Juniper SSL VPN support
David Woodhouse
dwmw2 at infradead.org
Thu Mar 26 13:37:42 PDT 2015
On Thu, 2015-03-26 at 20:10 +0000, Olda Bartunek wrote:
> David Woodhouse <dwmw2 <at> infradead.org> writes:
>
> >
> > Oops, please git pull and try again.
> >
>
> Ok, so with updated main.c I moved a bit. Windows client is able to
> authenticate, even get configuration so tunnel looks to be up but
> packets do
> not flow. With --verbose everything looks same (of course except TAP
> driver
> and vpnc-script-win output) till end of message "ESP session
> established
> with server" where Linux client just repeating "Send ESP probes for
> DPD" but
> Windows client repeating following discard:
> Discarding replayed ESP packet with seq 1
> Discarding replayed ESP packet with seq 2
> 0000: 21 00 00 00 00 00 00 00 01 2f 01 00 00 00 01 00
> 0010: 00 00 00 00 00 0d 00 06 00 00 00 07 00 01 00 00
> 0020: 00 01 01
> Send ESP probes for DPD
> Discarding replayed ESP packet with seq 3
> Discarding replayed ESP packet with seq 4
> Send ESP probes for DPD
> Discarding replayed ESP packet with seq 5
> Discarding replayed ESP packet with seq 6
> Send ESP probes for DPD
> Discarding replayed ESP packet with seq 7
> Discarding replayed ESP packet with seq 8
> Send ESP probes for DPD
> Discarding replayed ESP packet with seq 9
Hm. And with --no-dtls it works OK, I presume?
This is verify_packet_seqno() in esp.c. Can you make it print the
values of esp->seq_backlog and esp->seq so we can see what's happening?
And try just making it return zero :)
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150326/34882234/attachment.bin>
More information about the openconnect-devel
mailing list