On Fri, Dec 5, 2014 at 1:36 PM, David Woodhouse <dwmw2 at infradead.org> wrote: >> Attached both patches. The first patch is identical to the one >> previously sent, and the second disables dyndns if split_includes is >> empty, i.e., server asks for default route. > I suppose the second is mostly made redundant by the fact that we now > gracefully fall back to using the previous IP address when DNS fails. Not sure. Resolving may succeed but give an IP we can only connect over the VPN tunnel. That's the case the second patch solves. > I've refactored the first patch somewhat to keep it a lot more isolated > within the connect_https_socket() function, and also stop it falling > back to the previously-cached address if that address was in the fresh > DNS results and it already tried it. > Please take a look and retest the version at > http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/2f55fec Looks fine. regards, Nikos
