From 55ffb457010974c05096a78ac917692b7fac664b Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Sat, 16 May 2020 17:06:10 -0700
Subject: [PATCH] add delay_tunnel flag to delay tunnel creation

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 mainloop.c             | 29 ++++++++++++++---------------
 openconnect-internal.h |  1 +
 ppp.c                  |  7 ++++++-
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/mainloop.c b/mainloop.c
index ca5f9f60..79864743 100644
--- a/mainloop.c
+++ b/mainloop.c
@@ -204,29 +204,28 @@ int openconnect_mainloop(struct openconnect_info *vpninfo,
 		else
 			timeout = 1000;
 
-		if (vpninfo->dtls_state > DTLS_DISABLED) {
-			/* Postpone tun device creation after DTLS is connected so
-			 * we have a better knowledge of the link MTU. We also
-			 * force the creation if DTLS enters sleeping mode - i.e.,
-			 * we failed to connect on time. */
-			if (!tun_is_up(vpninfo) && (vpninfo->dtls_state == DTLS_CONNECTED ||
-			    vpninfo->dtls_state == DTLS_SLEEPING)) {
+		if (!tun_is_up(vpninfo)) {
+			if (vpninfo->delay_tunnel)
+				vpn_progress(vpninfo, PRG_DEBUG, _("Delaying tunnel by protocol request.\n"));
+			else if (vpninfo->dtls_state == DTLS_CONNECTING) {
+				/* Postpone tun device creation after DTLS is connected so
+				 * we have a better knowledge of the link MTU. We also
+				 * force the creation if DTLS enters sleeping mode - i.e.,
+				 * we failed to connect on time. */
+				vpn_progress(vpninfo, PRG_DEBUG, _("Delaying tunnel until link MTU determined.\n"));
+			} else {
+				/* No DTLS, or DTLS failed; setup TUN device unconditionally */
 				ret = setup_tun_device(vpninfo);
-				if (ret) {
+				if (ret)
 					break;
-				}
 			}
+		}
 
+		if (vpninfo->dtls_state > DTLS_DISABLED) {
 			ret = vpninfo->proto->udp_mainloop(vpninfo, &timeout, udp_r);
 			if (vpninfo->quit_reason)
 				break;
 			did_work += ret;
-
-		} else if (!tun_is_up(vpninfo)) {
-			/* No DTLS - setup TUN device unconditionally */
-			ret = setup_tun_device(vpninfo);
-			if (ret)
-				break;
 		}
 
 		ret = vpninfo->proto->tcp_mainloop(vpninfo, &timeout, tcp_r);
diff --git a/openconnect-internal.h b/openconnect-internal.h
index e028d8d5..18de249b 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -648,6 +648,7 @@ struct openconnect_info {
 #endif
 	int ssl_fd;
 	int dtls_fd;
+	int delay_tunnel;	                /* Delay tunnel setup */
 
 	int dtls_tos_current;
 	int dtls_pass_tos;
diff --git a/ppp.c b/ppp.c
index 5751f178..e09f6d8d 100644
--- a/ppp.c
+++ b/ppp.c
@@ -212,6 +212,9 @@ int openconnect_ppp_new(struct openconnect_info *vpninfo,
 	if (!ppp)
 		return -ENOMEM;
 
+	/* Delay tunnel setup during PPP negotiation */
+	vpninfo->delay_tunnel = 1;
+
 	/* Nameservers to request from peer
 	 * (see https://tools.ietf.org/html/rfc1877#section-1) */
 	ppp->solicit_peerns = 0;
@@ -761,8 +764,10 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou
 			}
 		}
 
-		if (network)
+		if (network) {
 			ppp->ppp_state = PPPS_NETWORK;
+			vpninfo->delay_tunnel = 0;
+		}
 		break;
 	case PPPS_NETWORK:
 		break;
-- 
2.49.0