oscserv error: "could not determine the owner of received UDP packet"

İsmail Dönmez ismail at donmez.ws
Sat Nov 15 09:55:14 PST 2014 

Hi,

On Sat, Nov 15, 2014 at 5:19 PM, İsmail Dönmez <ismail at donmez.ws> wrote:
> Hi,
>
> On Sat, Nov 15, 2014 at 5:03 PM, Nikos Mavrogiannopoulos
> <nmav at gnutls.org> wrote:
>> An untested patch for openconnect follows. Would that Ismail fix the
>> issue you notice?
>
> Testing the patch now, but...
>
>> (in an unrelated issue for some reason DPD detection here didn't work
>> for DTLS which didn't try to reconnect - I don't know if Ismail has the
>> output of openconnect)
>
> I don't have the openconnect logs BUT it said DPD detected and
> reconnect, this is when the ocserv sets up the second connection and
> at this point everything goes berserk.

Patch didn't help, here is the openconnect(.git) logs:

POST https://i10z.com:1443/
                                                [37/37]
Attempting to connect to server 104.40.138.253:1443
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
XML POST enabled
Please enter your username
POST https://i10z.com:1443/auth
Please enter your password.
Password:
POST https://i10z.com:1443/auth
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
Connected tun1 as 10.10.0.121, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite
(DTLS1.2)-(RSA)-(AES-128-GCM).
CSTP Dead Peer Detection detected dead peer!
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
DTLS Dead Peer Detection detected dead peer!
Established DTLS connection (using GnuTLS). Ciphersuite
(DTLS1.2)-(RSA)-(AES-128-GCM).
CSTP Dead Peer Detection detected dead peer!
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
DTLS Dead Peer Detection detected dead peer!
DTLS handshake failed: Resource temporarily unavailable, try again.
Established DTLS connection (using GnuTLS). Ciphersuite
(DTLS1.2)-(RSA)-(AES-128-GCM).
CSTP Dead Peer Detection detected dead peer!
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
DTLS Dead Peer Detection detected dead peer!
Established DTLS connection (using GnuTLS). Ciphersuite
(DTLS1.2)-(RSA)-(AES-128-GCM).
CSTP Dead Peer Detection detected dead peer!
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
DTLS Dead Peer Detection detected dead peer!
DTLS handshake failed: Resource temporarily unavailable, try again.
Established DTLS connection (using GnuTLS). Ciphersuite
(DTLS1.2)-(RSA)-(AES-128-GCM).
CSTP Dead Peer Detection detected dead peer!
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
DTLS Dead Peer Detection detected dead peer!
Established DTLS connection (using GnuTLS). Ciphersuite
(DTLS1.2)-(RSA)-(AES-128-GCM).
CSTP Dead Peer Detection detected dead peer!
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
DTLS Dead Peer Detection detected dead peer!
DTLS handshake failed: Resource temporarily unavailable, try again.
Established DTLS connection (using GnuTLS). Ciphersuite
(DTLS1.2)-(RSA)-(AES-128-GCM).
CSTP Dead Peer Detection detected dead peer!
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
DTLS Dead Peer Detection detected dead peer!
DTLS handshake failed: Resource temporarily unavailable, try again.
Established DTLS connection (using GnuTLS). Ciphersuite
(DTLS1.2)-(RSA)-(AES-128-GCM).
CSTP Dead Peer Detection detected dead peer!
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
DTLS Dead Peer Detection detected dead peer!
Established DTLS connection (using GnuTLS). Ciphersuite
(DTLS1.2)-(RSA)-(AES-128-GCM).
CSTP Dead Peer Detection detected dead peer!
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400

Even though log says connected, I don't have any internet connection.
Server is just printing this in a loop:

Nov 15 17:49:22 i10z ocserv[54495]: main: 212.156.31.134:28910[ismail]
received UDP connection too soon from 212.156.31.134:21539
Nov 15 17:49:22 i10z ocserv[54495]: main: new DTLS session from
212.156.31.134:21539 (record v254.253, hello v0.1)
Nov 15 17:49:22 i10z ocserv[54495]: main: 212.156.31.134:21539:
unexpected DTLS content type: 23; a firewall disassociated a UDP
session

More information about the openconnect-devel mailing list