Skip to content

refine Fortinet reconnect and DPD

Daniel Lenski requested to merge refine_Fortinet_reconnect_and_DPD into master

  • Attempt to determine whether Fortinet server really supports reconnect-after-drop (without reauth)

    If the server doesn't actually support reconnection, then DPD is probably useless or counterproductive, and we shouldn't enable it.

    See discussion here: #297 (comment 664686767)

  • Do request "ancient HTML config" in order to distinguish truly-ancient Fortinet servers from some reconnection problems

    This should at least partially address #298.

  • Enable Fortinet DPD even if server doesn't say that reconnect-after-drop is allowed

    Even if we can't automatically reconnect, disabling DPD doesn't seem like a good idea. This will just recapitulate the poor behavior of official Fortinet clients, which don't provide useful signals about dropped connection.

    Instead, let's just tell users explicitly that reconnect probably won't work in the logging messages.

Edited by Daniel Lenski

Merge request reports