• Daniel Lenski's avatar
    no need to send multiple probe packets as an ESP keepalive · 1f5b30e7
    Daniel Lenski authored
    Both Juniper and GlobalProtect ESP send special probe packets to initiate the ESP connection, and as keepalives.
    Multiple packets are sent to initiate the connection, because a lack of response will cause a total fallback to TLS.
    
    However, one probe packet (per keepalive interval) is enough for the keepalive packets. GlobalProtect ESP already
    did this, but Juniper did not.
    
    This patch is motivated by me having access to the highest-latency Juniper VPN server in the known universe.
    Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
    1f5b30e7
oncp.c 37.4 KB