Open Connect 7.0.6 drops

Kevin Cernekee cernekee at gmail.com
Wed May 4 10:44:10 PDT 2016


On Thu, Apr 28, 2016 at 6:35 AM, Fred Schnittke
<Fred.Schnittke at autodata.net> wrote:
> Is there a way to disable DPD?

Does --force-dpd=0 work?

The downside of turning off DPD is that the client might not notice
when the connection is no longer able to pass data, so you wind up
with a "living dead" VPN tunnel.

> Failed to reconnect to host SomeIP

Normally after I see a DPD timeout, the reconnection succeeds right
away and the session is able to resume itself with little/no
disruption to the user.  DPD timeouts frequently happen due to NAT
timeouts or IP/network changes.

It might be worth increasing verbosity and/or grabbing a packet trace
to see why it is failing in this case.



More information about the openconnect-devel mailing list