oscserv error: "could not determine the owner of received UDP packet"

Sun Nov 16 02:50:34 PST 2014

Hi,

On Sun, Nov 16, 2014 at 11:01 AM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On Sat, 2014-11-15 at 19:55 +0200, İsmail Dönmez wrote:
>> Hi,
>>
>> On Sat, Nov 15, 2014 at 5:19 PM, İsmail Dönmez <ismail at donmez.ws> wrote:
>> > Hi,
>> >
>> > On Sat, Nov 15, 2014 at 5:03 PM, Nikos Mavrogiannopoulos
>> > <nmav at gnutls.org> wrote:
>> >> An untested patch for openconnect follows. Would that Ismail fix the
>> >> issue you notice?
>> >
>> > Testing the patch now, but...
>> >
>> >> (in an unrelated issue for some reason DPD detection here didn't work
>> >> for DTLS which didn't try to reconnect - I don't know if Ismail has the
>> >> output of openconnect)
>> >
>> > I don't have the openconnect logs BUT it said DPD detected and
>> > reconnect, this is when the ocserv sets up the second connection and
>> > at this point everything goes berserk.
>>
>> Patch didn't help, here is the openconnect(.git) logs:
>
> Hi,
>  Thanks to tcpkill I managed to simulate your use case. Could you try
> the openconnect patch as well as the latest ocserv in git?

This version seems to be creating a new session every minute. On the
client side:

POST https://i10z.com:1443/
Attempting to connect to server 104.40.138.253:1443
SSL negotiation with i10z.com
Connected to HTTPS on i10z.com
XML POST enabled
Please enter your username
POST https://i10z.com:1443/auth
Please enter your password.
Password:
POST https://i10z.com:1443/auth
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 440, Keepalive 32400
Connected tun1 as 10.10.0.121, using SSL
DTLS handshake failed: Resource temporarily unavailable, try again.
DTLS handshake failed: Resource temporarily unavailable, try again.
DTLS handshake failed: Resource temporarily unavailable, try again.
DTLS handshake failed: Resource temporarily unavailable, try again.
DTLS handshake failed: Resource temporarily unavailable, try again.
DTLS handshake failed: Resource temporarily unavailable, try again.
DTLS handshake failed: Resource temporarily unavailable, try again.
DTLS handshake failed: Resource temporarily unavailable, try again.

On the server side:

Nov 16 10:42:42 i10z ocserv[45018]: sec-mod: performing maintenance
Nov 16 10:42:42 i10z ocserv[45018]: sec-mod: active sessions 0, banned entries 0
Nov 16 10:41:58 i10z ocserv[45017]: message repeated 3 times: [ main:
new DTLS session from 212.156.31.134:51296 (record v254.255, hello
v1.0)]
Nov 16 10:43:03 i10z ocserv[45017]: main: new DTLS session from
212.156.31.134:22620 (record v254.255, hello v1.0)
Nov 16 10:43:21 i10z ocserv[45017]: message repeated 2 times: [ main:
new DTLS session from 212.156.31.134:22620 (record v254.255, hello
v1.0)]
Nov 16 10:44:21 i10z ocserv[45017]: main: new DTLS session from
212.156.31.134:9870 (record v254.255, hello v1.0)
Nov 16 10:44:37 i10z ocserv[45017]: main: new DTLS session from
212.156.31.134:9870 (record v254.255, hello v1.0)
Nov 16 10:45:36 i10z ocserv[45017]: main: new DTLS session from
212.156.31.134:22008 (record v254.255, hello v1.0)
Nov 16 10:46:13 i10z ocserv[45017]: message repeated 2 times: [ main:
new DTLS session from 212.156.31.134:22008 (record v254.255, hello
v1.0)]
Nov 16 10:47:13 i10z ocserv[45017]: main: new DTLS session from
212.156.31.134:24857 (record v254.255, hello v1.0)
Nov 16 10:47:42 i10z ocserv[45018]: sec-mod: performing maintenance
Nov 16 10:47:42 i10z ocserv[45018]: sec-mod: active sessions 0, banned entries 0
Nov 16 10:47:43 i10z ocserv[45017]: message repeated 2 times: [ main:
new DTLS session from 212.156.31.134:24857 (record v254.255, hello
v1.0)]
Nov 16 10:48:43 i10z ocserv[45017]: main: new DTLS session from
212.156.31.134:2323 (record v254.255, hello v1.0)
Nov 16 10:49:13 i10z ocserv[45017]: main: new DTLS session from
212.156.31.134:2323 (record v254.255, hello v1.0)
Nov 16 10:50:13 i10z ocserv[45017]: main: new DTLS session from
212.156.31.134:29242 (record v254.255, hello v1.0)

The connection never dropped, I am still running it to see if it
breaks. But the speed really got slowed down. I would get 500-600kb/s
easily now I only get 100kb/s.

Thanks!