UDP connection stalled
Description of problem:
Any new connection stalls after a few minutes, even when UDP has been disabled
some configuration
tcp-port = 443
udp-port = 443
# no-udp = true # set , but did not help
...
dpd = 90
mobile-dpd = 300 # set it to lower number but did not help
...
Is there any configuration by which I can eliminate this issue?
Version of ocserv used:
ocserv --version
ocserv 1.1.6
Compiled with: seccomp, radius, gssapi, PAM, PKCS#11, AnyConnect
GnuTLS version: 3.6.13
Client used:
Android OpenConnet version 1.05
Why this version?
Because none of other versions work
- OpenConnect 1.15 does not connect at all
- AnyConnect v5+ does not connect at all
- Many SSL VPN app on play store, none could connect (e.g. Oneconnect failed to connect no content-length header )
I live in Iran and a terrible censorship has been applied to all ISPs
client log:
After connection, it keeps trying for new DTLS connection
...
...
23:04:37 LIB: DTLS initialised. DPD 300, Keepalive 32400
23:27:23 LIB: Attempt new DTLS connection
23:27:36 LIB: DTLS handshake timed out
23:27:36 LIB: DTLS handshake failed: Resource temporarily unavailable, try again.
Distributor of ocserv
cat /etc/os-*
NAME="Ubuntu"
VERSION="20.04.5 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.5 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
How reproducible:
Describe the steps to reproduce the issue:
- installing OpenConnect 1.05 apk
- regular ocserv configuration with Lets Encrypt certificate
Actual results:
After a few minutes there will be no connection to the server. (no ping)
Expected results:
Not losing the connectivity to ocserv server.
Edited by Shakiba Moshiri