Description of problem: When applying updates to Fedora 17 on Thursday 28 June 2012, after the process was complete, I was unable to make VPN connections to Cisco AnyConnect VPN portals. Backing out the update returned proper fuctionality. Version-Release number of selected component (if applicable): openconnect-4.00-1.fc17.x86_64 How reproducible: Every time, to multiple VPN portals Steps to Reproduce: 1. Install security update (to 4.00-1) 2. Try to connect to VPN (Cisco 2811 router); NetworkManager reports failure 3. Downgrade to openconnect-3.18-1.fc17.x86_64, and to its dependencies 4. Connection to the same VPN works Actual results: /var/log/messages shows error "openconnect[2896]: SSL connection failure: A TLS fatal alert has been received." when version 4.00-1 is installed Expected results: Connection established, which was achieve by rolling back the update. Additional info: Cisco 2811 and 3841 routers, with GoDaddy certificates, running Cisco AnyConnect. IOS version is not known, but is recent.
If you attempt to connect with openconnect on the command line, with the '-v' option, what do you see? Run 'openconnect -v <yourserver>' and show me the full output, please. You can send it in private email (to dwmw2) if you prefer. If you are also able to capture a packet trace with tcpdump when you connect with both old and new openconnect, that would also be helpful. Some servers (or their firewalls) are very picky about the precise TLS options which are negotiated, and there may be some difference here... although I thought I'd made sure it the GnuTLS and OpenSSL versions were identical.
Does the build at http://koji.fedoraproject.org/koji/taskinfo?taskID=4207628 fix this?
(In reply to comment #1) > Run 'openconnect -v <yourserver>' and show me the full output, please. You > can send it in private email (to dwmw2) if you prefer. $ openconnect -v [redacted].com Attempting to connect to [redacted].200:443 SSL negotiation with [redacted].com SSL connection failure: A TLS fatal alert has been received. Failed to open HTTPS connection to [redacted].com Failed to obtain WebVPN cookie
(In reply to comment #2) > Does the build at http://koji.fedoraproject.org/koji/taskinfo?taskID=4207628 > fix this? Built a new Fedora 17 system on a 686 machine. Verified the same result on that machine ----- Installed openconnect-4.02-2.fc17.i686.rpm Installed openconnect-lib-compat-4.02-2.fc17.i686.rpm # openconnect -v [redacted].com Attempting to connect to[redacted].200:443 SSL negotiation with [redacted].com SSL connection failure: A TLS fatal alert has been received. Failed to open HTTPS connection to [redacted].com Failed to obtain WebVPN cookie ----- Installed: openconnect-3.18-1.fc17.i686 NetworkManager-openconnect.i686 0:0.9.3.997-1.fc17 # openconnect -v [redacted].com Attempting to connect to [redacted].200:443 SSL negotiation with [redacted].com Server certificate verify failed: unable to get local issuer certificate Certificate from VPN server "[redacted].com" failed verification. Reason: unable to get local issuer certificate Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on [redacted].com GET https://[redacted].com/ Got HTTP response: HTTP/1.1 303 See Other Content-Type: text/html Content-Length: 0 Location: https://[redacted].com:443/webvpn.html Set-Cookie: webvpncontext=00@OFFICE_CTX; path=/ Connection: Keep-Alive HTTP body length: (0) GET https://[redacted].com/webvpn.html Got HTTP response: HTTP/1.1 200 OK Cache-Control: max-age=0 Content-Type: text/html Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/ Set-Cookie: webvpncontext=00@OFFICE_CTX; path=/ X-Transcend-Version: 1 Content-Length: 473 Connection: close HTTP body length: (473) Fixed options give Please enter your username and password. USERNAME:[redacted] PASSWORD:[redacted] SSL negotiation with [redacted].com Server certificate verify failed: unable to get local issuer certificate Connected to HTTPS on [redacted].com POST https://[redacted].com/webvpn.html Got HTTP response: HTTP/1.1 200 OK Cache-Control: max-age=0 Content-Type: text/html Set-Cookie: webvpncontext=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/ Set-Cookie: webvpn=<elided>; path=/ Set-Cookie: webvpnc=p:t&bu:/CACHE/webvpn/stc/&iu:1/&sh:5C36FFE3AEC06E62AE348C7DDA295F2BC45ACBCF&; path=/ X-Transcend-Version: 1 Content-Length: 147 Connection: Keep-Alive HTTP body length: (147) Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Address: 10.4.198.38 X-CSTP-Netmask: 255.255.255.0 X-CSTP-Keep: true X-CSTP-DNS: 172.16.5.12 X-CSTP-Lease-Duration: 43200 X-CSTP-MTU: 1406 X-CSTP-Split-Include: 10.0.0.0/255.0.0.0 X-CSTP-Split-Include: 172.16.0.0/255.240.0.0 X-CSTP-DPD: 300 X-CSTP-Keepalive: 30 X-CSTP-MSIE-Proxy: auto CSTP connected. DPD 300, Keepalive 30 Connected tun0 as 10.4.198.38, using SSL No work to do; sleeping for 29000 ms... Send CSTP Keepalive No work to do; sleeping for 30000 ms...
OK, can I have the tcpdump captures please? Or better still, let me know the precise address of the server and I can do some basic testing here to work out what the difference is. These servers are just a web server which is publicly accessible; they'll be receiving hundreds if not thousands of "random" connections a day; naming them doesn't hurt as long as you don't give usernames/passwords/etc. But if you'd be happier sending it in private email, that's OK.
How about http://koji.fedoraproject.org/koji/taskinfo?taskID=4211343 ? It's possibly not the use of SSLv3 vs. TLSv1, but the choice of cipher. We were restricting the ciphers that GnuTLS would use to only AES, and I know of at least one server out there which will accept only 3DES so is fixed by this version but not my previous test build. (Thankfully not everyone redacts their server addresses, so I get to make sure that openconnect actually keeps working for them... :)
Server address provided under separate cover.
openconnect-4.03-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/openconnect-4.03-1.fc17
openconnect-4.03-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/openconnect-4.03-1.fc16
openconnect-4.03-1.fc17.i686 openconnect-lib-compat-4.03-1.fc17.i686 When installed in my test system, I was able to connect and establish a tunnel. Thank you.
Thanks for testing. It's still suboptimal that you don't seem to have DTLS support. Without that, you end up doing TCP over TCP, which is very bad for performance. If you can capture a packet trace of the *UDP* packets between a real Cisco client and the server (if indeed the Cisco clients *do* manage to do DTLS given the restricted cipher set that your server permits), that would be very enlightening. I particularly need to see the cipher suites that are listed in the ClientHello/ServerHello part of the DTLS exchange.
Package openconnect-4.03-1.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openconnect-4.03-1.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-10153/openconnect-4.03-1.fc17 then log in and leave karma (feedback).
openconnect-4.04-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/openconnect-4.04-1.fc17
openconnect-4.04-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/openconnect-4.04-1.fc16
openconnect-4.04-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
openconnect-4.04-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
cuts people with objects , buy items on the web pirshing , steals, zaffis, sasser, AES to high ! starts 356 to 1024
Just updated a fedora 16 system to fedora 17 and am seeing the same inability to connect to Cisco DSL VPN.
Kayvan: You are unable to connect with Fedora 17 to a Cisco VPN server that was *working* with Fedora 16? Please could you report the exact versions of OpenConnect that you were using in Fedora 16 and 17? They should be 4.06 and 4.07 respectively, and nothing in that update should have changed anything. Please could you let me have (in private email if you prefer) the address of the VPN server. If it's the same bug, I should be able to reproduce fairly easily without having to try to log in at all. I don't think it *is* the same bug though, and I don't quite understand how it can even be anything similar.
Yes, it was working with Fedora 16. In fact, it works with another Fedora 16 system I have. It may not be the same bug. The Cisco SSL VPN is at vpn.playdom.com I have attached the transcript of openconnect -v for both F16 and F17. Looks like the only difference I see is Dead Peer Detection is getting activated in the F17 case.
Created attachment 649947 [details] F16 openconnect -v transcript
Created attachment 649948 [details] F17 openconnect -v transcript
Additional info: I just spun up a Fedora 16 Live CD on VirtualBox and did: yum install openconnect openconnect -v myserver and in another terminal window: ping internal-server-name 978 packets transmitted, 978 received, 0% packet loss, time 978625ms. Then I did the same with the Fedora 17 Live CD, with similar results. No packet loss and a reliable connection that seems solid. However, the VirtalBox host, my machine that I upgraded from F16 to F17 (that used to work reliably with the Cisco VPN when it was on Fedora 16) only stays on the VPN for a minute or two before hanging and giving me the Dead Peer Detection messages in the openconnect log. Any ideas?
Your *failing* version says: CSTP connected. DPD 30, Keepalive 20 RTNETLINK answers: Network is unreachable Can you show the output of 'ip route' and 'ip route get 209.66.74.34' from each system (working and non-working)? I wonder if in the latter case, your packets to the VPN server are actually being routed *through* the VPN (which is going to recurse and never work). Can you try using the latest vpnc-script as described at http://www.infradead.org/openconnect/vpnc-script.html ?
Sorry, I meant to be cleared: Those 'ip route' commands should be run when you have just connected the VPN, before it disconnects. I'd like to see the situation while it's connected.
