dead connection after "Error in the pull function"

Bernd Schubert Wed, 10 Aug 2022 01:22:10 -0700

Hello,

I'm typically working from home with a fibre connection and not too farfrom our vpn server and everything works fine (around 8ms ping to thevpn server). For about two weeks I'm working from about 1000km away fromthe vpn server and over tv-cable (150ms to the vpn server). Some fromhere I get reproducible "Read error on SSL session: Error in the pullfunction." after a few minutes, it then seems to try to re-establishthe connection, but actually ends up in a dead connection.

I had found this thread


https://askubuntu.com/questions/1273285/vpn-openconnect-pulse-disconnects-itself-in-ubuntu-20

and according to the discussion the issue is supposed to be resolvedwith 8.20. Ubuntu 22.04 already has openconnect-8.20 and I also justupdated to 9.01 - does not help.The discussion also mentions "--no-dtls" and that helps indeed - noissue with this option. The discussion also mentions performance issuesand recommends to not set that option - no idea about that yet - latencyfrom here is so much higher anyway.



Any idea what is going on or how to debug it?


Thanks,
Bernd

bernd@t420-work-1 bin>domain-vpn.sh 
vpn password: sudo /usr/sbin/openconnect --force-dpd=15 -v -u <user> --protocol=pulse <server> -s /home/bernd/bin/vpnc-script
Attempting to connect to server <IP>:443
Connected to <IP>
SSL negotiation with <server> 
Connected to HTTPS on <server> with ciphersuite (TLS1.2)-(RSA)-(AES-128-CBC)-(SHA256)
Got HTTP response: HTTP/1.1 101 Switching Protocols
Content-type: application/octet-stream
Pragma: no-cache
Upgrade: IF-T/TLS 1.0
Connection: Upgrade
Strict-Transport-Security: max-age=31536000
> 0000:  00 00 55 97 00 00 00 01  00 00 00 14 00 00 00 00  |..U.............|
> 0010:  00 01 02 02                                       |....|
> 0000:  00 00 0a 4c 00 00 00 88  00 00 00 42 00 00 00 01  |...L.......B....|
> 0010:  63 6c 69 65 6e 74 48 6f  73 74 4e 61 6d 65 3d 74  |clientHostName=t|
> 0020:  34 32 30 2d 77 6f 72 6b  2d 31 20 63 6c 69 65 6e  |420-work-1 clien|
> 0030:  74 49 70 3d 31 39 32 2e  31 36 38 2e 30 2e 31 36  |tIp=192.168.0.16|
> 0040:  0a 00                                             |..|
> 0000:  00 00 55 97 00 00 00 06  00 00 00 22 00 00 00 02  |..U........"....|
> 0010:  00 0a 4c 01 02 01 00 0e  01 61 6e 6f 6e 79 6d 6f  |..L......anonymo|
> 0020:  75 73                                             |us|
> 0000:  00 00 55 97 00 00 00 06  00 00 00 50 00 00 00 03  |..U........P....|
> 0010:  00 0a 4c 01 02 02 00 3c  fe 00 0a 4c 00 00 00 01  |..L....<...L....|
> 0020:  00 00 0d 70 80 00 00 2f  00 00 05 83 4f 70 65 6e  |...p.../....Open|
> 0030:  20 41 6e 79 43 6f 6e 6e  65 63 74 20 56 50 4e 20  | AnyConnect VPN |
> 0040:  41 67 65 6e 74 20 76 39  2e 30 31 7e 62 73 31 00  |Agent v9.01~bs1.|
> 0000:  00 00 55 97 00 00 00 06  00 00 00 5c 00 00 00 04  |..U........\....|
> 0010:  00 0a 4c 01 02 03 00 48  fe 00 0a 4c 00 00 00 01  |..L....H...L....|
Enter user credentials:
Password:
> 0020:  00 00 0d 6d 80 00 00 15  00 00 05 83 62 73 63 68  |...m........xxxx|
> 0030:  75 62 65 72 74 00 00 00  00 00 00 4f 40 00 00 22  |xxxxx......O@.."|
> 0040:  02 00 00 1a fe 00 0a 4c  00 00 00 02 02 02 0d 6d  |.......L.......m|
> 0050:  44 41 69 69 6e 6e 66 21  33 36 00 00              |yyyyyyyyyy..|
> 0000:  00 00 55 97 00 00 00 06  00 00 00 34 00 00 00 05  |..U........4....|
Session limit reached. Choose session to kill:
 - e44e6387 from 193.46.36.91 at Wed, 10 Aug 2022 09:32:40 CEST

