OpenConnect does not take over MTU

Schütz Dominik Dominik.Schuetz at esolutions.de
Mon May 23 12:02:29 PDT 2022 

Hello,

By default, I have an MTU of 1400 with OpenConnect and "protocol=pulse" for tun0 (also with "protocol=nc").
However, if I specify an MTU of 1360, nothing changes with tun0. What could be the reason for this?
The PulseUI gets the MTU dynamically from the Pulse server. OpenConnect does not do this?

# without mtu (vpnc-script is the current version from gitlab)
$ sudo openconnect --script=/etc/vpnc/vpnc-script --protocol=pulse "https://vpn-gateway/linux"
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400

# with mtu=1360
$ sudo openconnect --script=/etc/vpnc/vpnc-script --mtu=1360 --protocol=pulse "https://vpn-gateway/linux"
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400

# with base-mtu=1360
$ sudo openconnect --script=/etc/vpnc/vpnc-script --base-mtu=1360 --protocol=pulse "https://vpn-gateway/linux"
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400

# with mtu=1360 and base-mtu=1360
$ sudo openconnect --script=/etc/vpnc/vpnc-script --mtu=1360 --base-mtu=1360 --protocol=pulse "https://vpn-gateway/linux"
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400

# PulseUI with dynamic mtu from Pulse Server (9.1R14)
PulseUI (9.1.14.13525)
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1392

# Versions
dominik at host1:~$ dpkg -l | grep openconnect
ii  libopenconnect5:amd64                      9.01-0+9.1                               amd64        open client for various network vendors SSL VPNs - shared library
ii  openconnect                                9.01-0+9.1                               amd64        open client for various network vendors SSL VPNs
dominik at host1:~$

dominik at host1:~$ dpkg -l | grep pulsesecure
ii  pulsesecure                                9.1.R14                                  amd64        Pulse Secure VPN client
dominik at host1:~$

Regards,
Dominik
e.solutions GmbH 

Despag-Straße 4a, 85055 Ingolstadt,  

Phone +49845833321287
 
Dominik.Schuetz at esolutions.de
Please, find my mail encryption keys at: https://secmail.esolutions.de

Registered Office: 
e.solutions GmbH
Despag-Straße 4a, 85055 Ingolstadt, Germany  
Managing Directors Uwe Reder, Rainer Lange
Register Court Ingolstadt HRB 5221
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6003 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20220523/8783227a/attachment.p7s>

More information about the openconnect-devel mailing list