openconnect client dtls handshake fail On Windows

[Nikos Mavrogiannopoulos]

On Thu, Oct 16, 2014 at 10:11 AM, Guang <lerntechnology at 163.com> wrote:
> Hi,
>   thanks a lot for your help.
>>That's the error printed when DTLS handshake times out. You could debug
>>it using wireshark or so. It could be a firewall dropping UDP packets.
>    I had used the wireshark On Windows to view the openconnect and the  tshark  on Linux to view the Ocserv-0.8.0 (and Ocserv-0.8.4)   (using  the gnutls-3.2.12) .
>    I find that the client can send the "DTLS  Client Hello" to the server successfully  and  the  ocserv can received it and  send  the " DTLS  Server Hello" to the network  interface.
>    But, the source IP of the "Server Hello" is not the same as  the destination IP of the "Client Hello".
>    (My physical network interface on Linux  had many IP ,the openconnect connect to one of them(not the main IP), but the server only use  the main IP of the interface to response the "Client Hello" )
>    when I try to use the openconnect to connect to the main ip of the server interface ,the DTLS connection can be Established successfully!

And do you want ocserv to listen to all of these IPs? If not you can
simply make it listen to the desired IP.

>    so I think that maybe  the ocserv  can change something to use the IP same as  the destination  IP of the "Client Hello" to response.

It's quite possible, but cumbersome as I see, it requires using
recvmsg() instead of recvfrom in main.c, and possibly switching send()
with sendmsg(). Patches are welcome.

regards,
Nikos