On the failing one: $ ip route get 209.66.74.34 209.66.74.34 via 192.168.0.1 dev em1 src 192.168.0.35 cache $ ip route default via 192.168.0.1 dev em1 proto static 10.0.0.0/8 dev tun0 scope link 10.217.128.0/19 dev tun0 scope link 10.217.142.0/24 dev tun0 scope link 10.217.148.23 dev tun0 scope link 10.217.148.24 dev tun0 scope link 10.217.160.0/22 dev tun0 scope link 10.217.164.0/23 dev tun0 scope link 139.104.0.0/16 dev tun0 scope link 153.6.0.0/16 dev tun0 scope link 153.7.0.0/16 dev tun0 scope link 153.8.0.0/16 dev tun0 scope link 157.23.0.0/16 dev tun0 scope link 160.1.0.0/16 dev tun0 scope link 167.13.0.0/16 dev tun0 scope link 172.16.0.0/12 dev tun0 scope link 172.16.10.0/24 dev tun0 scope link 172.17.0.0/16 dev tun0 scope link 172.18.0.0/16 dev tun0 scope link 172.19.0.0/16 dev tun0 scope link 192.124.33.0/24 dev tun0 scope link 192.168.0.0/16 dev tun0 scope link 192.168.0.0/16 dev em1 proto none metric 1 notify 192.195.63.0/24 dev tun0 scope link 192.195.65.0/24 dev tun0 scope link 192.195.67.0/24 dev tun0 scope link 198.102.219.0/24 dev tun0 scope link 198.178.187.0/24 dev tun0 scope link 198.178.188.0/24 dev tun0 scope link 198.178.189.0/24 dev tun0 scope link 198.180.195.0/24 dev tun0 scope link 198.200.186.0/24 dev tun0 scope link 198.252.254.0/24 dev tun0 scope link 199.88.194.0/24 dev tun0 scope link 199.107.110.0/24 dev tun0 scope link 199.181.130.0/24 dev tun0 scope link 204.75.167.0/24 dev tun0 scope link 204.87.208.0/24 dev tun0 scope link 204.238.46.0/24 dev tun0 scope link 206.18.65.0/24 dev tun0 scope link 206.18.95.0/24 dev tun0 scope link 208.246.35.0/24 dev tun0 scope link 209.66.74.34 via 192.168.0.1 dev em1 src 192.168.0.35 On the working one (the Fedora 17 virtual machine running in VirtualBox on the failing host): $ ip route get 209.66.77.34 209.66.77.34 via 10.0.2.2 dev p2p1 src 10.0.2.15 cache $ ip route default via 10.0.2.2 dev p2p1 proto static 10.0.0.0/8 dev tun0 scope link 10.0.2.0/24 dev p2p1 proto kernel scope link src 10.0.2.15 10.217.128.0/19 dev tun0 scope link 10.217.142.0/24 dev tun0 scope link 10.217.148.23 dev tun0 scope link 10.217.148.24 dev tun0 scope link 10.217.160.0/22 dev tun0 scope link 10.217.164.0/23 dev tun0 scope link 139.104.0.0/16 dev tun0 scope link 153.6.0.0/16 dev tun0 scope link 153.7.0.0/16 dev tun0 scope link 153.8.0.0/16 dev tun0 scope link 157.23.0.0/16 dev tun0 scope link 160.1.0.0/16 dev tun0 scope link 167.13.0.0/16 dev tun0 scope link 172.16.0.0/12 dev tun0 scope link 172.16.10.0/24 dev tun0 scope link 172.17.0.0/16 dev tun0 scope link 172.18.0.0/16 dev tun0 scope link 172.19.0.0/16 dev tun0 scope link 192.124.33.0/24 dev tun0 scope link 192.168.0.0/16 dev tun0 scope link 192.195.63.0/24 dev tun0 scope link 192.195.65.0/24 dev tun0 scope link 192.195.67.0/24 dev tun0 scope link 198.102.219.0/24 dev tun0 scope link 198.178.187.0/24 dev tun0 scope link 198.178.188.0/24 dev tun0 scope link 198.178.189.0/24 dev tun0 scope link 198.180.195.0/24 dev tun0 scope link 198.200.186.0/24 dev tun0 scope link 198.252.254.0/24 dev tun0 scope link 199.88.194.0/24 dev tun0 scope link 199.107.110.0/24 dev tun0 scope link 199.181.130.0/24 dev tun0 scope link 204.75.167.0/24 dev tun0 scope link 204.87.208.0/24 dev tun0 scope link 204.238.46.0/24 dev tun0 scope link 206.18.65.0/24 dev tun0 scope link 206.18.95.0/24 dev tun0 scope link 208.246.35.0/24 dev tun0 scope link 209.66.74.34 via 10.0.2.2 dev p2p1 src 10.0.2.15
Thank you for the help in debugging this. I used the newest script and it made no difference. It still times out with the same symptoms: $ sudo openconnect -v --script ~/vpnc-script-20121122 vpn.playdom.com Attempting to connect to 209.66.74.34:443 SSL negotiation with vpn.playdom.com Server certificate verify failed: signer not found Certificate from VPN server "vpn.playdom.com" failed verification. Reason: signer not found Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on vpn.playdom.com GET https://vpn.playdom.com/ Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=UTF-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Fri, 23 Nov 2012 03:07:26 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) SSL negotiation with vpn.playdom.com Server certificate verify failed: signer not found Connected to HTTPS on vpn.playdom.com GET https://vpn.playdom.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Fixed options give Please enter your username and password. Username:XXXXXXXXXXXX Password: POST https://vpn.playdom.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=<elided>; path=/; secure Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:1BB70FDEAB5A89FEC5EDD5D1796DE7B589AFF6CB&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest; path=/; secure Set-Cookie: webvpnx= X-Transcend-Version: 1 HTTP body chunked (-2) TCP_INFO rcv mss 971, snd mss 1380, adv mss 1460, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Address: 10.217.142.152 X-CSTP-Netmask: 255.255.255.0 X-CSTP-DNS: 10.217.148.23 X-CSTP-DNS: 10.217.148.24 X-CSTP-Lease-Duration: 864000 X-CSTP-Session-Timeout: 864000 X-CSTP-Idle-Timeout: 7200 X-CSTP-Disconnected-Timeout: 7200 X-CSTP-Default-Domain: corp.playdom.com X-CSTP-Split-Include: 172.17.0.0/255.255.0.0 X-CSTP-Split-Include: 172.19.0.0/255.255.0.0 X-CSTP-Split-Include: 172.18.0.0/255.255.0.0 X-CSTP-Split-Include: 10.217.128.0/255.255.224.0 X-CSTP-Split-Include: 172.16.10.0/255.255.255.0 X-CSTP-Split-Include: 10.217.160.0/255.255.252.0 X-CSTP-Split-Include: 10.217.164.0/255.255.254.0 X-CSTP-Split-Include: 139.104.0.0/255.255.0.0 X-CSTP-Split-Include: 153.6.0.0/255.255.0.0 X-CSTP-Split-Include: 153.7.0.0/255.255.0.0 X-CSTP-Split-Include: 153.8.0.0/255.255.0.0 X-CSTP-Split-Include: 157.23.0.0/255.255.0.0 X-CSTP-Split-Include: 160.1.0.0/255.255.0.0 X-CSTP-Split-Include: 167.13.0.0/255.255.0.0 X-CSTP-Split-Include: 192.124.33.0/255.255.255.0 X-CSTP-Split-Include: 192.195.63.0/255.255.255.0 X-CSTP-Split-Include: 192.195.65.0/255.255.255.0 X-CSTP-Split-Include: 192.195.67.0/255.255.255.0 X-CSTP-Split-Include: 198.102.219.0/255.255.255.0 X-CSTP-Split-Include: 198.178.187.0/255.255.255.0 X-CSTP-Split-Include: 198.178.188.0/255.255.255.0 X-CSTP-Split-Include: 198.178.189.0/255.255.255.0 X-CSTP-Split-Include: 198.180.195.0/255.255.255.0 X-CSTP-Split-Include: 198.200.186.0/255.255.255.0 X-CSTP-Split-Include: 198.252.254.0/255.255.255.0 X-CSTP-Split-Include: 199.88.194.0/255.255.255.0 X-CSTP-Split-Include: 199.107.110.0/255.255.255.0 X-CSTP-Split-Include: 199.181.130.0/255.255.255.0 X-CSTP-Split-Include: 204.87.208.0/255.255.255.0 X-CSTP-Split-Include: 204.238.46.0/255.255.255.0 X-CSTP-Split-Include: 206.18.65.0/255.255.255.0 X-CSTP-Split-Include: 206.18.95.0/255.255.255.0 X-CSTP-Split-Include: 208.246.35.0/255.255.255.0 X-CSTP-Split-Include: 10.0.0.0/255.0.0.0 X-CSTP-Split-Include: 192.168.0.0/255.255.0.0 X-CSTP-Split-Include: 172.16.0.0/255.240.0.0 X-CSTP-Split-Include: 204.75.167.0/255.255.255.0 X-CSTP-Keep: true X-CSTP-Rekey-Time: 1800 X-CSTP-Rekey-Method: new-tunnel X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: EDD632CB6FEFC436D650F58FE188B55877A676E2AC5F71C8428F3928750AB3A9 X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-DTLS-Rekey-Time: 1800 X-CSTP-MTU: 958 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false CSTP connected. DPD 30, Keepalive 20 RTNETLINK answers: Network is unreachable DTLS option X-DTLS-Session-ID : EDD632CB6FEFC436D650F58FE188B55877A676E2AC5F71C8428F3928750AB3A9 DTLS option X-DTLS-Port : 443 DTLS option X-DTLS-Keepalive : 20 DTLS option X-DTLS-DPD : 30 DTLS option X-DTLS-Rekey-Time : 1800 DTLS option X-DTLS-CipherSuite : AES128-SHA DTLS connected. DPD 30, Keepalive 20 Connected tun0 as 10.217.142.152, using SSL No work to do; sleeping for 19000 ms... No work to do; sleeping for 19000 ms... Established DTLS connection (using OpenSSL) No work to do; sleeping for 19000 ms... Sent DTLS packet of 76 bytes; DTLS send returned 77 Sent DTLS packet of 76 bytes; DTLS send returned 77 No work to do; sleeping for 19000 ms... Sent DTLS packet of 76 bytes; DTLS send returned 77 No work to do; sleeping for 19000 ms... Received DTLS packet 0x00 of 135 bytes No work to do; sleeping for 19000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 19000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 19000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 19000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 19000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 19000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 19000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 19000 ms... Received DTLS packet 0x00 of 135 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 135 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 56 bytes; DTLS send returned 57 No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 57 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 18000 ms... Received DTLS packet 0x00 of 99 bytes No work to do; sleeping for 18000 ms... Sent DTLS packet of 60 bytes; DTLS send returned 61 No work to do; sleeping for 15000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 15000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 7000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 2000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 1000 ms... Sent DTLS packet of 60 bytes; DTLS send returned 61 No work to do; sleeping for 1000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 1000 ms... Send CSTP Keepalive No work to do; sleeping for 10000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 7000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 6000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 2000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 1000 ms... Send CSTP DPD No work to do; sleeping for 2000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 1000 ms... Send DTLS DPD No work to do; sleeping for 13000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 12000 ms... Sent DTLS packet of 80 bytes; DTLS send returned 81 No work to do; sleeping for 