[PATCH 0/2] add --request-ip option
Daniel Lenski
dlenski at gmail.com
Wed Dec 20 22:56:57 PST 2017
The first patch makes cstp.c try harder to get the same IPv4 address on
reconnect, since it will fail if it doesn't, by adding the X-CSTP-Address
header to the HTTPS CONNECT request.
The second patch adds a --request-ip option to explicitly request a
specific IPv4 address on initial connection. This patch is almost
necessary for reliable operation with some GlobalProtect VPNs (even
though that protocol is not yet merged) due to the weird "security checker"
behavior which expects a persistent IP address.
I'm including the GlobalProtect changes--even though they won't yet
apply to master--because the model for these changes is unclear
otherwise, and because they're entirely self-contained.
I did not make any corresponding changes for AnyConnect IPv6, because
I don't have any way to test it right now.
Daniel Lenski (2):
Protocols should explicitly request the same IPv4 address on
reconnect, since they will abort if new addresses are sent by the
server.
add --request-ip option to explicitly request a specific IPv4
addresses
auth-globalprotect.c | 2 ++
cstp.c | 24 +++++++++++++++++++-----
gpst.c | 19 ++++++++++++++-----
main.c | 6 ++++++
openconnect.8.in | 6 ++++++
5 files changed, 47 insertions(+), 10 deletions(-)
--
2.7.4
More information about the openconnect-devel
mailing list