[PATCH 1/2] Protocols should explicitly request the same IPv4 address on reconnect, since they will abort if new addresses are sent by the server.

[Daniel Lenski]

This behavior is supported by AnyConnect (CONNECT with X-CSTP-Address header)
and by GlobalProtect (POST /ssl-vpn/getconfig.esp with preferred-ip form field).
There does not appear to be any obvious way for Juniper/NC to follow this behavior.

gpst.c already followed this behavior out of necessity, because GlobalProtect
servers tend to provide different IPv4 addresses upon reconnect, after even a brief
disconnection.

This patch reproduces this behavior in cstp.c; I did not make the corresponding
change for IPv6 because I have no way to test it.

Signed-off-by: Daniel Lenski <dlenski at gmail.com>
---
 cstp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cstp.c b/cstp.c
index 5477c5c..a22c66e 100644
--- a/cstp.c
+++ b/cstp.c
@@ -262,6 +262,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 		buf_append(reqbuf, "X-CSTP-MTU: %d\r\n", mtu);
 	buf_append(reqbuf, "X-CSTP-Address-Type: %s\r\n",
 			       vpninfo->disable_ipv6 ? "IPv4" : "IPv6,IPv4");
+       /* Explicitly request the same IPv4 address on reconnect */
+	if (old_addr)
+		buf_append(reqbuf, "X-CSTP-Address: %s\r\n", old_addr);
 	if (!vpninfo->disable_ipv6)
 		buf_append(reqbuf, "X-CSTP-Full-IPv6-Capability: true\r\n");
 #ifdef HAVE_DTLS
-- 
2.7.4