OpenConnect zamiast Cisco VPN i DTLS handshake timed out

Próbuję połączyć się z VPNem za pomocą OpenConnecta z wirtualnej maszyny (Centos) hostowanej na Windows. Na Windows do VPN łączę się bez problemu (za pomocą klienta Cisco). Chciałem jednak ułatwić sobie życie i mieć tego VPN tylko wewnątrz wirtualnej maszyny.

openvpn --mktun --dev tun1
ifconfig tun1 up
openconnect adres.vpn --interface=tun1 --key-password=haslo --user=user --certificate=certyfikat.pem --sslkey=klucz.pem  --dump-http-traffic 

I dostaję: "DTLS handshake timed out". Ktoś spotkał się z tym problemem?

POST xyz
SSL negotiation with xyz
Connected to HTTPS on xyz
> POST /+webvpn+/index.html HTTP/1.1
> Host: xyz
> User-Agent: Open AnyConnect VPN Agent v7.06-1.el7
> Cookie: webvpnlogin=1; tg=<ciach>
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Support-HTTP-Auth: true
> X-Pad: 00000000000000000000000000000000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 69
>
> username=user&password=pass&tgroup=group
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn=<elided>; path=/; secure
Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&ch:<ciach>&sh:<ciach>&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest; path=/; secure
Set-Cookie: webvpnx=
Set-Cookie: webvpnaac=1; path=/; secure
X-Frame-Options: SAMEORIGIN
X-Transcend-Version: 1
HTTP body chunked (-2)
< <?xml version="1.0" encoding="UTF-8"?>
< <auth id="success">
< <title>SSL VPN Service</title>
< <message>Success</message>
< <banner><ciach></banner>
< <success/>
< </auth>
<
<
> CONNECT /CSCOSSLC/tunnel HTTP/1.1
> Host: xyz
> User-Agent: Open AnyConnect VPN Agent v7.06-1.el7
> Cookie: webvpn=<ciach>
> X-CSTP-Version: 1
> X-CSTP-Hostname: piqs
> X-CSTP-Accept-Encoding: oc-lz4,lzs
> X-CSTP-MTU: 1406
> X-CSTP-Address-Type: IPv6,IPv4
> X-CSTP-Full-IPv6-Capability: true
> X-DTLS-Master-Secret: <ciach>
> X-DTLS-CipherSuite: OC-DTLS1_2-AES256-GCM:OC-DTLS1_2-AES128-GCM:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA
> X-DTLS-Accept-Encoding: oc-lz4,lzs
>
Got CONNECT response: HTTP/1.1 200 OK
X-CSTP-Version: 1
X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.
X-CSTP-Address: <ciach>
X-CSTP-Netmask: 255.0.0.0
X-CSTP-Hostname: xyz
X-CSTP-DNS: <ciach>
X-CSTP-DNS: <ciach>
X-CSTP-Lease-Duration: 1209600
X-CSTP-Session-Timeout: none
X-CSTP-Idle-Timeout: 28800
X-CSTP-Disconnected-Timeout: 28800
X-CSTP-Keep: true
X-CSTP-Tunnel-All-DNS: false
X-CSTP-DPD: 30
X-CSTP-Keepalive: 20
X-CSTP-Banner: <ciach>
X-CSTP-MSIE-Proxy-PAC-URL: http://<ciach>
X-CSTP-MSIE-Proxy-Lockdown: false
X-CSTP-Smartcard-Removal-Disconnect: true
X-DTLS-Session-ID: <ciach>
X-DTLS-Port: 443
X-DTLS-Keepalive: 20
X-DTLS-DPD: 30
X-CSTP-MTU: 1406
X-DTLS-CipherSuite: AES128-SHA
X-CSTP-Routing-Filtering-Ignore: false
X-CSTP-Quarantine: false
X-CSTP-Disable-Always-On-VPN: false
X-CSTP-Client-Bypass-Protocol: false
X-CSTP-TCP-Keepalive: true
CSTP connected. DPD 30, Keepalive 20
CSTP Ciphersuite: (TLS1.0)-(RSA)-(AES-128-CBC)-(SHA1)
Connect Banner:
<ciach>
RTNETLINK answers: File exists
DTLS option X-DTLS-Session-ID : <ciach>
DTLS option X-DTLS-Port : 443
DTLS option X-DTLS-Keepalive : 20
DTLS option X-DTLS-DPD : 30
DTLS option X-DTLS-CipherSuite : AES128-SHA
DTLS initialised. DPD 30, Keepalive 20
Connected tun1 as <ciach>, using SSL
DTLS handshake timed out
DTLS handshake failed: Resource temporarily unavailable, try again.
Send CSTP Keepalive
Send CSTP DPD
Got CSTP DPD response
Send CSTP Keepalive
Send CSTP DPD
Got CSTP DPD response
Attempt new DTLS connection
Send CSTP Keepalive
DTLS handshake timed out
DTLS handshake failed: Resource temporarily unavailable, try again.