We can't just reconnect; we have to fetch the XML config again. Even that
isn't always sufficient; it seems the server only allows *one* reconnect
before it starts to fail.
The *first* reconnection shows this in server logs:
[2326:root:0]ipcp: down ppp:0x7f1e1d218000 caller:0x7f1e1d15f900 tun:37
[2326:root:78]sslvpn_ppp_deassociate_fd_to_ipaddr:318 deassociate 10.212.134.200 to tun (ssl.root:37)
[2326:root:78]tunnel is down, wait for next connection.
[2326:root:78]sslvpn_release_dynip:1309 free app session, idx[0]
...
[2326:root:79]req: /remote/fortisslvpn_xml
[2326:root:79]deconstruct_session_id:426 decode session id ok, user=…
[2326:root:79]deconstruct_session_id:426 decode session id ok, user=…
[2326:root:79]sslvpn_reserve_dynip:1275 tunnel vd[root] ip[10.212.134.200] app session idx[0]
[2326:root:79]req: /remote/sslvpn-tunnel
[2326:root:79]sslvpn_tunnel_handler,52, Calling rmt_conn_access_ex.
[2326:root:79]deconstruct_session_id:426 decode session id ok, user=…
[2326:root:79]sslvpn_tunnel_handler,153, Calling tunnel.
[2326:root:79]tunnelEnter:498 0x7f1e1d15f900:0x7f1e1d1e9000 sslvpn user[dwmw2],type 1,logintime 0 vd 0
[2326:root:79]sconn 0x7f1e1d15f900 (0:root) vfid=0 local=[178.238.156.110] remote=[90.155.92.213] dynamicip=[10.212.134.200]
[2326:root:79]Prepare to launch ppp service...
The *second* reconnection doesn't say anything about waiting for next
connection:
[2326:root:0]ipcp: down ppp:0x7f1e1d21a800 caller:0x7f1e1d15f900 tun:37
[2326:root:79]sslvpn_ppp_deassociate_fd_to_ipaddr:318 deassociate 10.212.134.200 to tun (ssl.root:37)
[2326:root:79]sslvpn_release_dynip:1309 free app session, idx[0]
...
[2326:root:7a]req: /remote/fortisslvpn_xml
[2326:root:7a]deconstruct_session_id:426 decode session id ok, user=…
[2326:root:7a]deconstruct_session_id:426 decode session id ok, user=…
[2326:root:7a]sslvpn_reserve_dynip:1275 tunnel vd[root] ip[10.212.134.200] app session idx[0]
[2326:root:0]sslvpn_internal_remove_apsession_by_idx:2586 free app session, idx[0]
[2326:root:7a]req: /remote/sslvpn-tunnel
[2326:root:7a]sslvpn_tunnel_handler,52, Calling rmt_conn_access_ex.
[2326:root:7a]deconstruct_session_id:426 decode session id ok, user=…
[2326:root:7a]sslvpn_tunnel_handler,153, Calling tunnel.
[2326:root:7a]tunnelEnter:498 0x7f1e1d15f900:0x7f1e1d1e9000 sslvpn user[dwmw2],type 1,logintime 0 vd 0
[2326:root:7a]tunnelEnter:520 failed to retrieve tunnel address
Compare with the behaviour when we don't get the XML config again and
just try to re-establish PPP:
[385:root:0]ipcp: down ppp:0x7f19b6084800 caller:0x7f19b5fb2b00 tun:36
[385:root:f]sslvpn_ppp_deassociate_fd_to_ipaddr:318 deassociate 10.212.134.200 to tun (ssl.root:36)
[385:root:f]tunnel is down, wait for next connection.
[385:root:f]sslvpn_release_dynip:1309 free app session, idx[0]
...
[385:root:10]req: /remote/sslvpn-tunnel
[385:root:10]sslvpn_tunnel_handler,52, Calling rmt_conn_access_ex.
[385:root:10]deconstruct_session_id:426 decode session id ok, user=…
[385:root:10]sslvpn_tunnel_handler,153, Calling tunnel.
[385:root:10]tunnelEnter:498 0x7f19b5fb2b00:0x7f19b6043800 sslvpn user[dwmw2],type 1,logintime 0 vd 0
[385:root:10]tunnelEnter:512 no more IP address available.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
{
int ret = 0;
- if (!vpninfo->ppp) {
- /* Initial connection */
- ret = fortinet_configure(vpninfo);
- } else if (vpninfo->ppp->ppp_state != PPPS_DEAD) {
- /* TLS/DTLS reconnection with already-established PPP session
- * (PPP session will persist past reconnect.)
- */
- ret = ppp_reset(vpninfo);
- }
+ ret = fortinet_configure(vpninfo);
if (ret) {
err:
openconnect_close_https(vpninfo, 0);