Session: [e44e6387]:e44e6387
> 0010:  00 0a 4c 01 02 04 00 20  fe 00 0a 4c 00 00 00 01  |..L.... ...L....|
> 0020:  00 00 0d 69 80 00 00 14  00 00 05 83 65 34 34 65  |...i........e44e|
> 0030:  36 33 38 37                                       |6387|
> 0000:  00 00 55 97 00 00 00 06  00 00 00 20 00 00 00 06  |..U........ ....|
> 0010:  00 0a 4c 01 02 05 00 0c  fe 00 0a 4c 00 00 00 01  |..L........L....|

Received split include route 
Received split include route 
Received split include route 
Received split include route 
Received split include route 
Received split include route 
Received split include route 
Received split include route 

Unknown attr 0x4000 len 1: 00
Unknown attr 0x4001 len 1: 00
Unknown attr 0x401f len 1: 00
Unknown attr 0x4020 len 1: 00
Unknown attr 0x4021 len 1: 00
Received MTU 1400 from server
Received DNS server 
Received DNS server 
Received DNS search domain <d, <predomain>.<domain>
Unknown attr 0x4007 len 4: 00 00 00 01
Received WINS server 255.255.255.255
Unknown attr 0x4019 len 1: 01
ESP only: 0
Unknown attr 0x400f len 2: 00 00
ESP encryption: 0x0002 (AES-128)
ESP HMAC: 0x0001 (MD5)
ESP key lifetime: 1200 seconds
ESP key lifetime: 0 bytes
ESP replay protection: 1
Unknown attr 0x4015 len 4: 00 00 00 00
ESP port: 4500
ESP to SSL fallback: 15 seconds
Unknown attr 0x4018 len 4: 00 00 00 3c
Received internal Legacy IP address <internal-ip>
Received netmask 255.255.255.255
Received internal gateway address <internal-gw>
Unknown attr 0x400c len 1: 00
Unknown attr 0x400d len 1: 00
Unknown attr 0x400e len 1: 00
Unknown attr 0x401b len 1: 00
Unknown attr 0x401c len 1: 00
64 bytes of ESP secrets
ESP SPI (outbound): 3c483544
> 0000:  00 00 0a 4c 00 00 00 01  00 00 00 c0 00 00 00 07  |...L............|
> 0010:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 0020:  21 20 24 00 00 00 00 00  00 00 00 b0 00 00 00 94  |! $.............|
> 0030:  01 00 00 00 08 b2 55 09  00 40 ca 5c cd 46 18 51  |......U..@.\.F.Q|
> 0040:  ed f3 2c 06 93 22 a8 d7  9d 5b 8a 77 6d e0 c7 45  |..,.."...[.wm..E|
> 0050:  68 f9 46 ec e6 f2 14 cf  2a a7 00 00 00 00 00 00  |h.F.....*.......|
> 0060:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 0070:  00 00 00 00 00 00 00 00  00 00 44 35 48 3c 00 40  |..........D5H<.@|
> 0080:  17 5b 57 34 e5 d2 df 23  5a dd 1c ba 13 6e 96 0d  |.[W4...#Z....n..|
> 0090:  47 81 2f 8c 4b e9 98 73  18 24 e1 b5 1a e0 dc 78  |G./.K..s.$.....x|
> 00a0:  67 27 14 b9 41 0b 1f a8  71 c9 5f 7e 0a bb 74 22  |g'..A...q._~..t"|
> 00b0:  16 cd c8 79 c7 d4 88 f4  0b 92 66 6b 96 72 33 61  |...y......fk.r3a|
> 0000:  00 00 0a 4c 00 00 00 05  00 00 00 18 00 00 00 08  |...L............|
> 0010:  6e 63 6d 6f 3d 31 0a 00                           |ncmo=1..|
Send ESP probes
UDP SO_SNDBUF: 28000
Configured as <internal-ip>, with SSL connected and ESP in progress
Session authentication will expire at Thu Aug 11 09:45:05 2022

