ocserv: website and mtu problems
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Sep 30 06:52:52 EDT 2013
On 09/30/2013 11:58 AM, David Woodhouse wrote:
> On Mon, 2013-09-30 at 11:29 +0200, Nikos Mavrogiannopoulos wrote:
>>
>> Ok, that makes sense. It seems that openconnect uses the last MTU
>> suggested and in that case it is the CSTP (TCP) MTU for the tun device.
>> The DTLS MTU is ignored. I'll make ocserv to return a single MTU value
>> for both CSTP and DTLS to avoid such issues.
>
> I'd be wary of following openconnect's lead on MTU handling. We haven't
> quite worked out what the Cisco "plan" is, or why there's even separate
> MTU reported for CSTP and DTLS when you use a *single* tun interface for
> them both, and switch between them as and when your UDP connectivity
> works or not.
Having seen quite some mess in the CISCO's client, I wouldn't be
surprised if there was no plan there.
> Perhaps openconnect should be using the smaller of the two MTUs.... or
> something.
I think using the smaller value would be the best option. Should I send
a patch?
regards,
Nikos
More information about the openconnect-devel
mailing list