openconnect client dtls handshake fail On Windows
Guang
lerntechnology at 163.com
Thu Oct 16 01:11:29 PDT 2014
Hi,
thanks a lot for your help.
>Why don't you use the gui directly?
The gui is not necessary for me ,I want to use the command line client .
>That's the error printed when DTLS handshake times out. You could debug
>it using wireshark or so. It could be a firewall dropping UDP packets.
I had used the wireshark On Windows to view the openconnect and the tshark on Linux to view the Ocserv-0.8.0 (and Ocserv-0.8.4) (using the gnutls-3.2.12) .
I find that the client can send the "DTLS Client Hello" to the server successfully and the ocserv can received it and send the " DTLS Server Hello" to the network interface.
But, the source IP of the "Server Hello" is not the same as the destination IP of the "Client Hello".
(My physical network interface on Linux had many IP ,the openconnect connect to one of them(not the main IP), but the server only use the main IP of the interface to response the "Client Hello" )
when I try to use the openconnect to connect to the main ip of the server interface ,the DTLS connection can be Established successfully!
so I think that maybe the ocserv can change something to use the IP same as the destination IP of the "Client Hello" to response.
regards,
Guang
More information about the openconnect-devel
mailing list