SSL error

Matthew Kitchin (Public/Usenet) mkitchin.public at gmail.com
Sat Feb 4 18:37:48 EST 2012 

The No DTLS option seems to have fixed it. I guess I'm stuck using that.

On 1/26/2012 9:47 PM, Matthew Kitchin (Public/Usenet) wrote:
> Sorry for replying to my own email. I resolved the group issue. I 
> needed to use  --authgroup= instead of --usergroup=
>
> This problem remains. I get this after the connection takes about 30 
> seconds to start
>
> Established DTLS connection
> DTLS Dead Peer Detection detected dead peer!
> DTLS handshake failed: 1
> 22407:error:14102410:lib(20):func(258):reason(1040):NA:0:SSL alert 
> number 40
>
> The last line is repeated every few seconds.
>
> On 1/26/2012 3:02 PM, Matthew Kitchin (public/usenet) wrote:
>> I've been connecting to a Cisco ASA for some time with no issues. I'm 
>> now moving over to a different one at a new company. I get this error 
>> below.
>> 20454:error:14102410:lib(20):func(258):reason(1040):NA:0:SSL alert 
>> number 40
>> every few minutes.
>> The hits I can find on this are similar to this:
>> http://www.mail-archive.com/openssl-users@openssl.org/msg51636.html
>> Is this anything I should worry about?
>>
>> The initial connection also fails for about 30 seconds, and then 
>> comes up as soon as this text is displayed:
>> Established DTLS connection
>> DTLS Dead Peer Detection detected dead peer!
>> DTLS handshake failed: 1
>> 20800:error:14102410:lib(20):func(258):reason(1040):NA:0:SSL alert 
>> number 40
>> I find this error on this topic:
>> http://lists.infradead.org/pipermail/openconnect-devel/2011-May/000302.html 
>>
>>
>> I'm using OpenConnect version v2.25-unknown on OpenWRT backfire. I 
>> realize it is not the newest, but the package for OpenWRT doesn;t 
>> seem to get updated, I i completely failed when I attempted to do it 
>> myself.
>>
>> The only other issue I'm having is related to the group. My previous 
>> connection did not prompt for a group. This one does. I'm trying to 
>> keep this as an automated process, but I"m not having any luck with 
>> the --usergroup=GROUP switch. I doubt this is related to my issue, 
>> and so far I assume it is user error on my part.
>>
>> I'm not sure if my 2 problems above are related. If so, which one 
>> should I tackle first?
>

More information about the openconnect-devel mailing list