[PATCH] Add source port option for DTLS
David Woodhouse
dwmw2 at infradead.org
Thu Jun 28 08:36:36 EDT 2012
On Sat, 2012-06-23 at 12:08 -0700, Steven Ihde wrote:
> The attached patch adds support for a "--dtls-source-port" option to
> set the source port for DTLS datagrams. For example, to ease firewall
> configuration. Comments welcome.
Have you tested this with DTLS reconnection, or DPD kicking in?
Try *temporarily* firewalling the UDP traffic until OpenConnect detects
that the peer is dead and tries to remake the connection. Does it
*work*, when it tries to use the same local port again for a second
connection? You may want a further patch to close the old DTLS socket
*first*, rather than trying to keep it around until the new one is up
and running.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120628/b074b807/attachment.bin>
More information about the openconnect-devel
mailing list