oscserv error: "could not determine the owner of received UDP packet"

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Nov 15 03:26:06 PST 2014


On Sat, 2014-11-15 at 10:04 +0000, David Woodhouse wrote:
> > So the issue is to figure who is sending the UDP packets without an
> > associated TCP session.
> 
> 
> If a client is afflicted by NAT, especially CG-NAT, it's possible that
> separate connections may appear to come from *different* IP addresses.
> Some NAT setups have a *pool* of public-facing addresses.

clients behind these nat types will have no issue as long as the nat
keeps the UDP association. If it is lost there is nothing in the
received packets that could allow ocserv to reassociate the session with
the correct server. The recovery of such clients would depend on the
timeout of openconnect client (after which a new DTLS session will be
established).

regards,
Nikos





More information about the openconnect-devel mailing list