From 28cf1477f41c902cbba66669c4aac70cce062038 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Wed, 28 Aug 2019 16:21:03 -0700
Subject: [PATCH] GlobalProtect: try to connect to portal interface before
 gateway

This makes OpenConnect behave more like the official GP clients, which
should make more sense to new users especially when troublesheeting, without
removing the useful ability to connect directly to a gateway.
(See https://gitlab.com/openconnect/openconnect/merge_requests/56#note_209428777)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 auth-globalprotect.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/auth-globalprotect.c b/auth-globalprotect.c
index 91c12157..dd9a5ea5 100644
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -580,10 +580,10 @@ int gpst_obtain_cookie(struct openconnect_info *vpninfo)
 		/* assume the server is a gateway */
 		result = gpst_login(vpninfo, 0, &ctx);
 	} else {
-		/* first try handling it as a gateway, then a portal */
-		result = gpst_login(vpninfo, 0, &ctx);
+		/* first try handling it as a portal, then a gateway */
+		result = gpst_login(vpninfo, 1, &ctx);
 		if (result == -EEXIST) {
-			result = gpst_login(vpninfo, 1, &ctx);
+			result = gpst_login(vpninfo, 0, &ctx);
 			if (result == -EEXIST)
 				vpn_progress(vpninfo, PRG_ERR, _("Server is neither a GlobalProtect portal nor a gateway.\n"));
 		}
-- 
2.50.1