12000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 12000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 11000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 9000 ms... Sent DTLS packet of 65 bytes; DTLS send returned 66 No work to do; sleeping for 9000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 7000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 6000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 4000 ms... Sent DTLS packet of 65 bytes; DTLS send returned 66 No work to do; sleeping for 4000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 2000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 1000 ms... Send CSTP DPD No work to do; sleeping for 2000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 1000 ms... Sent DTLS packet of 65 bytes; DTLS send returned 66 No work to do; sleeping for 1000 ms... Send DTLS DPD No work to do; sleeping for 13000 ms... Sent DTLS packet of 80 bytes; DTLS send returned 81 No work to do; sleeping for 13000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 13000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 12000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 11000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 9000 ms... Sent DTLS packet of 65 bytes; DTLS send returned 66 No work to do; sleeping for 9000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 7000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 6000 ms... Sent DTLS packet of 81 bytes; DTLS send returned 82 No work to do; sleeping for 4000 ms... Sent DTLS packet of 85 bytes; DTLS send returned 86 No work to do; sleeping for 4000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 2000 ms... Sent DTLS packet of 70 bytes; DTLS send returned 71 No work to do; sleeping for 2000 ms... Sent DTLS packet of 61 bytes; DTLS send returned 62 No work to do; sleeping for 1000 ms... Send CSTP DPD No work to do; sleeping for 2000 ms... CSTP Dead Peer Detection detected dead peer! ^CFailed to reconnect to host vpn.playdom.com
Odd. It does look like you're losing connectivity to the VPN server somehow. We *did* have a bug in vpnc-script with newer kernels once, which ended up causing that. But this looks like something different. Firstly, can you add --no-dtls to the command line in all cases; let's eliminate DTLS from the equation and run *just* the single TCP connection. Then, please can you try running a 'ping vpn.playdom.com' in another terminal, before you connect and leaving it running as you connect. It should never stop... but I *suspect* in the case of your failing setup, it might? Also, can you run tcpdump somewhere suitable on your network and capture all traffic to/from the VPN server? For the VM case, running it on the outward-facing interface (eth0 or wlan0?) of the host would be OK. But really, as close to your upstream-facing router as possible. Ideally even outside any NAT or firewalling so we can see what packets you are *actually* spitting out onto the Internet. This is *definitely* not the original bug #836558, FWIW. But we might as well continue...
$ sudo openconnect -v --no-dtls --script ~/vpnc-script-20121122 vpn.playdom.com Attempting to connect to 209.66.74.34:443 SSL negotiation with vpn.playdom.com Server certificate verify failed: signer not found Certificate from VPN server "vpn.playdom.com" failed verification. Reason: signer not found Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on vpn.playdom.com GET https://vpn.playdom.com/ Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=UTF-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Sat, 24 Nov 2012 00:05:17 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) SSL negotiation with vpn.playdom.com Server certificate verify failed: signer not found Connected to HTTPS on vpn.playdom.com GET https://vpn.playdom.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Fixed options give Please enter your username and password. Username:XXXXXXXXXXXXX Password: POST https://vpn.playdom.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=<elided>; path=/; secure Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:1BB70FDEAB5A89FEC5EDD5D1796DE7B589AFF6CB&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest; path=/; secure Set-Cookie: webvpnx= X-Transcend-Version: 1 HTTP body chunked (-2) TCP_INFO rcv mss 971, snd mss 1380, adv mss 1460, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Address: 10.217.142.174 X-CSTP-Netmask: 255.255.255.0 X-CSTP-DNS: 10.217.148.23 X-CSTP-DNS: 10.217.148.24 X-CSTP-Lease-Duration: 864000 X-CSTP-Session-Timeout: 864000 X-CSTP-Idle-Timeout: 7200 X-CSTP-Disconnected-Timeout: 7200 X-CSTP-Default-Domain: corp.playdom.com X-CSTP-Split-Include: 172.17.0.0/255.255.0.0 X-CSTP-Split-Include: 172.19.0.0/255.255.0.0 X-CSTP-Split-Include: 172.18.0.0/255.255.0.0 X-CSTP-Split-Include: 10.217.128.0/255.255.224.0 X-CSTP-Split-Include: 172.16.10.0/255.255.255.0 X-CSTP-Split-Include: 10.217.160.0/255.255.252.0 X-CSTP-Split-Include: 10.217.164.0/255.255.254.0 X-CSTP-Split-Include: 139.104.0.0/255.255.0.0 X-CSTP-Split-Include: 153.6.0.0/255.255.0.0 X-CSTP-Split-Include: 153.7.0.0/255.255.0.0 X-CSTP-Split-Include: 153.8.0.0/255.255.0.0 X-CSTP-Split-Include: 157.23.0.0/255.255.0.0 X-CSTP-Split-Include: 160.1.0.0/255.255.0.0 X-CSTP-Split-Include: 167.13.0.0/255.255.0.0 X-CSTP-Split-Include: 192.124.33.0/255.255.255.0 X-CSTP-Split-Include: 192.195.63.0/255.255.255.0 X-CSTP-Split-Include: 192.195.65.0/255.255.255.0 X-CSTP-Split-Include: 192.195.67.0/255.255.255.0 X-CSTP-Split-Include: 198.102.219.0/255.255.255.0 X-CSTP-Split-Include: 198.178.187.0/255.255.255.0 X-CSTP-Split-Include: 198.178.188.0/255.255.255.0 X-CSTP-Split-Include: 198.178.189.0/255.255.255.0 X-CSTP-Split-Include: 198.180.195.0/255.255.255.0 X-CSTP-Split-Include: 198.200.186.0/255.255.255.0 X-CSTP-Split-Include: 198.252.254.0/255.255.255.0 X-CSTP-Split-Include: 199.88.194.0/255.255.255.0 X-CSTP-Split-Include: 199.107.110.0/255.255.255.0 X-CSTP-Split-Include: 199.181.130.0/255.255.255.0 X-CSTP-Split-Include: 204.87.208.0/255.255.255.0 X-CSTP-Split-Include: 204.238.46.0/255.255.255.0 X-CSTP-Split-Include: 206.18.65.0/255.255.255.0 X-CSTP-Split-Include: 206.18.95.0/255.255.255.0 X-CSTP-Split-Include: 208.246.35.0/255.255.255.0 X-CSTP-Split-Include: 10.0.0.0/255.0.0.0 X-CSTP-Split-Include: 192.168.0.0/255.255.0.0 X-CSTP-Split-Include: 172.16.0.0/255.240.0.0 X-CSTP-Split-Include: 204.75.167.0/255.255.255.0 X-CSTP-Keep: true X-CSTP-Rekey-Time: 1800 X-CSTP-Rekey-Method: new-tunnel X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: 1EA3C7330694FABA9804C1AB359252B92DC0F40DF5997A46295C2DE1E6A76122 X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-DTLS-Rekey-Time: 1800 X-CSTP-MTU: 958 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false CSTP connected. DPD 30, Keepalive 20 Connected tun0 as 10.217.142.174, using SSL No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 76 bytes Sending uncompressed data packet of 76 bytes Sending uncompressed data packet of 76 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 134 bytes No work to do; sleeping for 19000 ms... Sending uncompressed data packet of 56 bytes No work to do; sleeping for 19000 ms... Received uncompressed data packet of 134 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 134 bytes Sending uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 56 bytes Received uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 56 bytes Sending uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 56 bytes No work to do; sleeping for 19000 ms... Sending uncompressed data packet of 56 bytes No work to do; sleeping for 19000 ms... Received uncompressed data packet of 56 bytes Received uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 56 bytes Sending uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 61 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 56 bytes Received uncompressed data packet of 56 bytes Received uncompressed data packet of 98 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 56 bytes Sending uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 56 bytes Received uncompressed data packet of 56 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 61 bytes No work to do; sleeping for 18000 ms... Received uncompressed data packet of 120 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 61 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 120 bytes No work to do; sleeping for 20000 ms... Send CSTP Keepalive Sending uncompressed data packet of 62 bytes No work to do; sleeping for 10000 ms... Received uncompressed data packet of 78 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 70 bytes No work to do; sleeping for 8000 ms... Received uncompressed data packet of 86 bytes No work to do; sleeping for 20000 ms... Send CSTP Keepalive No work to do; sleeping for 10000 ms... Send CSTP DPD No work to do; sleeping for 15000 ms... Got CSTP DPD response No work to do; sleeping for 20000 ms... Send CSTP Keepalive No work to do; sleeping for 10000 ms... Sending uncompressed data packet of 65 bytes No work to do; sleeping for 7000 ms... Received uncompressed data packet of 265 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 65 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 265 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 61 bytes No work to do; sleeping for 5000 ms... Received uncompressed data packet of 237 bytes No work to do; sleeping for 20000 ms... Sending uncompressed data packet of 61 bytes No work to do; sleeping for 20000 ms... Received uncompressed data packet of 237 bytes No work to do; sleeping for 20000 ms... In /var/log/messages, I have this repeating message: Nov 23 16:42:25 ksylvan-laptop acvpnagent[1196]: Function: tableCallbackHandler File: RouteMgr.cpp Line: 1698 Invoked Function: recv Return Code: 11 (0x0000000B) Description: unknown Currently the laptop is on wireless and it seems to be a stable VPN connection(!!!!????) I'll do the same when connected to the wired connection and see what happens.
Now I am only on Wired connection. Pretty soon after this, my connection gets the dreaded Dead Peer Detected message. I'll repeat this with tcpdump running to see what we can find out. $ sudo openconnect -v --no-dtls --script ~/vpnc-script-20121122 vpn.playdom.com Attempting to connect to 209.66.74.34:443 SSL negotiation with vpn.playdom.com Server certificate verify failed: signer not found Certificate from VPN server "vpn.playdom.com" failed verification. Reason: signer not found Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on vpn.playdom.com GET https://vpn.playdom.com/ Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=UTF-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Sat, 24 Nov 2012 00:23:49 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) SSL negotiation with vpn.playdom.com Server certificate verify failed: signer not found Connected to HTTPS on vpn.playdom.com GET https://vpn.playdom.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Fixed options give Please enter your username and password. Username:XXXXXXXXXX Password: POST https://vpn.playdom.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=<elided>; path=/; secure Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:1BB70FDEAB5A89FEC5EDD5D1796DE7B589AFF6CB&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest; path=/; secure Set-Cookie: webvpnx= X-Transcend-Version: 1 HTTP body chunked (-2) TCP_INFO rcv mss 971, snd mss 1380, adv mss 1460, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Address: 10.217.142.175 X-CSTP-Netmask: 255.255.255.0 X-CSTP-DNS: 10.217.148.23 X-CSTP-DNS: 10.217.148.24 X-CSTP-Lease-Duration: 864000 X-CSTP-Session-Timeout: 864000 X-CSTP-Idle-Timeout: 7200 X-CSTP-Disconnected-Timeout: 7200 X-CSTP-Default-Domain: corp.playdom.com X-CSTP-Split-Include: 172.17.0.0/255.255.0.0 X-CSTP-Split-Include: 172.19.0.0/255.255.0.0 X-CSTP-Split-Include: 172.18.0.0/255.255.0.0 X-CSTP-Split-Include: 10.217.128.0/255.255.224.0 X-CSTP-Split-Include: 172.16.10.0/255.255.255.0 X-CSTP-Split-Include: 10.217.160.0/255.255.252.0 X-CSTP-Split-Include: 10.217.164.0/255.255.254.0 X-CSTP-Split-Include: 139.104.0.0/255.255.0.0 X-CSTP-Split-Include: 153.6.0.0/255.255.0.0 X-CSTP-Split-Include: 153.7.0.0/255.255.0.0 X-CSTP-Split-Include: 153.8.0.0/255.255.0.0 X-CSTP-Split-Include: 157.23.0.0/255.255.0.0 X-CSTP-Split-Include: 160.1.0.0/255.255.0.0 X-CSTP-Split-Include: 167.13.0.0/255.255.0.0 X-CSTP-Split-Include: 192.124.33.0/255.255.255.0 X-CSTP-Split-Include: 192.195.63.0/255.255.255.0 X-CSTP-Split-Include: 192.195.65.0/255.255.255.0 X-CSTP-Split-Include: 192.195.67.0/255.255.255.0 X-CSTP-Split-Include: 198.102.219.0/255.255.255.0 X-CSTP-Split-Include: 198.178.187.0/255.255.255.0 X-CSTP-Split-Include: 198.178.188.0/255.255.255.0 X-CSTP-Split-Include: 198.178.189.0/255.255.255.0 X-CSTP-Split-Include: 198.180.195.0/255.255.255.0 X-CSTP-Split-Include: 198.200.186.0/255.255.255.0 X-CSTP-Split-Include: 198.252.254.0/255.255.255.0 X-CSTP-Split-Include: 199.88.194.0/255.255.255.0 X-CSTP-Split-Include: 199.107.110.0/255.255.255.0 X-CSTP-Split-Include: 199.181.130.0/255.255.255.0 X-CSTP-Split-Include: 204.87.208.0/255.255.255.0 X-CSTP-Split-Include: 204.238.46.0/255.255.255.0 X-CSTP-Split-Include: 206.18.65.0/255.255.255.0 X-CSTP-Split-Include: 206.18.95.0/255.255.255.0 X-CSTP-Split-Include: 208.246.35.0/255.255.255.0 X-CSTP-Split-Include: 10.0.0.0/255.0.0.0 X-CSTP-Split-Include: 192.168.0.0/255.255.0.0 X-CSTP-Split-Include: 172.16.0.0/255.240.0.0 X-CSTP-Split-Include: 204.75.167.0/255.255.255.0 X-CSTP-Keep: true X-CSTP-Rekey-Time: 1800 X-CSTP-Rekey-Method: new-tunnel X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: B8D0F75D01EC0B4D625B1DA51B6AF978EC5D6B46531CB99B0F906F5B1A41410E X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-DTLS-Rekey-Time: 1800 X-CSTP-MTU: 958 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false CSTP connected. DPD 30, Keepalive 20 Connected tun0 as 10.217.142.175, using SSL No work to do; sleeping for 19000 ms... Sending uncompressed data packet of 76 bytes
Here's what the tcpdump looks like: $ sudo -i tcpdump 'host 209.66.74.34' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes 17:15:01.640377 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57938: Flags [.], ack 3061147757, win 8192, length 0 17:15:01.640436 IP ksylvan-laptop.57938 > 209.66.74.34.available.above.net.https: Flags [.], ack 1, win 15544, length 0 17:15:03.898897 IP ksylvan-laptop.57938 > 209.66.74.34.available.above.net.https: Flags [R.], seq 2, ack 1, win 15544, length 0 17:15:06.124293 IP ksylvan-laptop.57945 > 209.66.74.34.available.above.net.https: Flags [S], seq 2366119978, win 14600, options [mss 1460,sackOK,TS val 108600482 ecr 0,nop,wscale 7], length 0 17:15:06.132749 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [S.], seq 448154891, ack 2366119979, win 8192, options [mss 1380], length 0 17:15:06.132795 IP ksylvan-laptop.57945 > 209.66.74.34.available.above.net.https: Flags [.], ack 1, win 14600, length 0 17:15:06.181052 IP ksylvan-laptop.57945 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1:85, ack 1, win 14600, length 84 17:15:06.190671 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [.], ack 85, win 8192, length 0 17:15:06.191652 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [P.], seq 1:529, ack 85, win 8192, length 528 17:15:06.191687 IP ksylvan-laptop.57945 > 209.66.74.34.available.above.net.https: Flags [.], ack 529, win 15544, length 0 17:15:08.192505 IP ksylvan-laptop.57945 > 209.66.74.34.available.above.net.https: Flags [P.], seq 85:224, ack 529, win 15544, length 139 17:15:08.202635 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [.], ack 224, win 8192, length 0 17:15:08.202671 IP ksylvan-laptop.57945 > 209.66.74.34.available.above.net.https: Flags [P.], seq 224:271, ack 529, win 15544, length 47 17:15:08.211198 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [.], ack 271, win 8192, length 0 17:15:08.213311 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [P.], seq 529:576, ack 271, win 8192, length 47 17:15:08.213340 IP ksylvan-laptop.57945 > 209.66.74.34.available.above.net.https: Flags [.], ack 576, win 15544, length 0 17:15:08.213913 IP ksylvan-laptop.57945 > 209.66.74.34.available.above.net.https: Flags [P.], seq 271:446, ack 576, win 15544, length 175 17:15:08.224691 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [.], ack 446, win 8192, length 0 17:15:08.233130 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [P.], seq 576:892, ack 446, win 8192, length 316 17:15:08.233157 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [FP.], seq 892, ack 446, win 8192, length 0 17:15:08.233555 IP ksylvan-laptop.57945 > 209.66.74.34.available.above.net.https: Flags [F.], seq 446, ack 893, win 16616, length 0 17:15:08.233758 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [S], seq 1252895385, win 14600, options [mss 1460,sackOK,TS val 108602591 ecr 0,nop,wscale 7], length 0 17:15:08.241197 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57945: Flags [.], ack 447, win 8192, length 0 17:15:08.241929 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [S.], seq 3008347311, ack 1252895386, win 8192, options [mss 1380], length 0 17:15:08.241972 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 1, win 14600, length 0 17:15:08.242322 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1:85, ack 1, win 14600, length 84 17:15:08.252518 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 85, win 8192, length 0 17:15:08.253628 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 1:529, ack 85, win 8192, length 528 17:15:08.253655 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 529, win 15544, length 0 17:15:08.294279 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 85:224, ack 529, win 15544, length 139 17:15:08.304528 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 224, win 8192, length 0 17:15:08.304566 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 224:271, ack 529, win 15544, length 47 17:15:08.312896 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 271, win 8192, length 0 17:15:08.315078 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 529:576, ack 271, win 8192, length 47 17:15:08.315107 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 576, win 15544, length 0 17:15:08.315470 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 271:465, ack 576, win 15544, length 194 17:15:08.326460 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 465, win 8192, length 0 17:15:08.328863 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 576:1547, ack 465, win 8192, length 971 17:15:08.368828 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 1547, win 17478, length 0 17:15:14.082194 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 465:820, ack 1547, win 17478, length 355 17:15:14.094094 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 820, win 8192, length 0 17:15:14.107848 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 1547:2235, ack 820, win 8192, length 688 17:15:14.107891 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 2235, win 19420, length 0 17:15:14.108691 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 820:1388, ack 2235, win 19420, length 568 17:15:14.126964 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 1388, win 8192, length 0 17:15:14.139810 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 2235:3615, ack 1388, win 8192, length 1380 17:15:14.139835 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 3615:3813, ack 1388, win 8192, length 198 17:15:14.139859 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 3813, win 24840, length 0 17:15:14.141778 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 3813:4936, ack 1388, win 8192, length 1123 17:15:14.181819 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 4936, win 27600, length 0 17:15:15.001511 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1388:1491, ack 4936, win 27600, length 103 17:15:15.012406 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 1491, win 8192, length 0 17:15:15.013368 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 4936:5055, ack 1491, win 8192, length 119 17:15:15.013398 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 5055, win 27600, length 0 17:15:15.210727 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1491:1600, ack 5055, win 27600, length 109 17:15:15.234413 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 1600, win 8192, length 0 17:15:15.234464 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1600:1818, ack 5055, win 27600, length 218 17:15:15.252667 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 1818, win 8192, length 0 17:15:15.360768 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 5055:5222, ack 1818, win 8192, length 167 17:15:15.360817 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 5222, win 30360, length 0 17:15:15.361554 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1818:1907, ack 5222, win 30360, length 89 17:15:15.379052 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 5222:5389, ack 1818, win 8192, length 167 17:15:15.392998 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 1907, win 8192, length 0 17:15:15.393046 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1907:1996, ack 5389, win 33120, length 89 17:15:15.393058 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 5389:5478, ack 1907, win 8192, length 89 17:15:15.407167 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 5478:5645, ack 1907, win 8192, length 167 17:15:15.407254 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 5645, win 35880, length 0 17:15:15.425584 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 1996, win 8103, length 0 17:15:15.425640 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1996:2174, ack 5645, win 35880, length 178 17:15:15.425652 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 1996, win 8192, length 0 17:15:15.425662 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 5645:5734, ack 1996, win 8192, length 89 17:15:15.444082 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2174, win 8192, length 0 17:15:15.444123 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2174:2263, ack 5734, win 35880, length 89 17:15:15.444134 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 5734:5823, ack 2174, win 8192, length 89 17:15:15.444344 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 5823:5912, ack 2174, win 8192, length 89 17:15:15.444403 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 5912, win 35880, length 0 17:15:15.469234 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2263, win 8103, length 0 17:15:15.469300 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2263:2441, ack 5912, win 35880, length 178 17:15:15.469312 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2263, win 8192, length 0 17:15:15.469323 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 5912:6001, ack 2263, win 8192, length 89 17:15:15.479319 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2441, win 8192, length 0 17:15:15.479381 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2441:2530, ack 6001, win 35880, length 89 17:15:15.480022 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6001:6090, ack 2441, win 8192, length 89 17:15:15.480551 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6090:6179, ack 2441, win 8192, length 89 17:15:15.480655 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 6179, win 35880, length 0 17:15:15.497813 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2530, win 8103, length 0 17:15:15.497866 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2530:2708, ack 6179, win 35880, length 178 17:15:15.497878 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2530, win 8192, length 0 17:15:15.497888 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6179:6268, ack 2530, win 8192, length 89 17:15:15.534765 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2708, win 8192, length 0 17:15:15.534815 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2708:2797, ack 6268, win 35880, length 89 17:15:15.534826 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6268:6357, ack 2708, win 8192, length 89 17:15:15.535046 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6357:6446, ack 2708, win 8192, length 89 17:15:15.535099 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 6446, win 35880, length 0 17:15:15.563821 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2797, win 8103, length 0 17:15:15.563874 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2797:2886, ack 6446, win 35880, length 89 17:15:15.563886 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2797, win 8192, length 0 17:15:15.564117 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6446:6535, ack 2797, win 8192, length 89 17:15:15.587217 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2886, win 8192, length 0 17:15:15.587257 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6535:6624, ack 2886, win 8192, length 89 17:15:15.587350 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 6624, win 35880, length 0 17:15:18.211684 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2886:2980, ack 6624, win 35880, length 94 17:15:18.220774 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 2980, win 8192, length 0 17:15:18.221704 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6624:6755, ack 2980, win 8192, length 131 17:15:18.260811 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 6755, win 38640, length 0 17:15:38.242235 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2980:3013, ack 6755, win 38640, length 33 17:15:38.348605 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 3013, win 8192, length 0 17:15:43.453595 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3013:3108, ack 6755, win 38640, length 95 17:15:43.462716 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 3108, win 8192, length 0 17:15:43.463369 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6755:6866, ack 3108, win 8192, length 111 17:15:43.463399 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 6866, win 38640, length 0 17:15:43.633023 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3108:3211, ack 6866, win 38640, length 103 17:15:43.642006 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 3211, win 8192, length 0 17:15:43.666909 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 6866:7071, ack 3211, win 8192, length 205 17:15:43.666964 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 7071, win 41400, length 0 17:15:43.667648 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3211:3314, ack 7071, win 41400, length 103 17:15:43.676755 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [.], ack 3314, win 8192, length 0 17:15:43.677717 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.57946: Flags [P.], seq 7071:7276, ack 3314, win 8192, length 205 17:15:43.716842 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [.], ack 7276, win 41400, length 0 17:16:03.698125 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3314:3347, ack 7276, win 41400, length 33 17:16:03.923841 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3314:3347, ack 7276, win 41400, length 33 17:16:04.376823 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3314:3347, ack 7276, win 41400, length 33 17:16:05.281841 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3314:3347, ack 7276, win 41400, length 33 17:16:07.093838 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3314:3347, ack 7276, win 41400, length 33 17:16:10.713832 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3314:3347, ack 7276, win 41400, length 33 And around when it starts to fail: 17:16:44.009635 IP ksylvan-laptop.57955 > 209.66.74.34.available.above.net.https: Flags [S], seq 2318184515, win 14600, options [mss 1460,sackOK,TS val 108698367 ecr 0,nop,wscale 7], length 0 17:16:45.009836 IP ksylvan-laptop.57955 > 209.66.74.34.available.above.net.https: Flags [S], seq 2318184515, win 14600, options [mss 1460,sackOK,TS val 108699368 ecr 0,nop,wscale 7], length 0 17:16:47.013822 IP ksylvan-laptop.57955 > 209.66.74.34.available.above.net.https: Flags [S], seq 2318184515, win 14600, options [mss 1460,sackOK,TS val 108701372 ecr 0,nop,wscale 7], length 0 17:16:51.017840 IP ksylvan-laptop.57955 > 209.66.74.34.available.above.net.https: Flags [S], seq 2318184515, win 14600, options [mss 1460,sackOK,TS val 108705376 ecr 0,nop,wscale 7], length 0 17:16:59.033847 IP ksylvan-laptop.57955 > 209.66.74.34.available.above.net.https: Flags [S], seq 2318184515, win 14600, options [mss 1460,sackOK,TS val 108713392 ecr 0,nop,wscale 7], length 0 17:17:01.417847 IP ksylvan-laptop.57946 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3314:3347, ack 7276, win 41400, length 33 17:17:15.049839 IP ksylvan-laptop.57955 > 209.66.74.34.available.above.net.https: Flags [S], seq 2318184515, win 14600, options [mss 1460,sackOK,TS val 108729408 ecr 0,nop,wscale 7], length 0 17:17:57.114271 IP ksylvan-laptop.57956 > 209.66.74.34.available.above.net.https: Flags [S], seq 555046057, win 14600, options [mss 1460,sackOK,TS val 108771472 ecr 0,nop,wscale 7], length 0 17:17:58.115835 IP ksylvan-laptop.57956 > 209.66.74.34.available.above.net.https: Flags [S], seq 555046057, win 14600, options [mss 1460,sackOK,TS val 108772474 ecr 0,nop,wscale 7], length 0 17:18:00.121835 IP ksylvan-laptop.57956 > 209.66.74.34.available.above.net.https: Flags [S], seq 555046057, win 14600, options [mss 1460,sackOK,TS val 108774480 ecr 0,nop,wscale 7], length 0 17:18:04.129836 IP ksylvan-laptop.57956 > 209.66.74.34.available.above.net.https: Flags [S], seq 555046057, win 14600, options [mss 1460,sackOK,TS val 108778488 ecr 0,nop,wscale 7], length 0 17:18:12.137832 IP ksylvan-laptop.57956 > 209.66.74.34.available.above.net.https: Flags [S], seq 555046057, win 14600, options [mss 1460,sackOK,TS val 108786496 ecr 0,nop,wscale 7], length 0 17:18:28.169854 IP ksylvan-laptop.57956 > 209.66.74.34.available.above.net.https: Flags [S], seq 555046057, win 14600, options [mss 1460,sackOK,TS val 108802528 ecr 0,nop,wscale 7], length 0
It's actually starting to fail at about 17:15:43.677717. That is the last packet you receive from the server. After that, it's all outbound traffic from your laptop to the server... and nothing gets back. At this point, I'm inclined to blame something on your local network. Can you do the tcpdump somewhere upstream — on the router that actually connects you to the outside world, perhaps? Also: why is acvpnagent running? That's the Cisco client, which could be doing all kinds of weird things. Make it die.
