Problems maintaining openconnect VPN ... looks like MTU issue

James Bottomley James.Bottomley at HansenPartnership.com
Thu May 9 13:17:49 EDT 2013 

On Wed, 2013-05-08 at 07:24 +0100, David Woodhouse wrote:
> On Tue, 2013-05-07 at 16:55 -0700, James Bottomley wrote:
> > 2013-05-07T16:06:20.168218-07:00 dabdike openconnect[31278]: SSL wrote too few bytes! Asked for 654, sent 0
> > 2013-05-07T16:06:20.171367-07:00 dabdike openconnect[31278]: Send BYE packet: Internal error
> > 2013-05-07T16:06:20.172621-07:00 dabdike openconnect[31278]: SSL_write failed: 1
> 
> That looks like the one I fixed in commit fddb099d?

Um, yes.  openSUSE has a really old version of openconnect (3.99) after
redoing OBS to build me 4.08, the problem goes away.

> > The DTLS handshake failed looks like a red herring because that fills my
> > logs even if the connection is successful:
> 
> What version of OpenSSL (or GnuTLS) are you using for DTLS support? Some
> recent versions of OpenSSL are known to be broken. If you build against
> GnuTLS new enough to have Cisco DTLS support, that's best.

jejb at dabdike> ldd /usr/sbin/openconnect 
        linux-vdso.so.1 (0x00007fff23bb2000)
        libopenconnect.so.2 => /usr/lib64/libopenconnect.so.2
(0x00007f610fa22000)
        libssl.so.1.0.0 => /lib64/libssl.so.1.0.0 (0x00007f610f7b8000)
        libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0
(0x00007f610f3e5000)
        libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007f610f07e000)
        libproxy.so.1 => /usr/lib64/libproxy.so.1 (0x00007f610ee5b000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f610ec45000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f610e898000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f610e694000)
        liblzma.so.5 => /usr/lib64/liblzma.so.5 (0x00007f610e46e000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f610e170000)
        libmodman.so.1 => /usr/lib64/libmodman.so.1 (0x00007f610df67000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f610dd4b000)
        libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007f610da45000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f610d82f000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f610fc33000)
jejb at dabdike> rpm -qf /lib64/libssl.so.1.0.0
libopenssl1_0_0-1.0.1e-1.1.1.x86_64

James

More information about the openconnect-devel mailing list