Reconnection fails due to DNS being routed over dead VPN link

When I connect successfully, I get a default route added for 0.0.0.0/0 pointing to the device tun0.

If I then get knocked off the network (e.g. laptop on wifi roaming betweeen access points, or machine going into power saving mode), OpenConnect is unable to reconnect when I'm back online.

This is because I am launching with the -s vpn.example.com parameter, and when reconnecting, OpenConnect tries to resolve this hostname again. However the route for 0.0.0.0/0 is still in place, so the DNS queries are sent over the now dead VPN connection.

This means the DNS queries always time out, so the VPN link can never be re-established.

If I manually run ip route del 0.0.0.0/0 dev tun0 then it is able to resolve the hostname and reconnect.

I think when OpenConnect realises the link is down (I see messages DTLS Dead Peer Detection detected dead peer! and CSTP Dead Peer Detection detected dead peer!) OpenConnect should remove all the VPN routes and generally act as if it has been terminated, before it tries to set everything up again and re-establish the connection. This would allow normal pre-VPN network activity like DNS to continue working.

(For the record, using an IP address won't fix the issue for me as we have multiple VPN servers with DNS used to point users to only those ones up and running.)

To reproduce the issue, connect to the VPN server with -s hostname, have it set a default route to send all traffic over the VPN, then disconnect and reconnect the network.