This behavior is supported by AnyConnect (CONNECT with X-CSTP-Address header)
and by GlobalProtect (POST /ssl-vpn/getconfig.esp with preferred-ip form field).
There does not appear to be any obvious way for Juniper/NC to follow this
behavior.
gpst.c already followed this behavior out of necessity, because GlobalProtect
servers tend to provide different IPv4 addresses upon reconnect, after even a
brief
disconnection.
This patch reproduces this behavior in cstp.c; I did not make the corresponding
change for IPv6 because I have no way to test it.
Signed-off-by: Daniel Lenski <dlen...@gmail.com>
---
cstp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/cstp.c b/cstp.c
index 5477c5c..a22c66e 100644
--- a/cstp.c
+++ b/cstp.c
@@ -262,6 +262,9 @@ static int start_cstp_connection(struct openconnect_info
*vpninfo)
buf_append(reqbuf, "X-CSTP-MTU: %d\r\n", mtu);
buf_append(reqbuf, "X-CSTP-Address-Type: %s\r\n",
vpninfo->disable_ipv6 ? "IPv4" : "IPv6,IPv4");
+ /* Explicitly request the same IPv4 address on reconnect */
+ if (old_addr)
+ buf_append(reqbuf, "X-CSTP-Address: %s\r\n", old_addr);
if (!vpninfo->disable_ipv6)
buf_append(reqbuf, "X-CSTP-Full-IPv6-Capability: true\r\n");
#ifdef HAVE_DTLS
--
2.7.4
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
