diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 55ab375..12cd3c8 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -1071,9 +1071,20 @@ static int dtls_mainloop(worker_st * ws, struct timespec *tnow)
 {
 	int ret, l;
 
+#if GNUTLS_VERSION_NUMBER <= 0x030210
+	/* work-around an infinite loop caused by gnutls_record_recv()
+	 * always succeeding by counting every error as a discarded packet.
+	 */
+	ret = gnutls_record_get_discarded(ws->dtls_session);
+	if (ret > 1000) {
+		ws->udp_state = UP_DISABLED;
+		return 0;
+	}
+#endif
 	switch (ws->udp_state) {
 	case UP_ACTIVE:
 	case UP_INACTIVE:
+
 		ret =
 		    tls_recv_nb(ws->dtls_session, ws->buffer, ws->buffer_size);
 		oclog(ws, LOG_TRANSFER_DEBUG,