Can't connect with DTLS, using SSL instead

Abdulla Bubshait darkstego at gmail.com
Wed Sep 27 07:41:47 PDT 2017


I have been trying to connect to my office Cisco 800 router using openconnect.
While a VPN connection can be made it doesn't use UDP, but fallbacks to TCP/SSL.

I can connect with DTLS using the anyconnect phone app. So I know the
server supports it.
I just can't seem to figure out why openconnect falls back to SSL.
Here is the part with log

Got CONNECT response: HTTP/1.1 200 OK
X-CSTP-Version: 1
X-CSTP-Address: 10.200.200.190
X-CSTP-Netmask: 255.255.255.0
X-CSTP-Keep: true
X-CSTP-DNS: 10.200.200.11
X-CSTP-Lease-Duration: 43200
X-CSTP-MTU: 1406
X-CSTP-Default-Domain: company.com
X-CSTP-Split-Include: 10.200.200.0/255.255.255.0
X-CSTP-Split-Include: 10.200.0.0/255.255.0.0
X-CSTP-Rekey-Time: 3600
X-CSTP-Rekey-Method: new-tunnel
X-CSTP-DPD: 300
X-CSTP-Disconnected-Timeout: 2100
X-CSTP-Idle-Timeout: 2100
X-CSTP-Session-Timeout: 0
X-CSTP-Keepalive: 30
CSTP connected. DPD 300, Keepalive 30
CSTP Ciphersuite: (TLS1.0)-(RSA)-(AES-256-CBC)-(SHA1)
Set up DTLS failed; using SSL instead
Connected as 10.200.200.190, using SSL

I would appreciate any help or insight as to what could be going wrong.

Thanks,
Abdulla



More information about the openconnect-devel mailing list