On Jun 28, 2012, at 5:36 AM, David Woodhouse wrote: > On Sat, 2012-06-23 at 12:08 -0700, Steven Ihde wrote: >> The attached patch adds support for a "--dtls-source-port" option to >> set the source port for DTLS datagrams. For example, to ease firewall >> configuration. Comments welcome. > > Have you tested this with DTLS reconnection, or DPD kicking in? No, I haven't. > > Try *temporarily* firewalling the UDP traffic until OpenConnect detects > that the peer is dead and tries to remake the connection. Does it > *work*, when it tries to use the same local port again for a second > connection? You may want a further patch to close the old DTLS socket > *first*, rather than trying to keep it around until the new one is up > and running. Good suggestions. I will give it a try this evening and submit a followup patch if needed. -Steve
