<html><head></head><body bgcolor='#FFFFFF' style='font-size:12px;background-color:#FFFFFF;font-family:Verdana, Arial, sans-serif;'>Hi,<br/>my problem is that i am not getting internetconnection via openconnect v2.26. I am running a port on a Nokia N900 with Maemo.<br/>Until the beginning of April everything worked fine (no problem in connecting and getting a fast internet access, but then there was the "Dead Peer Detection detected dead peer" and this without any changes on the settings/configuration on my device.<br/><br/>Although i have reflashed two times and reinstalled the program, there were no changes in the upcoming of that error, which appears after approx. 60-70 seconds.<br/><br/>But this problem doesn't happen only on my device, there is also a guy which has got the same problems with his N900 and his laptop running linux on the Uni Magdeburg.<br/><br/>I wrote to my vpn's admins and they said that there haven't been made any changes to the whole network since April/May, i also asked as a reply on that email wether there have benn changes befor April, but still waiting for the answer. Of course they said the error must be related to my side, which is not that far off, because i haven't read about that error occuring in the last months.<br/><br/>Thanks for the help and sorry for the strange/bad english!<br/><br/>As asked on talk.maemo.org (<a href="http://talk.maemo.org/showthread.php">http://talk.maemo.org/showthread.php?t=39800&page=9</a>), here are the several outputs:<br/><br/>Nr. 1 - Openconnect<br/>Nokia-N900:~# openconnect --no-cert-check --authgroup=WLAN --user=user@uni-potsdam.de --script=/usr/share/openconnect/vpnc-script --verbose wlanvpn.uni-potsdam.de<br/>Attempting to connect to 172.16.3.251:443<br/>SSL negotiation with wlanvpn.uni-potsdam.de<br/>Server certificate verify failed: self signed certificate in certificate chain<br/>Connected to HTTPS on wlanvpn.uni-potsdam.de<br/>GET https://wlanvpn.uni-potsdam.de/<br/>Got HTTP response: HTTP/1.0 302 Object Moved<br/>Content-Type: text/html; charset=UTF-8<br/>Content-Length: 0<br/>Cache-Control: no-cache<br/>Pragma: no-cache<br/>Connection: Keep-Alive<br/>Date: Thu, 12 May 2011 14:44:52 GMT<br/>Location: /+webvpn+/index.html<br/>Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure<br/>HTTP body length: (0)<br/>SSL negotiation with wlanvpn.uni-potsdam.de<br/>Server certificate verify failed: self signed certificate in certificate chain<br/>Connected to HTTPS on wlanvpn.uni-potsdam.de<br/>GET https://wlanvpn.uni-potsdam.de/+webvpn+/index.html<br/>Got HTTP response: HTTP/1.1 200 OK<br/>Transfer-Encoding: chunked<br/>Content-Type: text/xml<br/>Cache-Control: max-age=0<br/>Set-Cookie: webvpn=<elided>; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure<br/>Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure<br/>Set-Cookie: webvpnlogin=1; secure<br/>X-Transcend-Version: 1<br/>HTTP body chunked (-2)<br/>Fixed options give<br/>Please enter your username and password.<br/>Password:<br/>POST https://wlanvpn.uni-potsdam.de/+webvpn+/index.html<br/>Got HTTP response: HTTP/1.1 200 OK<br/>Transfer-Encoding: chunked<br/>Content-Type: text/xml<br/>Cache-Control: max-age=0<br/>Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure<br/>Set-Cookie: webvpn=<elided>; path=/; secure<br/>Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:B551FD33CB3F3223E18C427CB8C5B9DE82B374BA&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest; path=/; secure<br/>X-Transcend-Version: 1<br/>HTTP body chunked (-2)<br/>Got CONNECT response: HTTP/1.1 200 OK<br/>X-CSTP-Version: 1<br/>X-CSTP-Address: 141.89.47.28<br/>X-CSTP-Netmask: 255.255.255.0<br/>X-CSTP-DNS: 141.89.65.1<br/>X-CSTP-NBNS: 141.89.64.56<br/>X-CSTP-Lease-Duration: 86400<br/>X-CSTP-Session-Timeout: 86400<br/>X-CSTP-Idle-Timeout: 1800<br/>X-CSTP-Disconnected-Timeout: 1800<br/>X-CSTP-Default-Domain: wlan.rz.uni-potsdam.de<br/>X-CSTP-Keep: true<br/>X-CSTP-Homepage: http://www.uni-potsdam.de<br/>X-CSTP-DPD: 30<br/>X-CSTP-Keepalive: 20<br/>X-CSTP-Smartcard-Removal-Disconnect: true<br/>X-DTLS-Session-ID: 7A9D2941CAD19E1260A57A9C1B726AF013C7D6712FD9E576372E0DE71162CCE4<br/>X-DTLS-Port: 443<br/>X-DTLS-Keepalive: 20<br/>X-DTLS-DPD: 30<br/>X-CSTP-MTU: 1406<br/>X-DTLS-CipherSuite: AES128-SHA<br/>X-CSTP-Routing-Filtering-Ignore: false<br/>CSTP connected. DPD 30, Keepalive 20<br/>DTLS option X-DTLS-Session-ID : 7A9D2941CAD19E1260A57A9C1B726AF013C7D6712FD9E576372E0DE71162CCE4<br/>DTLS option X-DTLS-Port : 443<br/>DTLS option X-DTLS-Keepalive : 20<br/>DTLS option X-DTLS-DPD : 30<br/>DTLS option X-DTLS-CipherSuite : AES128-SHA<br/>DTLS connected. DPD 30, Keepalive 20<br/>Connected tun0 as 141.89.47.28, using SSL<br/>No work to do; sleeping for 20000 ms...