Use ESP replay protection with GlobalProtect

GlobalProtect has the strange quirk that incoming (server → client) ESP
sequence numbers start at 1, not 0, but this just causes a one-time offset
for the replay protection checker.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/gpst.c b/gpst.c
index 39fbd2a34cb4d6b0ea3f68c2cafc52df58634124..888b54af2befd9664f9e91a68c9213c4d1e9182a 100644 (file)
--- a/gpst.c
+++ b/gpst.c
@@ -428,6 +428,7 @@ static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_
        vpninfo->ip_info.domain = NULL;
        vpninfo->ip_info.mtu = 0;
        vpninfo->esp_magic = inet_addr(vpninfo->ip_info.gateway_addr);
+       vpninfo->esp_replay_protect = 1;
        vpninfo->ssl_times.rekey_method = REKEY_NONE;
        vpninfo->cstp_options = NULL;