Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cstp: Always restart DTLS after a CSTP disconnect
cstp_reconnect() can get called on its own, e.g. due to a DPD timeout. Under some circumstances this can cause the DTLS parameters to be renegotiated. For instance, start_cstp_connection() sometimes sends a new master DTLS secret to the gateway. And Cisco ASAs seem to like generating new DTLS-Session-ID strings on each reconnect. If DTLS is not restarted, the client and server will get out of sync and will not be able to pass data traffic. The situation is exacerbated by certain gateway settings, like setting DPD=0 and disabling DTLS rekey, which may cause the connection to remain in a "living dead" state for extended periods of time. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
- Loading branch information
Showing
4 changed files
with
4 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters