connecting to dynamic dns

David Woodhouse dwmw2 at
Sat Nov 29 07:03:16 PST 2014

> Well, at that point I don't have VPN. The CSTP reconnection occurs when
> the TCP connection part of the VPN is closed. That can only occur if the
> server is down, thus the UDP part is also off. Are there servers which
> forcefully close the CSTP connection but expect the DTLS connection to
> remain active?

Well, I'm not sure about 'forcefully close' but it's certainly possible to
lose the TCP connection for various reasons (packet loss, NAT brokenness,
etc.) while DTLS is still running.

Either way, the point is that surely DNS is unlikely to work right. And
even if it does you may need to run the vpnc-script to set up routes
correctly for the new server.

I wonder if the better solution here is a wrapper which will restart the
connection from scratch... it can keep the same cookie.

Let the reconnect (to the old IP address) fail. Run vpnc-script to tear
down the network config. Then where appropriate, do tje DNS lookup again.
If there's a new address, try to connect to that using the existing
cookie. Can that work?


More information about the openconnect-devel mailing list