Losing connection with Unknown DTLS packet

Daniel Lenski dlenski at gmail.com
Sat Nov 26 09:23:09 PST 2016 

On Nov 23, 2016 1:01 PM, "Stuart Luppescu" <slu at ccsr.uchicago.edu> wrote:
>
> Hello all, Recently I've been losing my VPN connection with many
> messages like this in the console:
>
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type f6, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type 76, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type f6, len 1
> Unknown DTLS packet type 76, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type 0b, len 1
>
> I'm running openconnect 7.07 on a Gentoo Linux system.
>
> Any idea how to fix this?

Can you run as openconnect -vvvvv to show maximal verbosity of
debugging output? Does the more verbose output give additional
information about what's going wrong?

The source code of dtls.c suggests that the bad packets may be due to
bugs in particular versions of OpenSSL. It looks like the default
Gentoo packages build with GnuTLS instead, however
(https://packages.gentoo.org/packages/net-misc/openconnect).

                default:
                        vpn_progress(vpninfo, PRG_ERR,
                                     _("Unknown DTLS packet type %02x,
len %d\n"),
                                     buf[0], len);
                        if (1) {
                                /* Some versions of OpenSSL have bugs
with receiving out-of-order
                                 * packets. Not only do they wrongly
decide to drop packets if
                                 * two packets get swapped in transit,
but they also _fail_ to
                                 * drop the packet in non-blocking
mode; instead they return
                                 * the appropriate length of garbage.
So don't abort... for now. */
                                break;
                        } else {
                        unknown_pkt:
                                vpninfo->quit_reason = "Unknown packet
received";
                                return 1;
                        }


Dan

On Wed, Nov 23, 2016 at 1:00 PM, Stuart Luppescu <slu at ccsr.uchicago.edu> wrote:
> Hello all, Recently I've been losing my VPN connection with many
> messages like this in the console:
>
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type f6, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type 76, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type f6, len 1
> Unknown DTLS packet type 76, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type 0b, len 1
> Unknown DTLS packet type 0b, len 1
>
> I'm running openconnect 7.07 on a Gentoo Linux system.
>
> Any idea how to fix this?
> --
> Stuart Luppescu
> Chief Psychometrician (ret.)
> UChicago Consortium on School Research
> http://consortium.uchicago.edu
>
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel

More information about the openconnect-devel mailing list