<br/>DTLS handshake timed out<br/>DTLS handshake failed: 2<br/>Send CSTP Keepalive<br/>No work to do; sleeping for 10000 ms...<br/>Send CSTP DPD<br/>No work to do; sleeping for 15000 ms...<br/>Send CSTP DPD<br/>No work to do; sleeping for 15000 ms...<br/>Send CSTP DPD<br/>No work to do; sleeping for 15000 ms...<br/>CSTP Dead Peer Detection detected dead peer!<br/>Failed to reconnect to host wlanvpn.uni-potsdam.de<br/>sleep 10s, remaining timeout 300s<br/>Failed to reconnect to host wlanvpn.uni-potsdam.de<br/>sleep 20s, remaining timeout 290s<br/>Failed to reconnect to host wlanvpn.uni-potsdam.de<br/>sleep 30s, remaining timeout 270s<br/>Failed to reconnect to host wlanvpn.uni-potsdam.de<br/>sleep 40s, remaining timeout 240s<br/>Failed to reconnect to host wlanvpn.uni-potsdam.de<br/>sleep 50s, remaining timeout 200s<br/>Failed to reconnect to host wlanvpn.uni-potsdam.de<br/>sleep 60s, remaining timeout 150s<br/><br/>Nr. 2 - sbin/route -n before the dead peer detection happens:<br/>/sbin/route -n<br/>Kernel IP routing table<br/>Destination Gateway Genmask Flags Metric Ref Use Iface<br/>172.16.3.251 172.16.3.254 255.255.255.255 UGH 0 0 0 wlan0<br/>141.89.46.0 141.89.46.106 255.255.255.0 UG 0 0 0 tun0<br/>172.16.0.0 0.0.0.0 255.255.252.0 U 0 0 0 wlan0<br/>0.0.0.0 141.89.46.106 0.0.0.0 UG 0 0 0 tun0<br/><br/>Nr. 3 - same command, bur after the dead peer has appeared in the log:<br/># /sbin/route -n<br/>Kernel IP routing table<br/>Destination Gateway Genmask Flags Metric Ref Use Iface<br/>172.16.3.251 172.16.3.254 255.255.255.255 UGH 0 0 0 wlan0<br/>141.89.47.0 141.89.47.28 255.255.255.0 UG 0 0 0 tun0<br/>172.16.0.0 0.0.0.0 255.255.252.0 U 0 0 0 wlan0<br/>0.0.0.0 141.89.47.28 0.0.0.0 UG 0 0 0 tun0<br/><br/>Nr. 4 - the output of tcpdump:<br/><br/>Nokia-N900:~# tcpdump port 443 host 141.89.47.28<br/>tcpdump: WARNING: can't create rx ring on packet socket 3: 92-Protocol not available<br/>tcpdump: WARNING: wmaster0: no IPv4 address assigned<br/>tcpdump: syntax error<br/>Nokia-N900:~# tcpdump port 443<br/>tcpdump: WARNING: can't create rx ring on packet socket 3: 92-Protocol not available<br/>tcpdump: WARNING: wmaster0: no IPv4 address assigned<br/>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br/>listening on wmaster0, link-type IEEE802_11 (802.11), capture size 96 bytes<br/>16:45:58.982879 IP 172.16.3.62.63876 > 172.16.3.251.https: Flags [.], ack 1107215628, win 24840, length 0<br/>16:45:59.005981 IP 172.16.3.62.63876 > 172.16.3.251.https: Flags [FP.], seq 0:99, ack 1, win 24840, length 99<br/>16:45:59.006927 IP 172.16.3.62.63877 > 172.16.3.251.https: Flags [S], seq 3859674604, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:46:02.037078 IP 172.16.3.62.63877 > 172.16.3.251.https: Flags [S], seq 3859674604, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:46:08.037017 IP 172.16.3.62.63877 > 172.16.3.251.https: Flags [S], seq 3859674604, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:46:15.247741 IP 172.16.3.62.63876 > 172.16.3.251.https: Flags [FP.], seq 4294967263:99, ack 1, win 24840, length 132<br/>16:46:20.036956 IP 172.16.3.62.63877 > 172.16.3.251.https: Flags [S], seq 3859674604, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:46:44.037078 IP 172.16.3.62.63877 > 172.16.3.251.https: Flags [S], seq 3859674604, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:47:32.038665 IP 172.16.3.62.63877 > 172.16.3.251.https: Flags [S], seq 3859674604, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:48:00.833739 IP 172.16.3.62.63876 > 172.16.3.251.https: Flags [R], seq 2815719230, win 0, length 0<br/>16:49:02.297363 IP 172.16.3.62.63876 > 172.16.3.251.https: Flags [R], seq 2815719230, win 0, length 0<br/>16:49:18.037017 IP 172.16.3.62.63494 > 172.16.3.251.https: Flags [S], seq 2685372660, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:49:21.023925 IP 172.16.3.62.63494 > 172.16.3.251.https: Flags [S], seq 2685372660, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:49:27.036864 IP 172.16.3.62.63494 > 172.16.3.251.https: Flags [S], seq 2685372660, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:49:39.037078 IP 172.16.3.62.63494 > 172.16.3.251.https: Flags [S], seq 2685372660, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:50:03.023895 IP 172.16.3.62.63494 > 172.16.3.251.https: Flags [S], seq 2685372660, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:50:51.084960 IP 172.16.3.62.63494 > 172.16.3.251.https: Flags [S], seq 2685372660, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:52:47.023925 IP 172.16.3.62.63382 > 172.16.3.251.https: Flags [S], seq 1676195636, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:52:50.023894 IP 172.16.3.62.63382 > 172.16.3.251.https: Flags [S], seq 1676195636, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:52:56.023925 IP 172.16.3.62.63382 > 172.16.3.251.https: Flags [S], seq 1676195636, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:53:08.023895 IP 172.16.3.62.63382 > 172.16.3.251.https: Flags [S], seq 1676195636, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:53:32.098937 IP 172.16.3.62.63382 > 172.16.3.251.https: Flags [S], seq 1676195636, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:54:20.023925 IP 172.16.3.62.63382 > 172.16.3.251.https: Flags [S], seq 1676195636, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:56:26.036956 IP 172.16.3.62.56083 > 172.16.3.251.https: Flags [S], seq 829076700, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:56:29.098937 IP 172.16.3.62.56083 > 172.16.3.251.https: Flags [S], seq 829076700, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:56:35.083862 IP 172.16.3.62.56083 > 172.16.3.251.https: Flags [S], seq 829076700, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:56:47.036956 IP 172.16.3.62.56083 > 172.16.3.251.https: Flags [S], seq 829076700, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:57:11.052673 IP 172.16.3.62.56083 > 172.16.3.251.https: Flags [S], seq 829076700, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>16:57:59.031738 IP 172.16.3.62.56083 > 172.16.3.251.https: Flags [S], seq 829076700, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:00:15.032806 IP 172.16.3.62.56087 > 172.16.3.251.https: Flags [S], seq 112301866, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:00:18.031738 IP 172.16.3.62.56087 > 172.16.3.251.https: Flags [S], seq 112301866, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:00:24.031707 IP 172.16.3.62.56087 > 172.16.3.251.https: Flags [S], seq 112301866, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:00:36.031646 IP 172.16.3.62.56087 > 172.16.3.251.https: Flags [S], seq 112301866, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:01:00.031738 IP 172.16.3.62.56087 > 172.16.3.251.https: Flags [S], seq 112301866, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:01:48.060546 IP 172.16.3.62.56087 > 172.16.3.251.https: Flags [S], seq 112301866, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:04:14.044769 IP 172.16.3.62.53207 > 172.16.3.251.https: Flags [S], seq 3849921125, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:04:17.044830 IP 172.16.3.62.53207 > 172.16.3.251.https: Flags [S], seq 3849921125, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:04:23.044830 IP 172.16.3.62.53207 > 172.16.3.251.https: Flags [S], seq 3849921125, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:04:35.031738 IP 172.16.3.62.53207 > 172.16.3.251.https: Flags [S], seq 3849921125, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:04:59.031799 IP 172.16.3.62.53207 > 172.16.3.251.https: Flags [S], seq 3849921125, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:05:47.031707 IP 172.16.3.62.53207 > 172.16.3.251.https: Flags [S], seq 3849921125, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:08:23.106750 IP 172.16.3.62.60937 > 172.16.3.251.https: Flags [S], seq 3474689812, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:08:26.044769 IP 172.16.3.62.60937 > 172.16.3.251.https: Flags [S], seq 3474689812, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:08:32.044891 IP 172.16.3.62.60937 > 172.16.3.251.https: Flags [S], seq 3474689812, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:08:44.106811 IP 172.16.3.62.60937 > 172.16.3.251.https: Flags [S], seq 3474689812, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/>17:09:08.106719 IP 172.16.3.62.60937 > 172.16.3.251.https: Flags [S], seq 3474689812, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0<br/><br/>Hope it helps and tcpdump was configured correctly.<br/><br/>Cheers<br/>Jonathan<br/> <br><br><table cellpadding="0" cellspacing="0" border="0"><tr><td bgcolor="#000000"><img src="https://img.ui-portal.de/p.gif" width="1" height="1" border="0" alt="" /></td></tr><tr><td style="font-family:verdana; font-size:12px; line-height:17px;">Schon gehört? WEB.DE hat einen genialen Phishing-Filter in die <br>Toolbar eingebaut! <a href="http://produkte.web.de/go/toolbar"><b>http://produkte.web.de/go/toolbar</b></a></td></tr></table>
</body></html>