Protocols should try explicitly request the same IP addresses on reconnect, since they will abort if new addresses are sent by the server.
* GlobalProtect:
- Supported and used by official clients (POST /ssl-vpn/getconfig.esp with preferred-ip form field).
- GlobalProtect servers often give different IP addresses on reconnect if this mechanism is *not* used,
so this mechanism is necessary.
- Same mechanism appears to exist for IPv6 (preferred-ipv6) and was added to OpenConnect in
d6db0ec03394234d41fbec7ffc794ceeb486a8f0, even though IPv6 support is not yet complete.
* AnyConnect:
- Not (yet) supported by ocserv
- It appears that *some* AnyConnect server will try to provide the IP address provided in the X-CSTP-Address
*request* header along with the CONNECT request, but other servers appear not to
- This patch reproduces the behavior of GPST: attempt to request same IPv4 and IPv6 addresses on reconnect,
via CONNECT headers.
* Juniper:
- There does not appear to be any way to provide this using the Juniper NC protocol.
- No known reports of Juniper servers giving out different IP address on reconnect.
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
projects / users / dwmw2 / openconnect.git / commit