Intermittent xfreerdp hang only through VPN

Justin cattyhouse at
Thu Sep 10 00:43:08 PDT 2015

According to your description, you have the following machines, can
you let us know the ip address of those machines?

1. the machine that have openconnect client installed.
2. the machine that have openconnect server installed.
3. the Windows machine
4. the machine that you intent to ssh into
5. the machine that you start the ssh session.

I GUESS it is a routing problem.

Justin He

On Thu, Sep 10, 2015 at 12:36 PM, Younes Manton <younes.m at> wrote:
> On Wed, Sep 2, 2015 at 1:46 AM, Younes Manton <younes.m at> wrote:
>> On Tue, Sep 1, 2015 at 7:00 PM, Stuart Henderson <stu at> wrote:
>>> On 2015/09/01 16:04, Younes Manton wrote:
>>>> Hi,
>>>> I've had this problem for at least a couple of years. Whenever I
>>>> connect to a Windows machine via xfreerdp over my work place VPN the
>>>> xfreerdp client inevitably hangs. Occassionally SSH sessions will also
>>>> hang, but this happens much less often. I never see either problem
>>>> when not connected over VPN.
>>>> I normally run OpenConnect via Network Manager, but I recently ran it
>>>> on the command line with -v to watch the output. As best as I can tell
>>>> the hangs always follow a CSTP rekey and the only thing that's
>>>> different from the usual is that these lines begin to appear:
>>>> Send CSTP Keepalive
>>>> Send CSTP DPD
>>>> Got CSTP DPD response
>>>> They seem to stop being emitted once I kill the unresponsive xfreerdp client.
>>>> On the Windows side I see the following in the Event Viewer every time
>>>> xfreerdp hangs:
>>>> The Terminal Server security layer detected an error in the protocol
>>>> stream and has disconnected the client. Client IP: <my IP>.
>>>> Anything I can do to debug this?
>>> Try reducing the mtu requested (openconnect's -m flag).
>> Thanks. Seems like the server doesn't allow anything outside of
>> 1280-1300, the values I pass to -m are clamped to that range. Neither
>> helps my problem.
> So I tried using ifconfig to change the MTU on the vpn interface
> rather than relying on openconnect; lowered to 1100, but that didn't
> help. Is there anything else I can do to debug this?
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at

More information about the openconnect-devel mailing list