vpn connection hangs with openconnect version >v5.01 after a couple of seconds...
David Woodhouse
dwmw2 at infradead.org
Wed Mar 12 14:22:23 EDT 2014
On Wed, 2014-03-12 at 18:07 +0200, Kaloyan Dimitrov wrote:
> Established DTLS connection (using GnuTLS)
>
> CSTP Dead Peer Detection detected dead peer!
>
> Please advise why is this happening.
This could be a routing issue. Obviously if we set up a default route
that points to the VPN, we have to have a route to the *gateway* that
still goes via the physical network.
When we get that wrong, so packets for the VPN server are handed to
openconnect and then send out again as a packet for the VPN server... it
doesn't really work very well.
You said that 5.01 worked and 5.03 did not. Did anything *else* change?
Like your vpnc-script, for example?
If not, it shouldn't be that hard to track it down. We could use 'git
bisect' to narrow in on the offending commit. There weren't many commits
between 5.01 and 5.03 in fact, and my first suspect would be this one:
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/1fe3f43f
What is the value of the $VPNGATEWAY environment variable, when you
connect with 5.01 and with 5.03?
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140312/ade39179/attachment-0001.bin>
More information about the openconnect-devel
mailing list