OpenConnect on Windows loses connection

Mike Lischke mike at lischke-online.de
Wed Jun 10 07:54:01 PDT 2015 

Hi,

>>> I got the list address from the infradead.org website and hope it's ok to post a question without being subscribed to the list.
>>> What I have: installed OpenConnect on a Win 8.1 machine (x64) and it's running fine. It even connects nicely to my company VPN network.
>>> The problem: access only lasts like 10 seconds. After that the clients still says it is connected (sending DTLS keep alive and getting a response), however I can no longer access anything outside my local LAN. Neither the company LAN nor any other internet site. Local LAN access is still working. The log doesn't contain any info in that time frame of about 10 secs (just the usualCSTP/DTLS keep alive/response messages). When I reconnect it works again for 10 secs and is dead after that.
>> 
>> Which windows client do you use and which version?
> 
> Sorry, should have been there right from the start. It's the freshly build openconnect 1.3 client from here: https://github.com/openconnect/openconnect-gui/releases.
> 
>> In any case you
>> should check your routing table (with route print) when everything
>> works and after 10 secs. It could be that you run something that
>> changes the routing table.
> 
> <snip> The TAP adapter used for the VPN says it is till connected, so that's probably why I have access (even though the GUI fails to reconnect as it doesn't reach the entry server). If I only knew what's going on there to reproduce it tomorrow :-D

Tomorrow has gone by a few weeks now :-), as for a while the connection was stable (maybe til a restart, I don't remember). However, now the behavior is consistently so that I can open a connection and it holds the connection (checked by a long running ping). However, as soon as I access anything in VPN it takes like 10secs and the connection is lost. Actually openconnect still thinks it is connected (tried both GUI + terminal). I cannot reach any server outside my LAN anymore (not even non-VPN ones, but that seems to be a DNS problem because access via IP works fine). Is there a log file I can check for more details?

I did that check with "route print" and there was no difference between the routing tables when the connection worked and after the ping started to fail. I had the suspicion McAfee FW/IPS could have to do with that, so I remove it from the box and restarted. Still, same behavior. On a Mac openconnect works just fine all day, so it must have to do with the Win binary.

Any more ideas?

Mike
-- 
www.soft-gems.net

More information about the openconnect-devel mailing list