Set Fortinet DPD interval from server's config

The name of the tag implies that its purpose is DTLS-specific (<dtls-config heartbeat-interval="X">) and that it requires the use of the DTLS heartbeat extension (https://tools.ietf.org/html/rfc6520). However, PPP already contains natural analogues for keepalive (Discard-Request) and DPD (Echo-Request and Echo-Reply), which appear to work just fine with Fortinet servers. We may as well use the server's heartbeat/keepalive interval for a more generic, transport-agnostic DPD mechanism, since OpenConnect and PPP already support it. The official Fortinet client software for Windows/Mac appears to be very deficient at dead peer detection, so this may represent a substantial improvement in functionality for some users. Signed-off-by: Daniel Lenski <dlenski@gmail.com>
sailfishos-mirror · Apr 12, 2021 · e1eac26 · e1eac26
1 parent 5ff6a02
commit e1eac26
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/fortinet.c b/fortinet.c
@@ -343,6 +343,10 @@ static int parse_fortinet_xml_config(struct openconnect_info *vpninfo, char *buf
 		else if (xmlnode_is_named(xml_node, "idle-timeout") && !xmlnode_get_prop(xml_node, "val", &s)) {
 			int sec = vpninfo->idle_timeout = atoi(s);
 			vpn_progress(vpninfo, PRG_INFO, _("Idle timeout is %d minutes.\n"), sec/60);
+		} else if (xmlnode_is_named(xml_node, "dtls-config") && !xmlnode_get_prop(xml_node, "heartbeat-interval", &s)) {
+			int sec = atoi(s);
+			if (sec && (!vpninfo->dtls_times.dpd || sec < vpninfo->dtls_times.dpd))
+				vpninfo->dtls_times.dpd = vpninfo->ssl_times.dpd = sec;
 		} else if (xmlnode_is_named(xml_node, "fos")) {
 			char platform[80], *p = platform, *e = platform + 80;
 			if (!xmlnode_get_prop(xml_node, "platform", &s)) {