From f7fcd6d610cf920eb01c767a56515cd15b48d6f2 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Mon, 8 Feb 2021 14:41:05 -0800 Subject: [PATCH] F5: pause-and-reconnect doesn't preserve IP addresses if we PPP-terminate Add a no_terminate_on_pause flag to handle this. Signed-off-by: Daniel Lenski --- ppp.c | 15 ++++++++++++++- ppp.h | 1 + 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/ppp.c b/ppp.c index a7c39ae2..e80b4d22 100644 --- a/ppp.c +++ b/ppp.c @@ -242,10 +242,16 @@ int openconnect_ppp_new(struct openconnect_info *vpninfo, ppp->encap = encap; switch (encap) { case PPP_ENCAP_F5: + /* XX: F5 server cancels our IP address allocation if we PPP-terminate */ + ppp->no_terminate_on_pause = 1; ppp->encap_len = 4; break; case PPP_ENCAP_F5_HDLC: + /* XX: F5 server cancels our IP address allocation if we PPP-terminate */ + ppp->no_terminate_on_pause = 1; + /* fall through */ + case PPP_ENCAP_RFC1662_HDLC: ppp->encap_len = 0; ppp->hdlc = 1; @@ -896,7 +902,14 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou break; case PPPS_NETWORK: - if (vpninfo->got_pause_cmd || vpninfo->got_cancel_cmd) + /* XX: When we pause and reconnect, we expect the auth cookie/session (external to the + * PPP layer) to remain valid, and to negotiate the same IP addresses on reconnection. + * + * However, some servers cancel our session or cancel our IP address allocation if we + * TERMINATE at the PPP layer, so we shouldn't do it when pausing. + */ + if (vpninfo->got_cancel_cmd || + (vpninfo->got_pause_cmd && !ppp->no_terminate_on_pause)) ppp->ppp_state = PPPS_TERMINATE; else break; diff --git a/ppp.h b/ppp.h index 17cedd58..2b9d1c3e 100644 --- a/ppp.h +++ b/ppp.h @@ -104,6 +104,7 @@ struct oc_ppp { int hdlc; int want_ipv4; int want_ipv6; + int no_terminate_on_pause; int ppp_state; struct oc_ncp lcp; -- 2.49.0