Error setting up DTLS

Niels Peen niels at peen.ch
Fri Sep 26 01:07:23 PDT 2014 

Hi all,

What could be the cause of a "Error setting up DTLS” error?

I’m having a really hard time troubleshooting its cause as it’s very inconsistent. It will happen 10+ times, then suddenly (without making any changes) disappear and not happen for days. 

It happens only on Windows and only with OpenConnect. When I try OpenConnect on Android or AnyConnect on Windows/Android to the same server there are is no issue.

It’s my impression - but this may just be coincidence - that more distant/slower servers suffer from the error less often. Could this be a timing issue of some kind?

Thanks,
Niels


2014-09-26 11:27 Got CONNECT response: HTTP/1.1 200 CONNECTED
2014-09-26 11:27 X-CSTP-Version: 1
2014-09-26 11:27 X-CSTP-DPD: 90
2014-09-26 11:27 X-CSTP-Default-Domain: XYZ
2014-09-26 11:27 X-CSTP-Address: 10.255.232.185
2014-09-26 11:27 X-CSTP-Netmask: 255.255.252.0
2014-09-26 11:27 X-CSTP-DNS: 8.8.8.8
2014-09-26 11:27 X-CSTP-DNS: 8.8.4.3
2014-09-26 11:27 X-CSTP-Keepalive: 32400
2014-09-26 11:27 X-CSTP-Idle-Timeout: none
2014-09-26 11:27 X-CSTP-Smartcard-Removal-Disconnect: true
2014-09-26 11:27 X-CSTP-Rekey-Time: 172800
2014-09-26 11:27 X-CSTP-Rekey-Method: new-tunnel
2014-09-26 11:27 X-CSTP-Session-Timeout: none
2014-09-26 11:27 X-CSTP-Disconnected-Timeout: none
2014-09-26 11:27 X-CSTP-Keep: true
2014-09-26 11:27 X-CSTP-TCP-Keepalive: true
2014-09-26 11:27 X-CSTP-Tunnel-All-DNS: false
2014-09-26 11:27 X-CSTP-License: accept
2014-09-26 11:27 X-DTLS-MTU: 1280
2014-09-26 11:27 X-CSTP-MTU: 1280
2014-09-26 11:27 X-CSTP-Base-MTU: 1380
2014-09-26 11:27 X-DTLS-Session-ID: 65bfe1719d45f0eedfe533186b95cfee197101f8e1c67231eb6738ce20bd339c
2014-09-26 11:27 X-DTLS-DPD: 90
2014-09-26 11:27 X-DTLS-Port: 443
2014-09-26 11:27 X-DTLS-Rekey-Time: 172810
2014-09-26 11:27 X-DTLS-Keepalive: 32400
2014-09-26 11:27 X-DTLS-CipherSuite: OC-DTLS1_2-AES128-GCM
2014-09-26 11:27 X-DTLS-MTU: 1314
2014-09-26 11:27 X-CSTP-MTU: 1314
2014-09-26 11:27 CSTP connected. DPD 90, Keepalive 32400
2014-09-26 11:27 Opened tun device Local Area Connection 5
2014-09-26 11:27 TAP-Windows driver v9.9 (0)
2014-09-26 11:27 executing: route print
2014-09-26 11:27 ===========================================================================
2014-09-26 11:27 Interface List
2014-09-26 11:27 26...00 ff f6 5a 45 f3 ......TAP-Windows Adapter V9
2014-09-26 11:27 21...38 59 f9 fa fe 3e ......Bluetooth Personal Area Network #2
2014-09-26 11:27 17...74 e5 0b 18 0f 29 ......Microsoft Virtual WiFi Miniport Adapter #2
2014-09-26 11:27 16...74 e5 0b 18 0f 29 ......Microsoft Virtual WiFi Miniport Adapter
2014-09-26 11:27 15...74 e5 0b 18 0f 28 ......Intel(R) WiFi Link 1000 BGN
2014-09-26 11:27 13...b8 70 f4 32 70 be ......Broadcom NetLink (TM) Gigabit Ethernet
2014-09-26 11:27 1...........................Software Loopback Interface 1
2014-09-26 11:27 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
2014-09-26 11:27 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
2014-09-26 11:27 22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
2014-09-26 11:27 ===========================================================================
2014-09-26 11:27 IPv4 Route Table
2014-09-26 11:27 ===========================================================================
2014-09-26 11:27 Active Routes:
2014-09-26 11:27 Network Destination Netmask Gateway Interface Metric
2014-09-26 11:27 0.0.0.0 0.0.0.0 10.255.232.1 10.255.232.185 2
2014-09-26 11:27 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.118 25
2014-09-26 11:27 10.255.232.0 255.255.252.0 On-link 10.255.232.185 257
2014-09-26 11:27 10.255.232.185 255.255.255.255 On-link 10.255.232.185 257
2014-09-26 11:27 10.255.235.255 255.255.255.255 On-link 10.255.232.185 257
2014-09-26 11:27 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
2014-09-26 11:27 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
