GlobalProtect: try to connect to portal interface before gateway

This makes OpenConnect behave more like the official GP clients, which
should make more sense to new users especially when troublesheeting, without
removing the useful ability to connect directly to a gateway.
(See https://gitlab.com/openconnect/openconnect/merge_requests/56#note_209428777)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/auth-globalprotect.c b/auth-globalprotect.c
index 91c12157367813d27f80c9c85919ab31cb556c3e..dd9a5ea5ea0e714d075790ac3354f8f3e684b4bb 100644 (file)
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -580,10 +580,10 @@ int gpst_obtain_cookie(struct openconnect_info *vpninfo)
                /* assume the server is a gateway */
                result = gpst_login(vpninfo, 0, &ctx);
        } else {
-               /* first try handling it as a gateway, then a portal */
-               result = gpst_login(vpninfo, 0, &ctx);
+               /* first try handling it as a portal, then a gateway */
+               result = gpst_login(vpninfo, 1, &ctx);
                if (result == -EEXIST) {
-                       result = gpst_login(vpninfo, 1, &ctx);
+                       result = gpst_login(vpninfo, 0, &ctx);
                        if (result == -EEXIST)
                                vpn_progress(vpninfo, PRG_ERR, _("Server is neither a GlobalProtect portal nor a gateway.\n"));
                }