oscserv error: "could not determine the owner of received UDP packet"
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Nov 15 00:46:53 PST 2014
On Thu, 2014-11-13 at 11:23 +0200, İsmail Dönmez wrote:
> Hi,
>
> On Wed, Nov 12, 2014 at 11:41 PM, Nikos Mavrogiannopoulos
> <nmav at gnutls.org> wrote:
> > On Wed, 2014-11-12 at 16:08 +0200, İsmail Dönmez wrote:
> >
> >> Nov 12 14:04:25 i10z ocserv[54495]: main: 212.156.31.134:3351[ismail]
> >> received UDP connection too soon from 212.156.31.134:37353
> >> Nov 12 14:04:25 i10z ocserv[54495]: main: 212.156.31.134:37353: too short packet
> >> Nov 12 14:04:25 i10z ocserv[54495]: main: new DTLS session from
> >> 212.156.31.134:37353 (record v254.253, hello v0.1)
> >> Nov 12 14:04:25 i10z ocserv[54495]: main: 212.156.31.134:37353:
> >> unexpected DTLS content type: 23; a firewall disassociated a UDP
> >> session
> >> Now the last 4 lines are repeated forever and connection never
> >> recovers. Using openconnect.git didn't help.
> >> Using ocserv.git atm.
>From your full log I realize that your case is different, and you'll be
able to figure the issue. There are two clients connecting. The first
disconnects the TCP session, but then from the same IP you seem to start
receiving UDP packets which are not associated with a session. That's
why ocserv tries to forward the packets to the only other existing
session from the same IP. Because that session is active already it
rejects that forward.
So the issue is to figure who is sending the UDP packets without an
associated TCP session.
regards,
Nikos
Nov 13 09:18:44 i10z ocserv[1164]: worker: 212.156.31.134:35277
User-agent: 'Open AnyConnect VPN Agent v6.00-214-g17a18f1'
Nov 13 09:04:04 i10z ocserv[697]: worker: 212.156.31.134:42709[ismail]
User-agent: 'Open AnyConnect VPN Agent v6.00-214-g17a18f1'
Nov 13 09:18:44 i10z ocserv[1164]: worker: 212.156.31.134:35277[ismail]
suggesting DPD of 440 secs
Nov 13 09:18:44 i10z ocserv[54495]: main: 212.156.31.134:42709[ismail]
main-misc.c:425: command socket closed
Nov 13 09:18:44 i10z ocserv[54495]: main: 212.156.31.134:42709[ismail]
removing client 'ismail' with id '697'
Nov 13 09:18:48 i10z ocserv[54495]: main: 212.156.31.134:22839:
unexpected DTLS content type: 23; a firewall disassociated a UDP session
Nov 13 09:18:48 i10z ocserv[1164]: worker: 212.156.31.134:35277[ismail]
received UDP fd message but our session is active!
More information about the openconnect-devel
mailing list