SSL error
Matthew Kitchin (Public/Usenet)
mkitchin.public at gmail.com
Thu Jan 26 22:47:03 EST 2012
Sorry for replying to my own email. I resolved the group issue. I needed
to use --authgroup= instead of --usergroup=
This problem remains. I get this after the connection takes about 30
seconds to start
Established DTLS connection
DTLS Dead Peer Detection detected dead peer!
DTLS handshake failed: 1
22407:error:14102410:lib(20):func(258):reason(1040):NA:0:SSL alert number 40
The last line is repeated every few seconds.
On 1/26/2012 3:02 PM, Matthew Kitchin (public/usenet) wrote:
> I've been connecting to a Cisco ASA for some time with no issues. I'm
> now moving over to a different one at a new company. I get this error
> below.
> 20454:error:14102410:lib(20):func(258):reason(1040):NA:0:SSL alert
> number 40
> every few minutes.
> The hits I can find on this are similar to this:
> http://www.mail-archive.com/openssl-users@openssl.org/msg51636.html
> Is this anything I should worry about?
>
> The initial connection also fails for about 30 seconds, and then comes
> up as soon as this text is displayed:
> Established DTLS connection
> DTLS Dead Peer Detection detected dead peer!
> DTLS handshake failed: 1
> 20800:error:14102410:lib(20):func(258):reason(1040):NA:0:SSL alert
> number 40
> I find this error on this topic:
> http://lists.infradead.org/pipermail/openconnect-devel/2011-May/000302.html
>
>
> I'm using OpenConnect version v2.25-unknown on OpenWRT backfire. I
> realize it is not the newest, but the package for OpenWRT doesn;t seem
> to get updated, I i completely failed when I attempted to do it myself.
>
> The only other issue I'm having is related to the group. My previous
> connection did not prompt for a group. This one does. I'm trying to
> keep this as an automated process, but I"m not having any luck with
> the --usergroup=GROUP switch. I doubt this is related to my issue, and
> so far I assume it is user error on my part.
>
> I'm not sure if my 2 problems above are related. If so, which one
> should I tackle first?
More information about the openconnect-devel
mailing list