openconnect 5.01 does not seem to honor X-DTLS-MTU

Andreas Steffan a.steffan at contentreich.de
Tue Oct 22 03:46:48 EDT 2013 

Running openconnect 5.01 (on ubuntu 13.10) it seems X-DTLS-MTU is
ingnored (log attached below). In fact, openconnect has stopped working
for me since ubuntu 13.04. The actual observation what upstream traffic
effectively stalling.

Yesterday, i figured out that explicitely setting the base-mtu using the
commandline gets around the problem.

best regards
Andreas

-- 
Andreas Steffan

Achter Billing 14
22399 Hamburg
Germany

skype: contentreich
M: +49 1793903615
T: +49 40 23943542
F: +49 40 23943542

http://www.contentreich.de

Contentreich : Alfresco WCM / ECM, JEE, Grails

-------------- next part --------------
POST https://vpn.somedomain.com/
Attempting to connect to server 82.144.58.90:443
SSL negotiation with vpn.somedomain.com
Connected to HTTPS on vpn.somedomain.com
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 22 Oct 2013 07:23:21 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://vpn.somedomain.com/
SSL negotiation with vpn.somedomain.com
Connected to HTTPS on vpn.somedomain.com
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 22 Oct 2013 07:23:21 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://vpn.somedomain.com/+webvpn+/index.html
SSL negotiation with vpn.somedomain.com
Connected to HTTPS on vpn.somedomain.com
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
POST https://vpn.somedomain.com/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn=<elided>; path=/; secure
Set-Cookie: webvpnc=...
Set-Cookie: webvpnx=
Set-Cookie: webvpnaac=1; path=/; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
TCP_INFO rcv mss 1380, snd mss 1380, adv mss 1460, pmtu 1500
Got CONNECT response: HTTP/1.1 200 OK
X-CSTP-Version: 1
X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.
X-CSTP-Address: 192.168.16.23
X-CSTP-Netmask: 255.255.255.0
X-CSTP-DNS: 192.168.0.204
X-CSTP-DNS: 192.168.1.204
X-CSTP-NBNS: 192.168.0.204
X-CSTP-NBNS: 192.168.1.204
X-CSTP-Lease-Duration: 1209600
X-CSTP-Session-Timeout: none
X-CSTP-Idle-Timeout: 1800
X-CSTP-Disconnected-Timeout: 1800
X-CSTP-Default-Domain: bph.de
X-CSTP-Keep: true
X-CSTP-Tunnel-All-DNS: false
X-CSTP-DPD: 30
X-CSTP-Keepalive: 20
X-CSTP-MSIE-Proxy-Lockdown: true
X-CSTP-Smartcard-Removal-Disconnect: true
X-DTLS-Session-ID: 5396775833383E639A33890C3C2CAB3EEEB72BC8091C7C0292B46E1E44169D76
X-DTLS-Port: 443
X-DTLS-Keepalive: 20
X-DTLS-DPD: 30
X-CSTP-MTU: 1347
X-DTLS-MTU: 1418
X-DTLS-CipherSuite: AES128-SHA
X-CSTP-Routing-Filtering-Ignore: false
X-CSTP-Quarantine: false
X-CSTP-Disable-Always-On-VPN: false
X-CSTP-TCP-Keepalive: true
CSTP connected. DPD 30, Keepalive 20

More information about the openconnect-devel mailing list