OpenConnect ignores the gateway's proposed MTU

Michael Helmling helmling at
Mon Feb 18 04:48:43 EST 2013

Am 15.02.2013 15:28, schrieb David Woodhouse:
> On Fri, 2013-02-15 at 15:21 +0100, Michael Helmling wrote:
>> when connecting to a VPN server with OpenConnect, the MTU on the created
>> tun interface is too high (1418) and TCP connections are broken as soon
>> as large packages are transmitted. The gateway operator told me that the
>> gateway sends a MTU of 1330 which is also what the Cisco AnyConnect
>> client sets on the cscotun0 interface. Manually setting the MTU to 1330
>> on OpenConnect's interface fixes all problems.
> Please could you send me a log of OpenConnect (preferably 4.08 or 4.99)
> doing the wrong thing, with the '-v' argument?
> Can you make sure you have an up-to-date version of vpnc-script which
> honours the $INTERNAL_IP4_MTU environment variable?
Thank you, the issue does not occur with openconnect-4.99, but it does 
in 4.08.
In the debug output of 4.08 the line
"DTLS option X-DTLS-MTU : 1418"
appears while with 4.99 the correct value 1330 appears there. I guess 
that's the point. So the issue will be fixed with the next release version?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: helmling.vcf
Type: text/x-vcard
Size: 365 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list