything either on my office network or the Internet, including the IP addresses you mentioned. > Questions: > - What additional details do you get if you run with `-vvv --dump`? > (much more verbose logging) I won't overwhelm the mailing list with the full contents of the file, but here is a snippet that may be helpful: Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc. X-CSTP-Address: 192.168.56.227 X-CSTP-Netmask: 255.255.255.0 X-CSTP-Hostname: NCOFW2.ncep.noaa.gov X-CSTP-DNS: 10.90.110.51 X-CSTP-DNS: 10.90.110.52 X-CSTP-Lease-Duration: 1209600 X-CSTP-Session-Timeout: none X-CSTP-Session-Timeout-Alert-Interval: 60 X-CSTP-Session-Timeout-Remaining: none X-CSTP-Idle-Timeout: 1800 X-CSTP-Disconnected-Timeout: 1800 X-CSTP-Default-Domain: ncepad.noaa.gov X-CSTP-Keep: true X-CSTP-Tunnel-All-DNS: false X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: false X-DTLS-Session-ID: <REMOVED> X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-CSTP-MTU: 1395 X-DTLS-MTU: 1406 X-DTLS-CipherSuite: DHE-RSA-AES256-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-Client-Bypass-Protocol: false X-CSTP-TCP-Keepalive: true CSTP connected. DPD 30, Keepalive 20 CSTP Ciphersuite: (TLS1.2)-(DHE-RSA-1024)-(AES-256-CBC)-(SHA1) DTLS option X-DTLS-Session-ID : <REMOVED> DTLS option X-DTLS-Port : 443 DTLS option X-DTLS-Keepalive : 20 DTLS option X-DTLS-DPD : 30 DTLS option X-DTLS-MTU : 1406 DTLS option X-DTLS-CipherSuite : DHE-RSA-AES256-SHA DTLS initialised. DPD 30, Keepalive 20 Connected as 192.168.56.227, using SSL No work to do; sleeping for 1000 ms... No work to do; sleeping for 1000 ms... Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-RSA-<REMOVED>)-(AES-256-CBC)-(SHA1). Initiating IPv4 MTU detection (min=703, max=1406) Sending MTU DPD probe (1406 bytes, min=703, max=1406) Received MTU DPD probe (1407 bytes of 1406) No change in MTU after detection (was 1406) No work to do; sleeping for 1000 ms... Sent DTLS packet of 76 bytes; DTLS send returned 77 Sent DTLS packet of 60 bytes; DTLS send returned 61 Sent DTLS packet of 169 bytes; DTLS send returned 170 Sent DTLS packet of 153 bytes; DTLS send returned 154 Sent DTLS packet of 249 bytes; DTLS send returned 250 Sent DTLS packet of 233 bytes; DTLS send returned 234 Sent DTLS packet of 329 bytes; DTLS send returned 330 Sent DTLS packet of 313 bytes; DTLS send returned 314 Sent DTLS packet of 409 bytes; DTLS send returned 410 Sent DTLS packet of 393 bytes; DTLS send returned 394 Sent DTLS packet of 489 bytes; DTLS send returned 490 Sent DTLS packet of 473 bytes; DTLS send returned 474 Sent DTLS packet of 569 bytes; DTLS send returned 570 Sent DTLS packet of 553 bytes; DTLS send returned 554 Sent DTLS packet of 649 bytes; DTLS send returned 650 Sent DTLS packet of 633 bytes; DTLS send returned 634 Sent DTLS packet of 729 bytes; DTLS send returned 730 Sent DTLS packet of 713 bytes; DTLS send returned 714 Sent DTLS packet of 809 bytes; DTLS send returned 810 Sent DTLS packet of 793 bytes; DTLS send returned 794 Sent DTLS packet of 889 bytes; DTLS send returned 890 Sent DTLS packet of 873 bytes; DTLS send returned 874 Sent DTLS packet of 969 bytes; DTLS send returned 970 Sent DTLS packet of 953 bytes; DTLS send returned 954 Sent DTLS packet of 1049 bytes; DTLS send returned 1050 Sent DTLS packet of 