[GIT PULL V4] JNI bindings for libopenconnect

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Mon Nov 4 10:38:50 EST 2013


On Sun, Nov 3, 2013 at 9:22 PM, Kevin Cernekee <cernekee at gmail.com> wrote:

> The modified ics-openvpn Android app has been tested on ARMv7, x86, and
> MIPS devices.  It is able to connect to ocserv and ping through the VPN on
> all architectures.

Thanks for the app it is really useful.

> I sometimes see intermittent errors logged on the ocserv side:
>     ocserv[25459]: [main] DTLS record version: 1.0
>     ocserv[25459]: [main] DTLS hello version: 220.94
>     ocserv[25459]: [main] unexpected DTLS content type: 23
>     ocserv[25459]: [main] could not determine the owner of received UDP packet

Do you have an idea of when this is received? Is it after a client has
terminated? In ocserv the main process receives the first DTLS packet
(client hello) and forwards it to the relevant process (in a complex
process - as connecting on UDP cannot be handled as nicely as TCP).
The error that you see means that the main process received a DTLS
packet that isn't a client hello (23 is application data), which was
probably intended to be delivered to a worker process.

Thus either you received a duplicate/delayed packet after a worker has
disconnected, or the UDP socket connection to a worker process was
lost for some reason and UDP packets are being forwarded to the main
process instead.

> It isn't clear whether these are related to my ocserv installation,

Is it ocserv 0.2.0?

regards,
Nikos



More information about the openconnect-devel mailing list