Losing connection with Unknown DTLS packet
Stuart Luppescu
slu at ccsr.uchicago.edu
Mon Nov 28 12:12:20 PST 2016
On Mon, 2016-11-28 at 11:59 -0800, Daniel Lenski wrote:
> Search for the original errors in the more verbose output ("Unknown
> DTLS packet").
>
> Does the more verbose output show additional pertinent information
> *around* these errors?
Didn't find any lines with Unknown DTLS packet.
> > CSTP Dead Peer Detection detected dead peer!
> > Failed to reconnect to host cvpn.uchicago.edu: No route to host
> > DTLS got write error: Error in the push function.. Falling back to
> SSL
> > DTLS handshake failed: Resource temporarily unavailable, try again.
> > CSTP Dead Peer Detection detected dead peer!
> > Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> > Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> > Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> > Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> > Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> > Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> > Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> > Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> > Failed to reconnect to host cvpn.uchicago.edu: Connection timed out
> > Reconnect failed
> > RTNETLINK answers: No such process
> > Unknown error; exiting.
>
> These errors are indicating that OC can't connect to the HTTPS side
> of
> the VPN (port 443). What does the log show *before* these errors?
>
> Your previous errors suggest a different problem, something specific
> to the DTLS tunnel, not the HTTPS tunnel.
>
> If you run with `openconnect --no-dtls` do you get a stable
> connection?
>
> This prevents OC from using the better-performing DTLS tunnel, and
> forces it to only use the HTTPS tunnel, which is usually "less
> broken."
OK, I'll try this, but does "better-performing" mean that if I use the
HTTPS tunnel, the connection will be even slower? It's *really* slow as
it is now.
Thanks for all your help, Daniel!
--
Stuart Luppescu
Chief Psychometrician (ret.)
UChicago Consortium on School Research
http://consortium.uchicago.edu
More information about the openconnect-devel
mailing list