1033 bytes; DTLS send returned 1034 Sent DTLS packet of 1129 bytes; DTLS send returned 1130 Sent DTLS packet of 1113 bytes; DTLS send returned 1114 Sent DTLS packet of 1209 bytes; DTLS send returned 1210 Sent DTLS packet of 1193 bytes; DTLS send returned 1194 Sent DTLS packet of 1289 bytes; DTLS send returned 1290 Sent DTLS packet of 1273 bytes; DTLS send returned 1274 Sent DTLS packet of 1369 bytes; DTLS send returned 1370 Sent DTLS packet of 1353 bytes; DTLS send returned 1354 Sent DTLS packet of 1404 bytes; DTLS send returned 1405 Sent DTLS packet of 65 bytes; DTLS send returned 66 Sent DTLS packet of 1404 bytes; DTLS send returned 1405 Sent DTLS packet of 49 bytes; DTLS send returned 50 Sent DTLS packet of 1404 bytes; DTLS send returned 1405 Sent DTLS packet of 113 bytes; DTLS send returned 114 Sent DTLS packet of 153 bytes; DTLS send returned 154 Sent DTLS packet of 1404 bytes; DTLS send returned 1405 Sent DTLS packet of 113 bytes; DTLS send returned 114 Sent DTLS packet of 137 bytes; DTLS send returned 138 Sent DTLS packet of 1404 bytes; DTLS send returned 1405 Sent DTLS packet of 113 bytes; DTLS send returned 114 Sent DTLS packet of 201 bytes; DTLS send returned 202 Sent DTLS packet of 233 bytes; DTLS send returned 234 Sent DTLS packet of 1404 bytes; DTLS send returned 1405 Sent DTLS packet of 113 bytes; DTLS send returned 114 Sent DTLS packet of 201 bytes; DTLS send returned 202 Sent DTLS packet of 217 bytes; DTLS send returned 218 Sent DTLS packet of 1404 bytes; DTLS send returned 1405 Sent DTLS packet of 113 bytes; DTLS send returned 114 Sent DTLS packet of 201 bytes; DTLS send returned 202 Sent DTLS packet of 281 bytes; DTLS send returned 282 Sent DTLS packet of 313 bytes; DTLS send returned 314 Sent DTLS packet of 1404 bytes; DTLS send returned 1405 Sent DTLS packet of 113 bytes; DTLS send returned 114 Sent DTLS packet of 201 bytes; DTLS send returned 202 Sent DTLS packet of 281 bytes; DTLS send returned 282 Sent DTLS packet of 297 bytes; DTLS send returned 298 No work to do; sleeping for 19000 ms... ... and so on, finally settling into a repeating pattern of: Sent DTLS packet of 1404 bytes; DTLS send returned 1405 Sent DTLS packet of 113 bytes; DTLS send returned 114 Sent DTLS packet of 201 bytes; DTLS send returned 202 Sent DTLS packet of 281 bytes; DTLS send returned 282 Sent DTLS packet of 361 bytes; DTLS send returned 362 Sent DTLS packet of 441 bytes; DTLS send returned 442 Sent DTLS packet of 521 bytes; DTLS send returned 522 Sent DTLS packet of 601 bytes; DTLS send returned 602 Sent DTLS packet of 681 bytes; DTLS send returned 682 Sent DTLS packet of 761 bytes; DTLS send returned 762 No work to do; sleeping for 15000 ms... ... before starting the sleeps and timeouts. > - Does --no-dtls make any difference? It does not seem to make any difference. > - Have you tried building OpenConnect v8.05 from source? MTU detection > is significantly improved, and this may make a difference. I tried building OpenConnect from a zipped tarball on the FTP site, but I got errors from make that there was no intall targets. Can you recommend a good step-by-step install guide? And based on the logging info above, do you still think the newer version may be helpful? All the best, Adam _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
