F5: pause-and-reconnect doesn't preserve IP addresses if we PPP-terminate

author Daniel Lenski <dlenski@gmail.com>

Mon, 8 Feb 2021 22:41:05 +0000 (14:41 -0800)

committer Daniel Lenski <dlenski@gmail.com>

Mon, 29 Mar 2021 03:13:30 +0000 (20:13 -0700)
author Daniel Lenski <dlenski@gmail.com>
Mon, 8 Feb 2021 22:41:05 +0000 (14:41 -0800)
committer Daniel Lenski <dlenski@gmail.com>
Mon, 29 Mar 2021 03:13:30 +0000 (20:13 -0700)
diff --git a/ppp.c b/ppp.c

index a7c39ae24ddf17521a3700f80668b1445f088d48..e80b4d2290684acc31e6c82ca3cfdaa36e9c2b71 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -242,10 +242,16 @@ int openconnect_ppp_new(struct openconnect_info *vpninfo,
         ppp->encap = encap;
         switch (encap) {
         case PPP_ENCAP_F5:
+               /* XX: F5 server cancels our IP address allocation if we PPP-terminate */
+               ppp->no_terminate_on_pause = 1;
                 ppp->encap_len = 4;
                 break;
  
         case PPP_ENCAP_F5_HDLC:
+               /* XX: F5 server cancels our IP address allocation if we PPP-terminate */
+               ppp->no_terminate_on_pause = 1;
+               /* fall through */
+
         case PPP_ENCAP_RFC1662_HDLC:
                 ppp->encap_len = 0;
                 ppp->hdlc = 1;
@@ -896,7 +902,14 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou
                 break;
  
         case PPPS_NETWORK:
-               if (vpninfo->got_pause_cmd || vpninfo->got_cancel_cmd)
+               /* XX: When we pause and reconnect, we expect the auth cookie/session (external to the
+                * PPP layer) to remain valid, and to negotiate the same IP addresses on reconnection.
+                *
+                * However, some servers cancel our session or cancel our IP address allocation if we
+                * TERMINATE at the PPP layer, so we shouldn't do it when pausing.
+                */
+               if (vpninfo->got_cancel_cmd ||
+                   (vpninfo->got_pause_cmd && !ppp->no_terminate_on_pause))
                         ppp->ppp_state = PPPS_TERMINATE;
                 else
                         break;
diff --git a/ppp.h b/ppp.h

index 17cedd587fe12710d47d9671d1558dfd0f736aae..2b9d1c3e2937a0ffbcd9734ae316f5b3964f855d 100644 (file)
--- a/ppp.h
+++ b/ppp.h
@@ -104,6 +104,7 @@ struct oc_ppp {
         int hdlc;
         int want_ipv4;
         int want_ipv6;
+       int no_terminate_on_pause;
  
         int ppp_state;
         struct oc_ncp lcp;
author	Daniel Lenski <dlenski@gmail.com>
	Mon, 8 Feb 2021 22:41:05 +0000 (14:41 -0800)
committer	Daniel Lenski <dlenski@gmail.com>
	Mon, 29 Mar 2021 03:13:30 +0000 (20:13 -0700)