[PATCH] check for oversize ESP packets, with 256 bytes of headroom above calculated MTU
Daniel Lenski
dlenski at gmail.com
Tue Mar 27 12:55:21 PDT 2018
On Tue, Mar 27, 2018 at 8:39 AM, Dan Lenski <dlenski at gmail.com> wrote:
> This patch adds the extra headroom for the ESP tunnel (used by both Juniper
> and GlobalProtect VPNs) as well, after unexpectedly-large ESP packets were
> observed "in the wild":
> https://github.com/dlenski/openconnect/issues/96
Although this problem was observed with a GlobalProtect VPN, it seems
entirely plausible to me that (some) Juniper VPNs might have a similar
problem where the ESP packet size exceeds the expected MTU…
Dan
More information about the openconnect-devel
mailing list