From 4e769c81415e90f1cc6f3267c235b78a22fd1010 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Tue, 9 Jan 2018 00:01:23 -0800 Subject: [PATCH] Use ESP replay protection with GlobalProtect MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit GlobalProtect has the strange quirk that incoming (server → client) ESP sequence numbers start at 1, not 0, but this just causes a one-time offset for the replay protection checker. Signed-off-by: Daniel Lenski Signed-off-by: David Woodhouse --- gpst.c | 1 + 1 file changed, 1 insertion(+) diff --git a/gpst.c b/gpst.c index 39fbd2a3..888b54af 100644 --- a/gpst.c +++ b/gpst.c @@ -428,6 +428,7 @@ static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_ vpninfo->ip_info.domain = NULL; vpninfo->ip_info.mtu = 0; vpninfo->esp_magic = inet_addr(vpninfo->ip_info.gateway_addr); + vpninfo->esp_replay_protect = 1; vpninfo->ssl_times.rekey_method = REKEY_NONE; vpninfo->cstp_options = NULL; -- 2.49.0