Followup: OpenConnect unusably slow

shouldbe q931 shouldbeq931 at
Wed Jun 19 19:55:08 EDT 2013

On Wed, Jun 19, 2013 at 8:57 PM, David Woodhouse <dwmw2 at> wrote:

> The MTU is per-link. The Ethernet link between your internal clients and
> the router, over your wireless or wired network, *is* 1500. It's not
> giving you incorrect information.
> The MTU on the link between the router and the ISP is (presumably) 1492.

At a slight tangent, and apologies if I'm "teaching granny to suck eggs".

When I moved from a PPPoA to PPPoE connection I had a lot of "fun"
with AnyConnect (on Windows).

Until I got a router that supported RFC4638, I had some success with
setting the MTU on the NIC of the computer running AnyConnect the
AnyConnect client to 1492 and setting a MTU of 1398 in the appropriate
group policy on the ASA.

group-policy <policyname> attributes
anyconnect mtu 1398

The default MTU is 1406, so I reduced by 8 to cover the PPPoE overhead

"MTU—Adjusts the MTU size for SSL connections. Enter a value in bytes,
from 256 to 1410 bytes. By default, the MTU size is adjusted
automatically based on the MTU of the interface that the connection
uses, minus the IP/UDP/DTLS overhead."

Granted I managed the ASA and knew that I didn't have anything that
had an MTU as low as you appear to have in the path....



More information about the openconnect-devel mailing list