RTNETLINK answers: File exists
Not using vhost-net due to low queue length 10
ESP session established with server
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Send ESP probes for DPD
Read error on SSL session: Error in the pull function.
SSL negotiation with <server>
Connected to HTTPS on <server> with ciphersuite (TLS1.2)-(RSA)-(AES-128-CBC)-(SHA256)
Got HTTP response: HTTP/1.1 101 Switching Protocols
Content-type: application/octet-stream
Pragma: no-cache
Upgrade: IF-T/TLS 1.0
Connection: Upgrade
Strict-Transport-Security: max-age=31536000
> 0000:  00 00 55 97 00 00 00 01  00 00 00 14 00 00 00 00  |..U.............|
> 0010:  00 01 02 02                                       |....|
> 0000:  00 00 0a 4c 00 00 00 88  00 00 00 42 00 00 00 01  |...L.......B....|
> 0010:  63 6c 69 65 6e 74 48 6f  73 74 4e 61 6d 65 3d 74  |clientHostName=t|
> 0020:  34 32 30 2d 77 6f 72 6b  2d 31 20 63 6c 69 65 6e  |420-work-1 clien|
> 0030:  74 49 70 3d 31 39 32 2e  31 36 38 2e 30 2e 31 36  |tIp=192.168.0.16|
> 0040:  0a 00                                             |..|
> 0000:  00 00 55 97 00 00 00 06  00 00 00 22 00 00 00 02  |..U........"....|
> 0010:  00 0a 4c 01 02 01 00 0e  01 61 6e 6f 6e 79 6d 6f  |..L......anonymo|
> 0020:  75 73                                             |us|
> 0000:  00 00 55 97 00 00 00 06  00 00 00 7c 00 00 00 03  |..U........|....|
> 0010:  00 0a 4c 01 02 02 00 68  fe 00 0a 4c 00 00 00 01  |..L....h...L....|
> 0020:  00 00 0d 70 80 00 00 2f  00 00 05 83 4f 70 65 6e  |...p.../....Open|
> 0030:  20 41 6e 79 43 6f 6e 6e  65 63 74 20 56 50 4e 20  | AnyConnect VPN |
> 0040:  41 67 65 6e 74 20 76 39  2e 30 31 7e 62 73 31 00  |Agent v9.01~bs1.|
> 0050:  00 00 0d 53 80 00 00 2c  00 00 05 83 64 37 65 62  |...S...,....d7eb|
> 0060:  64 37 66 37 33 35 35 30  63 65 37 65 39 38 37 64  |d7f73550ce7e987d|
> 0070:  38 38 62 62 39 63 62 37  65 34 30 63              |88bb9cb7e40c|
> 0000:  00 00 55 97 00 00 00 06  00 00 00 20 00 00 00 04  |..U........ ....|
> 0010:  00 0a 4c 01 02 03 00 0c  fe 00 0a 4c 00 00 00 01  |..L........L....|

Received split include route ...
Received split include route 
Received split include route 
Received split include route 
Received split include route 
Received split include route 
Received split include route 
Received split include route ....


