The first patch makes cstp.c try harder to get the same IPv4 address on
reconnect, since it will fail if it doesn't, by adding the X-CSTP-Address
header to the HTTPS CONNECT request.
The second patch adds a --request-ip option to explicitly request a
specific IPv4 address on initial connection. This patch is almost
necessary for reliable operation with some GlobalProtect VPNs (even
though that protocol is not yet merged) due to the weird "security checker"
behavior which expects a persistent IP address.
I'm including the GlobalProtect changes--even though they won't yet
apply to master--because the model for these changes is unclear
otherwise, and because they're entirely self-contained.
I did not make any corresponding changes for AnyConnect IPv6, because
I don't have any way to test it right now.
Daniel Lenski (2):
Protocols should explicitly request the same IPv4 address on
reconnect, since they will abort if new addresses are sent by the
server.
add --request-ip option to explicitly request a specific IPv4
addresses
auth-globalprotect.c | 2 ++
cstp.c | 24 +++++++++++++++++++-----
gpst.c | 19 ++++++++++++++-----
main.c | 6 ++++++
openconnect.8.in | 6 ++++++
5 files changed, 47 insertions(+), 10 deletions(-)
--
2.7.4
