return -EINVAL;
}
+ if (vpninfo->dtls_local_port) {
+ struct sockaddr_storage dtls_bind_addr;
+ int dtls_bind_addrlen;
+ memset(&dtls_bind_addr, 0, sizeof(dtls_bind_addr));
+
+ if (vpninfo->peer_addr->sa_family == AF_INET) {
+ struct sockaddr_in *addr = (struct sockaddr_in *)&dtls_bind_addr;
+ dtls_bind_addrlen = sizeof(*addr);
+ addr->sin_family = AF_INET;
+ addr->sin_addr.s_addr = INADDR_ANY;
+ addr->sin_port = htons(vpninfo->dtls_local_port);
+ } else if (vpninfo->peer_addr->sa_family == AF_INET6) {
+ struct sockaddr_in6 *addr = (struct sockaddr_in6 *)&dtls_bind_addr;
+ dtls_bind_addrlen = sizeof(*addr);
+ addr->sin6_family = AF_INET6;
+ addr->sin6_addr = in6addr_any;
+ addr->sin6_port = htons(vpninfo->dtls_local_port);
+ } else {
+ vpn_progress(vpninfo, PRG_ERR,
+ _("Unknown protocol family %d. Cannot do DTLS\n"),
+ vpninfo->peer_addr->sa_family);
+ vpninfo->dtls_attempt_period = 0;
+ return -EINVAL;
+ }
+
+ if (bind(dtls_fd, (struct sockaddr *)&dtls_bind_addr, dtls_bind_addrlen)) {
+ perror(_("Bind UDP socket for DTLS"));
+ return -EINVAL;
+ }
+ }
+
if (connect(dtls_fd, vpninfo->dtls_addr, vpninfo->peer_addrlen)) {
perror(_("UDP (DTLS) connect:\n"));
close(dtls_fd);
OPT_SERVERCERT,
OPT_USERAGENT,
OPT_NON_INTER,
+ OPT_DTLS_LOCAL_PORT,
};
#ifdef __sun__
OPTION("no-cert-check", 0, OPT_NO_CERT_CHECK),
OPTION("force-dpd", 1, OPT_FORCE_DPD),
OPTION("non-inter", 0, OPT_NON_INTER),
+ OPTION("dtls-local-port", 1, OPT_DTLS_LOCAL_PORT),
OPTION(NULL, 0, 0)
};
printf(" --reconnect-timeout %s\n", _("Connection retry timeout in seconds"));
printf(" --servercert=FINGERPRINT %s\n", _("Server's certificate SHA1 fingerprint"));
printf(" --useragent=STRING %s\n", _("HTTP header User-Agent: field"));
+ printf(" --dtls-local-port=PORT %s\n", _("Set local port for DTLS datagrams"));
printf("\n");
helpmessage();
case OPT_FORCE_DPD:
vpninfo->dtls_times.dpd = vpninfo->ssl_times.dpd = atoi(config_arg);
break;
+ case OPT_DTLS_LOCAL_PORT:
+ vpninfo->dtls_local_port = atoi(config_arg);
+ break;
default:
usage();
}
struct sockaddr *peer_addr;
struct sockaddr *dtls_addr;
+ int dtls_local_port;
+
int deflate;
char *useragent;
.OP \-\-cafile file
.OP \-\-disable\-ipv6
.OP \-\-dtls\-ciphers list
+.OP \-\-dtls\-local\-port port
.OP \-\-no\-cert\-check
.OP \-\-no\-dtls
.OP \-\-no\-http\-keepalive
.I STRING
as 'User\-Agent:' field value in HTTP header.
(e.g. \-\-useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133')
+.TP
+.B \-\-dtls\-local\-port=PORT
+Use
+.I PORT
+as the local port for DTLS datagrams
.SH LIMITATIONS
Note that although IPv6 has been tested on all platforms on which
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
+ <li>Add <tt>--dtls-local-port</tt> option.</li>
<li>Print correct error when <tt>/dev/net/tun</tt> cannot be opened.</li>
<li>Fix <tt>openconnect.pc</tt> pkg-config file not to require <tt>zlib.pc</tt> on systems which lack it (like RHEL5).</li>
</ul><br/>