Okay, uninstalled the Cisco client and here is a tcpdump of the dying session from my router machine: Script started on Sat 24 Nov 2012 11:35:48 PM PST # tcpdump 'host 209.66.74.34' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 23:36:17.895833 IP satyr.sylvan.com.60697 > 209.66.74.34.available.above.net.https: S 1243144552:1243144552(0) win 14600 <mss 1460,sackOK,timestamp 217872252 0,nop,wscale 7> 23:36:17.903015 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: S 1278782144:1278782144(0) ack 1243144553 win 8192 <mss 1380> 23:36:17.904041 IP satyr.sylvan.com.60697 > 209.66.74.34.available.above.net.https: . ack 1 win 14600 23:36:17.957776 IP satyr.sylvan.com.60697 > 209.66.74.34.available.above.net.https: P 1:85(84) ack 1 win 14600 23:36:17.965825 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: . ack 85 win 8192 23:36:17.967065 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: P 1:529(528) ack 85 win 8192 23:36:17.968064 IP satyr.sylvan.com.60697 > 209.66.74.34.available.above.net.https: . ack 529 win 15544 23:36:22.125629 IP satyr.sylvan.com.60697 > 209.66.74.34.available.above.net.https: P 85:224(139) ack 529 win 15544 23:36:22.134553 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: . ack 224 win 8192 23:36:22.135571 IP satyr.sylvan.com.60697 > 209.66.74.34.available.above.net.https: P 224:271(47) ack 529 win 15544 23:36:22.143179 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: . ack 271 win 8192 23:36:22.145136 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: P 529:576(47) ack 271 win 8192 23:36:22.146130 IP satyr.sylvan.com.60697 > 209.66.74.34.available.above.net.https: . ack 576 win 15544 23:36:22.146148 IP satyr.sylvan.com.60697 > 209.66.74.34.available.above.net.https: P 271:446(175) ack 576 win 15544 23:36:22.156484 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: . ack 446 win 8192 23:36:22.164893 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: P 576:892(316) ack 446 win 8192 23:36:22.165044 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: FP 892:892(0) ack 446 win 8192 23:36:22.165903 IP satyr.sylvan.com.60697 > 209.66.74.34.available.above.net.https: F 446:446(0) ack 893 win 16616 23:36:22.165938 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: S 3710510590:3710510590(0) win 14600 <mss 1460,sackOK,timestamp 217876523 0,nop,wscale 7> 23:36:22.172999 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60697: . ack 447 win 8192 23:36:22.174181 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: S 839516788:839516788(0) ack 3710510591 win 8192 <mss 1380> 23:36:22.175180 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 1 win 14600 23:36:22.175199 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 1:85(84) ack 1 win 14600 23:36:22.184794 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 85 win 8192 23:36:22.186024 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 1:529(528) ack 85 win 8192 23:36:22.187019 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 529 win 15544 23:36:22.217725 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 85:224(139) ack 529 win 15544 23:36:22.226703 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 224 win 8192 23:36:22.227703 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 224:271(47) ack 529 win 15544 23:36:22.235105 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 271 win 8192 23:36:22.237038 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 529:576(47) ack 271 win 8192 23:36:22.238030 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 271:465(194) ack 576 win 15544 23:36:22.246900 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 465 win 7998 23:36:22.247074 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 465 win 8192 23:36:22.249164 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 576:1547(971) ack 465 win 8192 23:36:22.290264 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 1547 win 17478 23:36:27.839413 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 465:820(355) ack 1547 win 17478 23:36:27.850538 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 820 win 8192 23:36:27.864612 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 1547:2235(688) ack 820 win 8192 23:36:27.865615 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 2235 win 19420 23:36:27.866694 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 820:1388(568) ack 2235 win 19420 23:36:27.880579 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 1388 win 8192 23:36:27.884864 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 2235:3615(1380) ack 1388 win 8192 23:36:27.885243 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 3615:3813(198) ack 1388 win 8192 23:36:27.885864 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 3813 win 24840 23:36:27.887086 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 3813:4936(1123) ack 1388 win 8192 23:36:27.928224 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 4936 win 27600 23:36:28.840663 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 1388:1505(117) ack 4936 win 27600 23:36:28.849861 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 1505 win 8192 23:36:28.871570 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 4936:5053(117) ack 1505 win 8192 23:36:28.872572 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 5053 win 27600 23:36:29.842658 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 1505:1622(117) ack 5053 win 27600 23:36:29.851139 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 1622 win 8192 23:36:29.873761 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5053:5170(117) ack 1622 win 8192 23:36:29.874763 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 5170 win 27600 23:36:30.843703 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 1622:1739(117) ack 5170 win 27600 23:36:30.851927 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 1739 win 8192 23:36:30.874059 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5170:5287(117) ack 1739 win 8192 23:36:30.875055 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 5287 win 27600 23:36:31.845009 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 1739:1856(117) ack 5287 win 27600 23:36:31.853196 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 1856 win 8192 23:36:31.875574 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5287:5404(117) ack 1856 win 8192 23:36:31.876573 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 5404 win 27600 23:36:32.846477 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 1856:1973(117) ack 5404 win 27600 23:36:32.854745 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 1973 win 8192 23:36:32.877354 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5404:5521(117) ack 1973 win 8192 23:36:32.878348 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 5521 win 27600 23:36:33.848101 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 1973:2090(117) ack 5521 win 27600 23:36:33.856271 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2090 win 8192 23:36:33.878404 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5521:5638(117) ack 2090 win 8192 23:36:33.879397 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 5638 win 27600 23:36:34.849477 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2090:2207(117) ack 5638 win 27600 23:36:34.857779 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2207 win 8192 23:36:34.879690 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5638:5755(117) ack 2207 win 8192 23:36:34.880682 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 5755 win 27600 23:36:35.850217 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2207:2324(117) ack 5755 win 27600 23:36:35.858322 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2324 win 8192 23:36:35.880452 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5755:5872(117) ack 2324 win 8192 23:36:35.881383 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: . ack 5872 win 27600 23:36:36.852029 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2324:2441(117) ack 5872 win 27600 23:36:36.860349 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2441 win 8192 23:36:36.882270 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:37.013349 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:37.062315 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2324:2441(117) ack 5872 win 27600 23:36:37.070505 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2441 win 8192 23:36:37.231386 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:37.485253 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2324:2441(117) ack 5872 win 27600 23:36:37.493540 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2441 win 8192 23:36:37.650711 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:38.331344 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2324:2441(117) ack 5872 win 27600 23:36:38.339350 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2441 win 8192 23:36:38.472656 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:39.861299 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:36:39.861323 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 48 23:36:39.861339 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:36:40.023280 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2324:2441(117) ack 5872 win 27600 23:36:40.031230 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2441 win 8192 23:36:40.100012 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:43.032299 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 48 23:36:43.032323 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:36:43.320618 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:43.403348 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2324:2441(117) ack 5872 win 27600 23:36:43.411295 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2441 win 8192 23:36:46.321301 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:36:46.321328 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 48 23:36:46.541266 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:49.542289 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:36:49.761951 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:50.171235 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2324:2441(117) ack 5872 win 27600 23:36:50.179300 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2441 win 8192 23:36:52.762287 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:36:52.762307 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 48 23:36:52.982596 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:55.983289 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:36:56.203271 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:36:59.204294 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:36:59.423931 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:37:02.424288 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:37:02.644576 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:37:03.723439 IP satyr.sylvan.com.60698 > 209.66.74.34.available.above.net.https: P 2324:2441(117) ack 5872 win 27600 23:37:03.731567 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: . ack 2441 win 8192 23:37:05.645291 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:37:05.645312 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 48 23:37:05.865460 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:5989(117) ack 2441 win 8192 23:37:06.905402 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5989:6022(33) ack 2441 win 8192 23:37:08.866288 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 165 23:37:08.866309 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 81 23:37:09.086129 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:6022(150) ack 2441 win 8192 23:37:12.086291 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 198 23:37:12.306780 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:6022(150) ack 2441 win 8192 23:37:15.307297 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 198 23:37:15.527400 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:6022(150) ack 2441 win 8192 23:37:18.528291 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 198 23:37:18.748096 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:6022(150) ack 2441 win 8192 23:37:21.748293 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 198 23:37:21.968736 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:6022(150) ack 2441 win 8192 23:37:24.969296 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 198 23:37:25.189420 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.60698: P 5872:6022(150) ack 2441 win 8192 ^C 138 packets captured 138 packets received by filter 0 packets dropped by kernel # exit Script done on Sat 24 Nov 2012 11:37:27 PM PST
23:36:36.882270 shows the server sending a packet of data (5872:5989) that the internal client doesn't ever seem to receive. The client just keeps acking as far as 5872, and no more. And eventually your router starts sending ICMP host unreachable in response to the active connection. Would be interesting to capture both internal and external tcpdump from the *same* connection — I'm comparing comment 31 and comment 33 which are different connections. But basically it looks like your NAT box is doing something odd. Not sure why a difference in OpenConnect would make any difference to that, though. Are you able to test this from a real connection without NAT, firewalling or any other brokenness?