Unknown attr 0x4000 len 1: 00
Unknown attr 0x4001 len 1: 00
Unknown attr 0x401f len 1: 00
Unknown attr 0x4020 len 1: 00
Unknown attr 0x4021 len 1: 00
Received MTU 1400 from server
Received DNS server 
Received DNS server 
Received DNS search domain <d, <predomain>.<domain>
Unknown attr 0x4007 len 4: 00 00 00 01
Received WINS server 255.255.255.255
Unknown attr 0x4019 len 1: 01
ESP only: 0
Unknown attr 0x400f len 2: 00 00
ESP encryption: 0x0002 (AES-128)
ESP HMAC: 0x0001 (MD5)
ESP key lifetime: 1200 seconds
ESP key lifetime: 0 bytes
ESP replay protection: 1
Unknown attr 0x4015 len 4: 00 00 00 00
ESP port: 4500
ESP to SSL fallback: 15 seconds
Unknown attr 0x4018 len 4: 00 00 00 3c
Received internal Legacy IP address <internal-ip>
Received netmask 255.255.255.255
Received internal gateway address <internal-gw>
Unknown attr 0x400c len 1: 00
Unknown attr 0x400d len 1: 00
Unknown attr 0x400e len 1: 00
Unknown attr 0x401b len 1: 00
Unknown attr 0x401c len 1: 00
64 bytes of ESP secrets
ESP SPI (outbound): de023049
> 0000:  00 00 0a 4c 00 00 00 01  00 00 00 c0 00 00 00 05  |...L............|
> 0010:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 0020:  21 20 24 00 00 00 00 00  00 00 00 b0 00 00 00 94  |! $.............|
> 0030:  01 00 00 00 d1 28 5a 0c  00 40 86 85 b6 22 10 55  |.....(Z..@...".U|
> 0040:  8f 6d 0d 9d 15 ef a7 9c  ae ed c8 9d 3c 59 6a b1  |.m..........<Yj.|
> 0050:  2e ee ce 0a 6d 3e ef e5  f5 ec 00 00 00 00 00 00  |....m>..........|
> 0060:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 0070:  00 00 00 00 00 00 00 00  00 00 49 30 02 de 00 40  |..........I0...@|
> 0080:  3b e5 ed f8 b5 1c 37 a8  34 cd 8d 65 ba bb 1c c2  |;.....7.4..e....|
> 0090:  ca 9b 36 92 db 85 fb 7b  1c 7c de 47 ce 84 8b a2  |..6....{.|.G....|
> 00a0:  82 8b ba d1 41 84 98 16  39 30 0e f7 a8 da 6b 53  |....A...90....kS|
> 00b0:  28 d9 1e 6a a4 fa 08 08  f1 39 dd f1 27 cb 64 c6  |(..j.....9..'.d.|
> 0000:  00 00 0a 4c 00 00 00 05  00 00 00 18 00 00 00 06  |...L............|
> 0010:  6e 63 6d 6f 3d 31 0a 00                           |ncmo=1..|
< 0000:  00 00 0a 4c 00 00 00 01  00 00 00 80 00 00 01 fe  |...L............|
< 0010:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
< 0020:  21 20 24 00 00 00 00 00  00 00 00 70 00 00 00 54  |! $........p...T|
< 0030:  01 00 00 00 60 29 08 2b  00 40 76 91 da 75 e0 80  |....`).+.@v..u..|
< 0040:  38 52 bc 35 4e bb ca d1  fe e0 e7 bd 1a 9a 3c 8e  |8R.5N.........<.|
< 0050:  2c c4 dd 51 0f 9a 1b ba  b7 2a f7 e6 7a 6f 1f 49  |,..Q.....*..zo.I|
< 0060:  84 02 f1 19 8f bd 22 67  f2 45 c7 10 51 6e 70 03  |......"g.E..Qnp.|
64 bytes of ESP secrets
ESP SPI (outbound): 2b082960

_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel

dead connection after "Error in the pull function"

Reply via email to