OpenConnect 8.00 from latest packages on FreeBSD 12.0-RELEASE-p2 cannot negotiate DTLS, and falls back to a TLS over TCP session. This is caused by compatibility issues with OpenSSL 1.1, which we select in our ports build (I'm not sure how, though). Fortunately, I found this has just been fixed (yesterday!) in OpenConnect master with commit 917f15ad8937a0e57602a9c79bd7cb167b4d76b4, and will presumably be in the next release (>8.01). We should take that patch and/or release, obviously. Not high priority for me, I can bump along with a local build.
OpenConnect 8.02 has been released. Works for me with './configure --with-openssl' (the --with-vpnc-script option is no longer needed for FreeBSD).
A commit references this bug:
Date: Wed Jan 16 20:08:11 UTC 2019
New revision: 490507
- Update to 8.02
Reported by: John Hood <email@example.com>