No, I'm not able to test this from a direct connection. Here is the tcpdump output from the router machine and from the laptop, for the same session: First: From the router machine: Script started on Sun 25 Nov 2012 03:07:00 PM PST # tcpdump 'host 209.66.74.34' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 15:08:46.878190 IP satyr.sylvan.com.33939 > 209.66.74.34.available.above.net.https: S 4243900987:4243900987(0) win 14600 <mss 1460,sackOK,timestamp 273821238 0,nop,wscale 7> 15:08:46.885097 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: S 2254758891:2254758891(0) ack 4243900988 win 8192 <mss 1380> 15:08:46.886135 IP satyr.sylvan.com.33939 > 209.66.74.34.available.above.net.https: . ack 1 win 14600 15:08:46.943599 IP satyr.sylvan.com.33939 > 209.66.74.34.available.above.net.https: P 1:85(84) ack 1 win 14600 15:08:46.952110 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: . ack 85 win 8192 15:08:46.953111 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: P 1:529(528) ack 85 win 8192 15:08:46.954109 IP satyr.sylvan.com.33939 > 209.66.74.34.available.above.net.https: . ack 529 win 15544 15:08:49.136733 IP satyr.sylvan.com.33939 > 209.66.74.34.available.above.net.https: P 85:224(139) ack 529 win 15544 15:08:49.145387 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: . ack 224 win 8192 15:08:49.146405 IP satyr.sylvan.com.33939 > 209.66.74.34.available.above.net.https: P 224:271(47) ack 529 win 15544 15:08:49.154247 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: . ack 271 win 8192 15:08:49.155954 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: P 529:576(47) ack 271 win 8192 15:08:49.156945 IP satyr.sylvan.com.33939 > 209.66.74.34.available.above.net.https: . ack 576 win 15544 15:08:49.156962 IP satyr.sylvan.com.33939 > 209.66.74.34.available.above.net.https: P 271:446(175) ack 576 win 15544 15:08:49.167571 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: . ack 446 win 8192 15:08:49.175445 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: P 576:892(316) ack 446 win 8192 15:08:49.175614 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: FP 892:892(0) ack 446 win 8192 15:08:49.176449 IP satyr.sylvan.com.33939 > 209.66.74.34.available.above.net.https: F 446:446(0) ack 893 win 16616 15:08:49.176484 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: S 2295074479:2295074479(0) win 14600 <mss 1460,sackOK,timestamp 273823537 0,nop,wscale 7> 15:08:49.183544 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33939: . ack 447 win 8192 15:08:49.184506 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: S 1701831959:1701831959(0) ack 2295074480 win 8192 <mss 1380> 15:08:49.185535 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 1 win 14600 15:08:49.185552 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 1:85(84) ack 1 win 14600 15:08:49.194899 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 85 win 8192 15:08:49.196131 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 1:529(528) ack 85 win 8192 15:08:49.197122 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 529 win 15544 15:08:49.233328 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 85:224(139) ack 529 win 15544 15:08:49.241969 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 224 win 8192 15:08:49.242962 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 224:271(47) ack 529 win 15544 15:08:49.250389 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 271 win 8192 15:08:49.252294 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 529:576(47) ack 271 win 8192 15:08:49.253282 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 271:465(194) ack 576 win 15544 15:08:49.262155 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 465 win 7998 15:08:49.262341 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 465 win 8192 15:08:49.264429 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 576:1547(971) ack 465 win 8192 15:08:49.305618 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 1547 win 17478 15:08:55.458678 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 465:820(355) ack 1547 win 17478 15:08:55.470420 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 820 win 8192 15:08:55.483295 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 1547:2235(688) ack 820 win 8192 15:08:55.484287 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 2235 win 19420 15:08:55.485369 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 820:1388(568) ack 2235 win 19420 15:08:55.498729 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 1388 win 8192 15:08:55.502750 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 2235:3615(1380) ack 1388 win 8192 15:08:55.503110 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 3615:3813(198) ack 1388 win 8192 15:08:55.503753 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 3813 win 24840 15:08:55.504954 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 3813:4936(1123) ack 1388 win 8192 15:08:55.545595 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 4936 win 27600 15:08:56.569927 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 1388:1497(109) ack 4936 win 27600 15:08:56.578164 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 1497 win 8192 15:08:56.579181 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 1497:1715(218) ack 4936 win 27600 15:08:56.588948 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 1715 win 8192 15:08:56.712130 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 4936:5103(167) ack 1715 win 8192 15:08:56.713131 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 5103 win 30360 15:08:56.713150 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 1715:1804(89) ack 5103 win 30360 15:08:56.722735 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 1804 win 8192 15:08:56.723415 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 5103:5192(89) ack 1804 win 8192 15:08:56.725272 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 1804:1893(89) ack 5192 win 30360 15:08:56.733819 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 1893 win 8103 15:08:56.734001 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 1893 win 8192 15:08:56.734261 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 5192:5281(89) ack 1893 win 8192 15:08:56.736101 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 1893:1982(89) ack 5281 win 30360 15:08:56.744452 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 1982 win 8103 15:08:56.744609 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 1982 win 8192 15:08:56.744872 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 5281:5370(89) ack 1982 win 8192 15:08:56.746855 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 1982:2071(89) ack 5370 win 30360 15:08:56.754768 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2071 win 8103 15:08:56.754944 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2071 win 8192 15:08:56.755442 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 5370:5459(89) ack 2071 win 8192 15:08:56.778653 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 5459:5626(167) ack 2071 win 8192 15:08:56.779646 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 5626 win 33120 15:08:56.780710 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2071:2160(89) ack 5626 win 33120 15:08:56.789011 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2160 win 8192 15:08:56.789714 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 5626:5715(89) ack 2160 win 8192 15:08:56.791408 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2160:2249(89) ack 5715 win 33120 15:08:56.796164 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 5715:5882(167) ack 2160 win 8192 15:08:56.799572 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2249 win 8103 15:08:56.799802 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2249 win 8192 15:08:56.800320 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 5882:5971(89) ack 2249 win 8192 15:08:56.800564 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2249:2338(89) ack 5882 win 35880 15:08:56.808713 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2338 win 8103 15:08:56.808899 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2338 win 8192 15:08:56.809417 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 5971:6060(89) ack 2338 win 8192 15:08:56.809708 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2338:2427(89) ack 5971 win 35880 15:08:56.817607 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2427 win 8103 15:08:56.817791 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2427 win 8192 15:08:56.818258 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 6060:6149(89) ack 2427 win 8192 15:08:56.818609 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2427:2516(89) ack 6060 win 35880 15:08:56.826951 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2516 win 8103 15:08:56.827131 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2516 win 8192 15:08:56.827653 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 6149:6238(89) ack 2516 win 8192 15:08:56.827954 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2516:2605(89) ack 6149 win 35880 15:08:56.835811 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2605 win 8103 15:08:56.835998 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2605 win 8192 15:08:56.836556 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 6238:6327(89) ack 2605 win 8192 15:08:56.836805 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2605:2694(89) ack 6238 win 35880 15:08:56.844689 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2694 win 8103 15:08:56.844863 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2694 win 8192 15:08:56.845143 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 6327:6416(89) ack 2694 win 8192 15:08:56.845703 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 6416 win 35880 15:08:56.846778 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2694:2783(89) ack 6416 win 35880 15:08:56.854553 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2783 win 8192 15:08:56.855223 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 6416:6505(89) ack 2783 win 8192 15:08:56.896605 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 6505 win 35880 15:09:00.362859 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2783:2881(98) ack 6505 win 35880 15:09:00.370860 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2881 win 8192 15:09:00.397938 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 6505:6803(298) ack 2881 win 8192 15:09:00.398930 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 6803 win 38640 15:09:00.399974 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2881:2979(98) ack 6803 win 38640 15:09:00.408286 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 2979 win 8192 15:09:00.409289 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 6803:7101(298) ack 2979 win 8192 15:09:00.450611 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 7101 win 41400 15:09:00.581266 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 2979:3072(93) ack 7101 win 41400 15:09:00.590587 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3072 win 8192 15:09:00.591593 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3072:3166(94) ack 7101 win 41400 15:09:00.600261 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3166 win 8192 15:09:01.567899 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3166:3260(94) ack 7101 win 41400 15:09:01.576128 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3260 win 8192 15:09:01.576808 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 7101:7232(131) ack 3260 win 8192 15:09:01.577137 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 7232 win 41400 15:09:02.419792 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3260:3354(94) ack 7232 win 41400 15:09:02.428350 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3354 win 8192 15:09:02.429299 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 7232:7385(153) ack 3354 win 8192 15:09:02.430343 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 7385 win 41400 15:09:02.430360 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3354:3448(94) ack 7385 win 41400 15:09:02.439693 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3448 win 8192 15:09:02.440400 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: P 7385:7538(153) ack 3448 win 8192 15:09:02.481664 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: . ack 7538 win 41400 15:09:14.595791 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3448:3541(93) ack 7538 win 41400 15:09:14.603614 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3541 win 8192 15:09:14.805584 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3448:3541(93) ack 7538 win 41400 15:09:14.813768 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3541 win 8192 15:09:15.226470 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3448:3541(93) ack 7538 win 41400 15:09:15.234832 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3541 win 8192 15:09:16.067534 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3448:3541(93) ack 7538 win 41400 15:09:16.076322 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3541 win 8192 15:09:17.604288 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 48 15:09:17.604307 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 48 15:09:17.604326 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 48 15:09:17.751683 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3448:3541(93) ack 7538 win 41400 15:09:17.759967 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3541 win 8192 15:09:21.119508 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3448:3541(93) ack 7538 win 41400 15:09:21.127696 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3541 win 8192 15:09:27.847668 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3448:3541(93) ack 7538 win 41400 15:09:27.856041 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3541 win 8192 15:09:30.353335 IP satyr.sylvan.com > 209.66.74.34.available.above.net: ICMP host satyr.sylvan.com unreachable, length 48 15:09:41.319600 IP satyr.sylvan.com.33940 > 209.66.74.34.available.above.net.https: P 3448:3541(93) ack 7538 win 41400 15:09:41.327961 IP 209.66.74.34.available.above.net.https > satyr.sylvan.com.33940: . ack 3541 win 8192 ^C 147 packets captured 147 packets received by filter 0 packets dropped by kernel Script done on Sun 25 Nov 2012 03:10:03 PM PST And now, from the laptop (where I'm trying to connect): Script started on Sun 25 Nov 2012 03:08:27 PM PST $ sudo tcpdump -i em1 'host 209.66.74.34' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes 15:08:46.880402 IP ksylvan-laptop.33939 > 209.66.74.34.available.above.net.https: Flags [S], seq 4243900987, win 14600, options [mss 1460,sackOK,TS val 273821238 ecr 0,nop,wscale 7], length 0 15:08:46.888644 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [S.], seq 2254758891, ack 4243900988, win 8192, options [mss 1380], length 0 15:08:46.888689 IP ksylvan-laptop.33939 > 209.66.74.34.available.above.net.https: Flags [.], ack 1, win 14600, length 0 15:08:46.945827 IP ksylvan-laptop.33939 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1:85, ack 1, win 14600, length 84 15:08:46.955687 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [.], ack 85, win 8192, length 0 