[PATCH] Add source port option for DTLS

Steven Ihde steve at x2.hamachi.us
Thu Jun 28 14:44:41 EDT 2012


On Jun 28, 2012, at 5:36 AM, David Woodhouse wrote:

> On Sat, 2012-06-23 at 12:08 -0700, Steven Ihde wrote:
>> The attached patch adds support for a "--dtls-source-port" option to
>> set the source port for DTLS datagrams.  For example, to ease firewall
>> configuration.  Comments welcome.
> 
> Have you tested this with DTLS reconnection, or DPD kicking in?

No, I haven't.  

> 
> Try *temporarily* firewalling the UDP traffic until OpenConnect detects
> that the peer is dead and tries to remake the connection. Does it
> *work*, when it tries to use the same local port again for a second
> connection? You may want a further patch to close the old DTLS socket
> *first*, rather than trying to keep it around until the new one is up
> and running.

Good suggestions.  I will give it a try this evening and submit a followup patch if needed.

-Steve




More information about the openconnect-devel mailing list