no need to send multiple probe packets as an ESP keepalive (!28) · Merge requests · OpenConnect VPN projects / OpenConnect

The source project of this merge request has been removed.

Daniel Lenski requested to merge (removed):single_probe_for_keepalive into master Jan 09, 2019

Both Juniper and GlobalProtect ESP send special probe packets to initiate the ESP connection, and as keepalives. Multiple packets are sent to initiate the connection, because a lack of response will cause a total fallback to TLS.

However, one probe packet (per keepalive interval) is enough for the keepalive packets. GlobalProtect ESP already did this, but Juniper did not.

This patch is motivated by me having access to the highest-latency Juniper VPN server in the known universe.

Signed-off-by: Daniel Lenski dlenski@gmail.com

no need to send multiple probe packets as an ESP keepalive

Merge request reports