Ubuntu
network-manager-openconnect package

Missing --no-dtls option

Bug #1500826 reported by Martin Smith
30
This bug affects 6 people
Affects Status Importance Assigned to Milestone
network-manager-openconnect
Unknown
Unknown
network-manager-openconnect (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

After upgrading to 15.10 a few weeks earlier than release (29 Sep 2015), I noticed DTLS stopped working in openconnect. However, I found a workaround which was to use --no-dtls. But there's no way to pass this option from Network Manager as far as I can tell (no config file option or GUI).

Please advise if there's a workaround (or if the options are documented anywhere).

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: network-manager-openconnect-gnome 1.0.2-1build1
ProcVersionSignature: Ubuntu 4.2.0-11.13-generic 4.2.1
Uname: Linux 4.2.0-11-generic x86_64
ApportVersion: 2.19-0ubuntu1
Architecture: amd64
CurrentDesktop: GNOME
Date: Tue Sep 29 06:10:33 2015
InstallationDate: Installed on 2014-07-02 (453 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: network-manager-openconnect
UpgradeStatus: Upgraded to wily on 2015-09-29 (0 days ago)

Revision history for this message
Martin Smith (martinb3) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in network-manager-openconnect:
importance: Unknown → Wishlist
status: Unknown → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openconnect (Ubuntu):
status: New → Confirmed
Revision history for this message
Peter Ruibal (fmoo) wrote :

Is there a bounty program for wishlist features? Happy to sponsor development of this.

Revision history for this message
dwmw2 (dwmw2) wrote :

This is https://bugzilla.gnome.org/show_bug.cgi?id=702154 — it's not hard to implement, but you really shouldn't *need* to disable DTLS. We should use it only when it's working.

Revision history for this message
Alex Murray (alexmurray) wrote :

@dwmw2 - are there any logs etc I can capture to help debug this to get the dtls fallback or whatnot working correctly?

Revision history for this message
dwmw2 (dwmw2) wrote :

If it really is resolved by using --no-dtls then show output with DTLS enabled and with '-vv' on the command line. Make sure you're using up-to-date GnuTLS and OpenConnect though.

Revision history for this message
FlashBuster (flashbuster) wrote :

Today, i've spent several hours hunting this down.
I've finally figured out, that my OpenVPN connection becomes unresponsive after visiting 2-3 websites, because my DSL router (Speedport W921V) "detects" some UDP connections as DoS attack.
This seems to be a problem of several routers and unfortunately there is no way to configure the router firewall.

Now, if i start the VPN manually with the --no-dtls option the connection works fine.
I'd really love to have this configurable in NetworkManager because i'm used to use the NetworkManager and not the openconnect CLI client.

For searchability: The router log message says "DoS(Denial of Service) Angriff fragmentation flood wurde entdeckt. (FW101)".

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

I am manually updating the remote bug link. See bug #1982416.

Changed in network-manager-openconnect:
importance: Wishlist → Unknown
status: Confirmed → Unknown
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.