15:08:46.956695 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [P.], seq 1:529, ack 85, win 8192, length 528 15:08:46.956721 IP ksylvan-laptop.33939 > 209.66.74.34.available.above.net.https: Flags [.], ack 529, win 15544, length 0 15:08:49.138929 IP ksylvan-laptop.33939 > 209.66.74.34.available.above.net.https: Flags [P.], seq 85:224, ack 529, win 15544, length 139 15:08:49.149048 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [.], ack 224, win 8192, length 0 15:08:49.149084 IP ksylvan-laptop.33939 > 209.66.74.34.available.above.net.https: Flags [P.], seq 224:271, ack 529, win 15544, length 47 15:08:49.157869 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [.], ack 271, win 8192, length 0 15:08:49.159463 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [P.], seq 529:576, ack 271, win 8192, length 47 15:08:49.159495 IP ksylvan-laptop.33939 > 209.66.74.34.available.above.net.https: Flags [.], ack 576, win 15544, length 0 15:08:49.160008 IP ksylvan-laptop.33939 > 209.66.74.34.available.above.net.https: Flags [P.], seq 271:446, ack 576, win 15544, length 175 15:08:49.171129 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [.], ack 446, win 8192, length 0 15:08:49.179066 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [P.], seq 576:892, ack 446, win 8192, length 316 15:08:49.179094 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [FP.], seq 892, ack 446, win 8192, length 0 15:08:49.179450 IP ksylvan-laptop.33939 > 209.66.74.34.available.above.net.https: Flags [F.], seq 446, ack 893, win 16616, length 0 15:08:49.179657 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [S], seq 2295074479, win 14600, options [mss 1460,sackOK,TS val 273823537 ecr 0,nop,wscale 7], length 0 15:08:49.187126 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33939: Flags [.], ack 447, win 8192, length 0 15:08:49.188105 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [S.], seq 1701831959, ack 2295074480, win 8192, options [mss 1380], length 0 15:08:49.188149 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 1, win 14600, length 0 15:08:49.188457 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1:85, ack 1, win 14600, length 84 15:08:49.198499 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 85, win 8192, length 0 15:08:49.199757 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 1:529, ack 85, win 8192, length 528 15:08:49.199785 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 529, win 15544, length 0 15:08:49.235550 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 85:224, ack 529, win 15544, length 139 15:08:49.245538 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 224, win 8192, length 0 15:08:49.245575 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 224:271, ack 529, win 15544, length 47 15:08:49.253930 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 271, win 8192, length 0 15:08:49.255891 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 529:576, ack 271, win 8192, length 47 15:08:49.256357 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 271:465, ack 576, win 15544, length 194 15:08:49.265757 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 465, win 7998, length 0 15:08:49.265788 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 465, win 8192, length 0 15:08:49.268137 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 576:1547, ack 465, win 8192, length 971 15:08:49.307841 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 1547, win 17478, length 0 15:08:55.460825 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 465:820, ack 1547, win 17478, length 355 15:08:55.474051 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 820, win 8192, length 0 15:08:55.486944 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 1547:2235, ack 820, win 8192, length 688 15:08:55.486982 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 2235, win 19420, length 0 15:08:55.487865 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 820:1388, ack 2235, win 19420, length 568 15:08:55.502371 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 1388, win 8192, length 0 15:08:55.506744 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 2235:3615, ack 1388, win 8192, length 1380 15:08:55.506767 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 3615:3813, ack 1388, win 8192, length 198 15:08:55.506784 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 3813, win 24840, length 0 15:08:55.508758 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 3813:4936, ack 1388, win 8192, length 1123 15:08:55.547832 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 4936, win 27600, length 0 15:08:56.572124 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1388:1497, ack 4936, win 27600, length 109 15:08:56.581815 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 1497, win 8192, length 0 15:08:56.581859 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1497:1715, ack 4936, win 27600, length 218 15:08:56.592551 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 1715, win 8192, length 0 15:08:56.715680 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 4936:5103, ack 1715, win 8192, length 167 15:08:56.715730 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 5103, win 30360, length 0 15:08:56.716306 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1715:1804, ack 5103, win 30360, length 89 15:08:56.726286 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 1804, win 8192, length 0 15:08:56.726974 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 5103:5192, ack 1804, win 8192, length 89 15:08:56.727503 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1804:1893, ack 5192, win 30360, length 89 15:08:56.737459 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 1893, win 8103, length 0 15:08:56.737495 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 1893, win 8192, length 0 15:08:56.737742 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 5192:5281, ack 1893, win 8192, length 89 15:08:56.738333 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1893:1982, ack 5281, win 30360, length 89 15:08:56.747945 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 1982, win 8103, length 0 15:08:56.747982 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 1982, win 8192, length 0 15:08:56.748511 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 5281:5370, ack 1982, win 8192, length 89 15:08:56.749087 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 1982:2071, ack 5370, win 30360, length 89 15:08:56.758344 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2071, win 8103, length 0 15:08:56.758368 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2071, win 8192, length 0 15:08:56.759010 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 5370:5459, ack 2071, win 8192, length 89 15:08:56.782213 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 5459:5626, ack 2071, win 8192, length 167 15:08:56.782308 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 5626, win 33120, length 0 15:08:56.782996 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2071:2160, ack 5626, win 33120, length 89 15:08:56.792657 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2160, win 8192, length 0 15:08:56.793207 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 5626:5715, ack 2160, win 8192, length 89 15:08:56.793640 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2160:2249, ack 5715, win 33120, length 89 15:08:56.799835 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 5715:5882, ack 2160, win 8192, length 167 15:08:56.803062 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2249, win 8103, length 0 15:08:56.803095 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2249:2338, ack 5882, win 35880, length 89 15:08:56.803316 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2249, win 8192, length 0 15:08:56.803953 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 5882:5971, ack 2249, win 8192, length 89 15:08:56.812201 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2338, win 8103, length 0 15:08:56.812246 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2338:2427, ack 5971, win 35880, length 89 15:08:56.812254 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2338, win 8192, length 0 15:08:56.813014 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 5971:6060, ack 2338, win 8192, length 89 15:08:56.821192 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2427, win 8103, length 0 15:08:56.821220 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2427:2516, ack 6060, win 35880, length 89 15:08:56.821229 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2427, win 8192, length 0 15:08:56.821830 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 6060:6149, ack 2427, win 8192, length 89 15:08:56.830533 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2516, win 8103, length 0 15:08:56.830559 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2516:2605, ack 6149, win 35880, length 89 15:08:56.830568 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2516, win 8192, length 0 15:08:56.831243 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 6149:6238, ack 2516, win 8192, length 89 15:08:56.839329 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2605, win 8103, length 0 15:08:56.839361 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2605:2694, ack 6238, win 35880, length 89 15:08:56.839369 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2605, win 8192, length 0 15:08:56.840123 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 6238:6327, ack 2605, win 8192, length 89 15:08:56.848281 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2694, win 8103, length 0 15:08:56.848310 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2694, win 8192, length 0 15:08:56.848742 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 6327:6416, ack 2694, win 8192, length 89 15:08:56.848823 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 6416, win 35880, length 0 15:08:56.849285 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2694:2783, ack 6416, win 35880, length 89 15:08:56.858153 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2783, win 8192, length 0 15:08:56.858799 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 6416:6505, ack 2783, win 8192, length 89 15:08:56.898845 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 6505, win 35880, length 0 15:09:00.365100 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2783:2881, ack 6505, win 35880, length 98 15:09:00.374510 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2881, win 8192, length 0 15:09:00.401513 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 6505:6803, ack 2881, win 8192, length 298 15:09:00.401557 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 6803, win 38640, length 0 15:09:00.402203 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2881:2979, ack 6803, win 38640, length 98 15:09:00.411929 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 2979, win 8192, length 0 15:09:00.412868 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 6803:7101, ack 2979, win 8192, length 298 15:09:00.452867 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 7101, win 41400, length 0 15:09:00.584348 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 2979:3072, ack 7101, win 41400, length 93 15:09:00.594097 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 3072, win 8192, length 0 15:09:00.594131 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3072:3166, ack 7101, win 41400, length 94 15:09:00.603869 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 3166, win 8192, length 0 15:09:01.570096 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3166:3260, ack 7101, win 41400, length 94 15:09:01.579761 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 3260, win 8192, length 0 15:09:01.580310 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 7101:7232, ack 3260, win 8192, length 131 15:09:01.580336 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 7232, win 41400, length 0 15:09:02.422031 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3260:3354, ack 7232, win 41400, length 94 15:09:02.431972 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 3354, win 8192, length 0 15:09:02.432806 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 7232:7385, ack 3354, win 8192, length 153 15:09:02.432832 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 7385, win 41400, length 0 15:09:02.433442 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3354:3448, ack 7385, win 41400, length 94 15:09:02.443292 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [.], ack 3448, win 8192, length 0 15:09:02.444000 IP 209.66.74.34.available.above.net.https > ksylvan-laptop.33940: Flags [P.], seq 7385:7538, ack 3448, win 8192, length 153 15:09:02.483885 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [.], ack 7538, win 41400, length 0 15:09:14.598064 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3448:3541, ack 7538, win 41400, length 93 15:09:14.807822 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3448:3541, ack 7538, win 41400, length 93 15:09:15.228854 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3448:3541, ack 7538, win 41400, length 93 15:09:16.069855 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3448:3541, ack 7538, win 41400, length 93 15:09:17.753873 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3448:3541, ack 7538, win 41400, length 93 15:09:21.121814 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3448:3541, ack 7538, win 41400, length 93 15:09:27.849864 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3448:3541, ack 7538, win 41400, length 93 15:09:41.321875 IP ksylvan-laptop.33940 > 209.66.74.34.available.above.net.https: Flags [P.], seq 3448:3541, ack 7538, win 41400, length 93 ^C 135 packets captured 135 packets received by filter 0 packets dropped by kernel Script done on Sun 25 Nov 2012 03:09:58 PM PST
That's interesting. There's a 12-second period when the link is idle. And during that time, your NAT box seems to have completely forgotten about the connection. If you can't get a proper Internet connection, can you at least fix the NAT box so it doesn't time out so quickly? There's a similar pause in the trace in comment 31, from 17:15:43.716842 to 17:16:03.698125. I don't see a similar pause in comment 33; maybe that's a *different* brokenness in your NAT? And I don't understand why one version of OpenConnect sees this, and another doesn't. Perhaps it's something coincidental... like the Fedora 16 installation constantly spewing something like mDNS on the VPN link so it never goes idle for that long? Once thing you can try, if you can't fix the network, is reducing the keepalive values to make sure the link doesn't go idle for so long. We already have a --force-dpd option, so try --force-dpd=5. And we can look at making a --force-keepalive option too. Of course, there's still the fact that you couldn't make *new* outbound connections, when one died and it tried to reconnect. Your latest tcpdump doesn't include that, but an earlier internal one showed your laptop sending SYN packets to open a new connection, and never getting anything back. I'm guessing that's a brokenness in your NAT box too? What *are* you using for the NAT?
I have an old Fedora 9 box acting as my NAT and internal router.