Re: Unknown DTLS packets

On Fri, Apr 13, 2018 at 11:13 AM, Charles Wise wrote: > It shows 1322 both with and without the '-m 1322'. And now it's > working at full speed, both with and without the '-m 1322'. I checked > the config before and after the failures and the '-m 1322' is the only > difference.

Re: Unknown DTLS packets

On Fri, Apr 13, 2018 at 5:39 AM, Charles Wise wrote: > I'm confused as well. But it reliably fails w/o setting the explicit > MTU in the arguments. > > What command(s) do I run to tell what MTU value is _really_ being > used? This is FreeBSD 11.1-RELEASE-p7 (pfSense

Re: Unknown DTLS packets

It's possible that this is related to the issue I reported in january (http://lists.infradead.org/pipermail/openconnect-devel/2018-January/004647.html), which involves a bug in gnutls. The bug has been fixed upstream, but debian stable and ubuntu have not taken new versions of gnutls 3.5 or 3.6

Re: Unknown DTLS packets

On Thu, Apr 12, 2018 at 8:18 PM, Charles Wise wrote: > Looks like it's the MTU. I did the - and --dump and the output > said the MTU should be 1322 (DTLS option X-DTLS-MTU : 1322). When I > enable DTLS and _don't_ set the MTU, I run iperf3 and the traffic > drops to zero

Re: Unknown DTLS packets

On Thu, Apr 12, 2018 at 5:34 AM, Charles Wise wrote: > Hello, I'm using the latest version - OpenConnect version > v7.08-unknown - on FreeBSD ARM. Is that big-endian or little-endian? (Have you tested on a more conventional system, say, Linux or BSD on arm64?) > I have to

Unknown DTLS packets

Hello, I'm using the latest version - OpenConnect version v7.08-unknown - on FreeBSD ARM. I have to disable DTLS (--no-dtls) or my VPN connection is unusable and spits out lots of unknown DTLS values. Is this a known issue? I don't know the Cisco AnyConnect server version but I can ask my IT