pMTU discovery
Bernhard Schmidt
berni at birkenwald.de
Fri Jun 8 13:13:39 EDT 2012
On 08.06.2012 19:09, David Woodhouse wrote:
> On Fri, 2012-06-08 at 19:05 +0200, Bernhard Schmidt wrote:
>> It basically works, but I think you are using the wrong MTU value. I'm
>> currently in an IPv4-only non-MTU-challenged location. Cisco Anyconnect
>> client connects with 1418 bytes MTU, openconnect with 1315. I'm not
>> exactly sure what the difference between X-DTLS-MTU and D-CSTP-MTU is
>> supposed to be, but the tunnel should be able to transport the larger value.
>>
>> TCP_INFO rcv mss 1348, snd mss 1348, adv mss 1448, pmtu 1500
>
> Hm, so we should be sending X-CSTP-MTU: 1335, X-CSTP-Base-MTU: 1500.
>
> What is the Cisco client sending? And can you see the debug output from
> the server, like you sent in your first message?
Unfortunately I don't have access to the ASA, so I can't get that debug
output before Monday. But to me it looks like OpenConnect could just use
X-DTLS-MTU returned by the ASA and be done with it, no? According to the
debug output in the first post the ASA is sending
Sending X-CSTP-MTU: 1335
Sending X-DTLS-MTU: 1418
to AnyConnect as well. Apparently AnyConnect is using X-DTLS-MTU and you
are using X-CSTP-MTU (you did not get a X-DTLS-MTU before as far as I
can see).
Bernhard
More information about the openconnect-devel
mailing list