Fortinet: server rejects asyncmap and header compression options

This appears to be a "feature" of all Fortinet servers, not just the one I have
access to. Openfortivpn calls pppd with the 'noaccomp nopfcomp default-asyncmap'
options: https://github.com/adrienverge/openfortivpn/blob/ba44ce1/src/tunnel.c#L233-L245

We should avoid offering these options to save an unnecessary round-trip in the
LCP stage of PPP configuration.

Don't blame me. I didn't design this.

For that matter, we don't need to include the asyncmap option with *any*
encapsulation that doesn't use HDLC.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/ppp.c b/ppp.c
index c9f7b4f1ed538ec2001586fdda9cd1f0008fb284..ec7a8805f695a3de959820b97657c66d8335fd8f 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -249,6 +249,8 @@ int openconnect_ppp_new(struct openconnect_info *vpninfo,
                break;
 
        case PPP_ENCAP_FORTINET:
+               /* XX: Fortinet server rejects asyncmap and header compression. Don't blame me. */
+               ppp->out_lcp_opts &= ~(BIT_PFCOMP | BIT_ACCOMP);
                ppp->encap_len = 6;
                ppp->check_http_response = 1;
                break;