2014-09-26 11:27 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
2014-09-26 11:27 192.168.2.0 255.255.255.0 On-link 192.168.2.118 281
2014-09-26 11:27 192.168.2.118 255.255.255.255 On-link 192.168.2.118 281
2014-09-26 11:27 192.168.2.255 255.255.255.255 On-link 192.168.2.118 281
2014-09-26 11:27 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
2014-09-26 11:27 224.0.0.0 240.0.0.0 On-link 10.255.232.185 257
2014-09-26 11:27 224.0.0.0 240.0.0.0 On-link 192.168.2.118 281
2014-09-26 11:27 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
2014-09-26 11:27 255.255.255.255 255.255.255.255 On-link 10.255.232.185 257
2014-09-26 11:27 255.255.255.255 255.255.255.255 On-link 192.168.2.118 281
2014-09-26 11:27 ===========================================================================
2014-09-26 11:27 Persistent Routes:
2014-09-26 11:27 Network Address Netmask Gateway Address Metric
2014-09-26 11:27 0.0.0.0 0.0.0.0 10.255.232.1 1
2014-09-26 11:27 ===========================================================================
2014-09-26 11:27 IPv6 Route Table
2014-09-26 11:27 ===========================================================================
2014-09-26 11:27 Active Routes:
2014-09-26 11:27 If Metric Network Destination Gateway
2014-09-26 11:27 22 58 ::/0 On-link
2014-09-26 11:27 1 306 ::1/128 On-link
2014-09-26 11:27 22 58 2001::/32 On-link
2014-09-26 11:27 22 306 2001:0:9d38:6abd:3c5c:87cc:e42a:bd14/128
2014-09-26 11:27 On-link
2014-09-26 11:27 26 286 fe80::/64 On-link
2014-09-26 11:27 15 281 fe80::/64 On-link
2014-09-26 11:27 22 306 fe80::/64 On-link
2014-09-26 11:27 22 306 fe80::3c5c:87cc:e42a:bd14/128
2014-09-26 11:27 On-link
2014-09-26 11:27 26 286 fe80::5525:28c:ca2b:dcfd/128
2014-09-26 11:27 On-link
2014-09-26 11:27 15 281 fe80::8d04:29b2:b8ff:b57e/128
2014-09-26 11:27 On-link
2014-09-26 11:27 1 306 ff00::/8 On-link
2014-09-26 11:27 22 306 ff00::/8 On-link
2014-09-26 11:27 26 286 ff00::/8 On-link
2014-09-26 11:27 15 281 ff00::/8 On-link
2014-09-26 11:27 ===========================================================================
2014-09-26 11:27 Persistent Routes:
2014-09-26 11:27 None
2014-09-26 11:27 VPN Gateway: VPNSERVER
2014-09-26 11:27 Internal Address: 10.255.232.185
2014-09-26 11:27 Internal Netmask: 255.255.252.0
2014-09-26 11:27 Internal Gateway: 10.255.232.1
2014-09-26 11:27 Interface: "Local Area Connection 5"
2014-09-26 11:27 executing: route add VPNSERVER mask 255.255.255.255 10.255.232.1
2014-09-26 11:27 OK!
2014-09-26 11:27 MTU: 1314
2014-09-26 11:27 executing: netsh interface ipv4 set subinterface "Local Area Connection 5" mtu=1314 store=active
2014-09-26 11:27 Ok.
2014-09-26 11:27 Configuring "Local Area Connection 5" interface for Legacy IP...
2014-09-26 11:27 executing: netsh interface ip set interface "Local Area Connection 5" metric=1
2014-09-26 11:27 Ok.
2014-09-26 11:27 executing: netsh interface ip set address "Local Area Connection 5" static 10.255.232.185 255.255.252.0 10.255.232.1 1
2014-09-26 11:27 executing: netsh interface ip add dns "Local Area Connection 5" 8.8.8.8 index=1
2014-09-26 11:27 The object is already in the list.
2014-09-26 11:27 executing: netsh interface ip add dns "Local Area Connection 5" 8.8.4.3 index=2
2014-09-26 11:27 The object is already in the list.
2014-09-26 11:27 done.
2014-09-26 11:27 Configuring Legacy IP networks:
2014-09-26 11:27 Route configuration done.
2014-09-26 11:27 DTLS option X-DTLS-MTU : 1280
2014-09-26 11:27 DTLS option X-DTLS-Session-ID : 65bfe1719d45f0eedfe533186b95cfee197101f8e1c67231eb6738ce20bd339c
2014-09-26 11:27 DTLS option X-DTLS-DPD : 90
2014-09-26 11:27 DTLS option X-DTLS-Port : 443
2014-09-26 11:27 DTLS option X-DTLS-Rekey-Time : 172810
2014-09-26 11:27 DTLS option X-DTLS-Keepalive : 32400
2014-09-26 11:27 DTLS option X-DTLS-CipherSuite : OC-DTLS1_2-AES128-GCM
2014-09-26 11:27 DTLS option X-DTLS-MTU : 1314
2014-09-26 11:27 Error setting up DTLS
2014-09-26 11:27 Disconnected

More information about the openconnect-devel mailing list