From 76507fbd0f10c7766bcacec953208307f69b723e Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 10 Jun 2019 22:55:25 +0100 Subject: [PATCH] Improve Pulse ESP setup reliability. Sometimes, the server is slow to process the ESP config so our first probes don't elicit a response. Abuse the licensing information packet which comes after the connection is set up, and send a second set of probes when it arrives. Perhaps we should actually send three probes, half a second apart. Signed-off-by: David Woodhouse --- pulse.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pulse.c b/pulse.c index baf45b66..48925ebd 100644 --- a/pulse.c +++ b/pulse.c @@ -2052,6 +2052,15 @@ int pulse_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) print_esp_keys(vpninfo, _("new outgoing"), &vpninfo->esp_out); continue; + case 0x96: + /* It sends the licence information once the connection is set up. For + * now, abuse this to deal with the race condition in ESP setup — it looks + * like the server doesn't process the ESP config until after we've sent + * the probes, in some cases. */ + if (vpninfo->dtls_state == DTLS_SLEEPING) + vpninfo->proto->udp_send_probes(vpninfo); + break; + default: unknown_pkt: vpn_progress(vpninfo, PRG_ERR, -- 2.50.1