Some gateways have DTLS disabled, so they do not send any X-DTLS-* options upon connection. This causes vpninfo->dtls_state to remain in DTLS_SECRET state forever. Currently we override this state to DTLS_SLEEPING on pause/resume, which is bad because the DTLS mainloop will get invoked on reconnection and it will start printing "No DTLS address" errors on every packet. Instead we should check for (vpninfo->dtls_state > DTLS_DISABLED), as is done elsewhere in the code. Reported-by: Holger Dell <holger.dell at gmail.com> Signed-off-by: Kevin Cernekee <cernekee at gmail.com> --- mainloop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mainloop.c b/mainloop.c index 1bd3bc8b8edb..8100a2591d33 100644 --- a/mainloop.c +++ b/mainloop.c @@ -160,7 +160,7 @@ int openconnect_mainloop(struct openconnect_info *vpninfo, /* close all connections and wait for the user to call openconnect_mainloop() again */ openconnect_close_https(vpninfo, 0); - if (vpninfo->dtls_state != DTLS_DISABLED) { + if (vpninfo->dtls_state > DTLS_DISABLED) { vpninfo->proto.udp_close(vpninfo); vpninfo->dtls_state = DTLS_SLEEPING; vpninfo->new_dtls_started = 0; -- 2.2.2