Can't connect with DTLS, using SSL instead
Daniel Lenski
dlenski at gmail.com
Wed Sep 27 21:58:36 PDT 2017
On Wed, Sep 27, 2017 at 11:41 PM, Abdulla Bubshait <darkstego at gmail.com> wrote:
>
> I have been trying to connect to my office Cisco 800 router using openconnect.
> While a VPN connection can be made it doesn't use UDP, but fallbacks to TCP/SSL.
>
> I can connect with DTLS using the anyconnect phone app. So I know the
> server supports it.
> I just can't seem to figure out why openconnect falls back to SSL.
> Here is the part with log
>
> Got CONNECT response: HTTP/1.1 200 OK
> X-CSTP-Version: 1
> X-CSTP-Address: 10.200.200.190
> X-CSTP-Netmask: 255.255.255.0
> X-CSTP-Keep: true
> X-CSTP-DNS: 10.200.200.11
> X-CSTP-Lease-Duration: 43200
> X-CSTP-MTU: 1406
> X-CSTP-Default-Domain: company.com
> X-CSTP-Split-Include: 10.200.200.0/255.255.255.0
> X-CSTP-Split-Include: 10.200.0.0/255.255.0.0
> X-CSTP-Rekey-Time: 3600
> X-CSTP-Rekey-Method: new-tunnel
> X-CSTP-DPD: 300
> X-CSTP-Disconnected-Timeout: 2100
> X-CSTP-Idle-Timeout: 2100
> X-CSTP-Session-Timeout: 0
> X-CSTP-Keepalive: 30
> CSTP connected. DPD 300, Keepalive 30
> CSTP Ciphersuite: (TLS1.0)-(RSA)-(AES-256-CBC)-(SHA1)
> Set up DTLS failed; using SSL instead
> Connected as 10.200.200.190, using SSL
It appears from your log that the server is not sending any
information to the client about how to connect with DTLS; there are no
X-DTLS-* response headers.
The log you sent only includes the headers in the *server response* to
the CONNECT.
Can you include more of the log, including the headers *sent by
openconnect* along with the CONNECT request?
-Dan
More information about the openconnect-devel
mailing list