Missing --no-dtls option

Bug #1500826 reported by Martin Smith on 2015-09-29
This bug affects 5 people
Affects Status Importance Assigned to Milestone
network-manager-openconnect (Ubuntu)

Bug Description

After upgrading to 15.10 a few weeks earlier than release (29 Sep 2015), I noticed DTLS stopped working in openconnect. However, I found a workaround which was to use --no-dtls. But there's no way to pass this option from Network Manager as far as I can tell (no config file option or GUI).

Please advise if there's a workaround (or if the options are documented anywhere).

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: network-manager-openconnect-gnome 1.0.2-1build1
ProcVersionSignature: Ubuntu 4.2.0-11.13-generic 4.2.1
Uname: Linux 4.2.0-11-generic x86_64
ApportVersion: 2.19-0ubuntu1
Architecture: amd64
CurrentDesktop: GNOME
Date: Tue Sep 29 06:10:33 2015
InstallationDate: Installed on 2014-07-02 (453 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: network-manager-openconnect
UpgradeStatus: Upgraded to wily on 2015-09-29 (0 days ago)

Martin Smith (martinb3) wrote :
Changed in network-manager-openconnect:
importance: Unknown → Wishlist
status: Unknown → Confirmed
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openconnect (Ubuntu):
status: New → Confirmed
Peter Ruibal (fmoo) wrote :

Is there a bounty program for wishlist features? Happy to sponsor development of this.

dwmw2 (dwmw2) wrote :

This is https://bugzilla.gnome.org/show_bug.cgi?id=702154 — it's not hard to implement, but you really shouldn't *need* to disable DTLS. We should use it only when it's working.

Alex Murray (alexmurray) wrote :

@dwmw2 - are there any logs etc I can capture to help debug this to get the dtls fallback or whatnot working correctly?

dwmw2 (dwmw2) wrote :

If it really is resolved by using --no-dtls then show output with DTLS enabled and with '-vv' on the command line. Make sure you're using up-to-date GnuTLS and OpenConnect though.

FlashBuster (flashbuster) wrote :

Today, i've spent several hours hunting this down.
I've finally figured out, that my OpenVPN connection becomes unresponsive after visiting 2-3 websites, because my DSL router (Speedport W921V) "detects" some UDP connections as DoS attack.
This seems to be a problem of several routers and unfortunately there is no way to configure the router firewall.

Now, if i start the VPN manually with the --no-dtls option the connection works fine.
I'd really love to have this configurable in NetworkManager because i'm used to use the NetworkManager and not the openconnect CLI client.

For searchability: The router log message says "DoS(Denial of Service) Angriff fragmentation flood wurde entdeckt. (FW101)".

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.