GlobalProtect has the strange quirk that incoming (server ? client) ESP sequence numbers start at 1, not 0, but this just causes a one-time offset for the replay protection checker. Signed-off-by: Daniel Lenski <dlenski at gmail.com> --- gpst.c | 1 + 1 file changed, 1 insertion(+) diff --git a/gpst.c b/gpst.c index 009a244..05e4765 100644 --- a/gpst.c +++ b/gpst.c @@ -421,6 +421,7 @@ static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_ vpninfo->ip_info.domain = NULL; vpninfo->ip_info.mtu = 0; vpninfo->esp_magic = inet_addr(vpninfo->ip_info.gateway_addr); + vpninfo->esp_replay_protect = 1; vpninfo->ssl_times.rekey_method = REKEY_NONE; vpninfo->cstp_options = NULL; -- 2.7.4
