This behavior is supported by AnyConnect (CONNECT with X-CSTP-Address header) and by GlobalProtect (POST /ssl-vpn/getconfig.esp with preferred-ip form field). There does not appear to be any obvious way for Juniper/NC to follow this behavior. gpst.c already followed this behavior out of necessity, because GlobalProtect servers tend to provide different IPv4 addresses upon reconnect, after even a brief disconnection. This patch reproduces this behavior in cstp.c; I did not make the corresponding change for IPv6 because I have no way to test it. Signed-off-by: Daniel Lenski <dlenski at gmail.com> --- cstp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cstp.c b/cstp.c index 5477c5c..a22c66e 100644 --- a/cstp.c +++ b/cstp.c @@ -262,6 +262,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) buf_append(reqbuf, "X-CSTP-MTU: %d\r\n", mtu); buf_append(reqbuf, "X-CSTP-Address-Type: %s\r\n", vpninfo->disable_ipv6 ? "IPv4" : "IPv6,IPv4"); + /* Explicitly request the same IPv4 address on reconnect */ + if (old_addr) + buf_append(reqbuf, "X-CSTP-Address: %s\r\n", old_addr); if (!vpninfo->disable_ipv6) buf_append(reqbuf, "X-CSTP-Full-IPv6-Capability: true\r\n"); #ifdef HAVE_DTLS -- 2.7.4
