dead peer detection

William Hubbs williamh at
Wed Jul 6 15:37:31 PDT 2016


at our company, we have a pulse secure vpn, and we are using openconnect
as a  client.

We use a proprietary front end to log into the vpn then pass the correct
switches to openconnect.

We call openconnect as follows:

openconnect --juniper --cookie-on-stdin hostname --cafile=filename
--background --syslog

Then we pass the cookie to stdin and get out of the way.

My coworker reports to me that , on about an hourly interval, he gets
the message

"esp dead peer detected"

in his syslogs, then the vpn connection drops.

At that point, openconnect can restart the connection sometimes, but it
takes a very long time to do so, and is significantly affecting his
productivity, because he has to wait for it to restart or kill it and
restart the connection.

We were using 7.06 before, and someone else at the company suggested
this patch. But, we are now using the code at commit 7a4140a1, and it
doesn't apply.

Can you tell me what is going on, or if there's something else I can do
such as adding a command line switch, or if this patch can or should be
applied still?

Is there more information I can give you to help?

I am sending this from my gentoo address (I'm also an openconnect
maintainer for Gentoo), because this is the easiest way to process

Neither myself nor Brian are on the ml, so please cc us in your

Please let me know what you think.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <>

More information about the openconnect-devel mailing list