From: Daniel Lenski <dlenski@gmail.com>
Date: Thu, 4 Feb 2021 19:31:20 +0000 (-0800)
Subject: Fortinet: server rejects asyncmap and header compression options
X-Git-Tag: v8.20~325^2~24
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=3cacd99d9e48a98edd792c289fb9990a049d3340;p=users%2Fdwmw2%2Fopenconnect.git

Fortinet: server rejects asyncmap and header compression options

This appears to be a "feature" of all Fortinet servers, not just the one I have
access to. Openfortivpn calls pppd with the 'noaccomp nopfcomp default-asyncmap'
options: https://github.com/adrienverge/openfortivpn/blob/ba44ce1/src/tunnel.c#L233-L245

We should avoid offering these options to save an unnecessary round-trip in the
LCP stage of PPP configuration.

Don't blame me. I didn't design this.

For that matter, we don't need to include the asyncmap option with *any*
encapsulation that doesn't use HDLC.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---

diff --git a/ppp.c b/ppp.c
index c9f7b4f1..ec7a8805 100644
--- a/ppp.c
+++ b/ppp.c
@@ -249,6 +249,8 @@ int openconnect_ppp_new(struct openconnect_info *vpninfo,
 		break;
 
 	case PPP_ENCAP_FORTINET:
+		/* XX: Fortinet server rejects asyncmap and header compression. Don't blame me. */
+		ppp->out_lcp_opts &= ~(BIT_PFCOMP | BIT_ACCOMP);
 		ppp->encap_len = 6;
 		ppp->check_http_response = 1;
 		break;