ocserv: website and mtu problems

David Woodhouse dwmw2 at infradead.org
Mon Sep 30 05:58:19 EDT 2013


On Mon, 2013-09-30 at 11:29 +0200, Nikos Mavrogiannopoulos wrote:
> 
> Ok, that makes sense. It seems that openconnect uses the last MTU
> suggested and in that case it is the CSTP (TCP) MTU for the tun device.
> The DTLS MTU is ignored. I'll make ocserv to return a single MTU value
> for both CSTP and DTLS to avoid such issues.

I'd be wary of following openconnect's lead on MTU handling. We haven't
quite worked out what the Cisco "plan" is, or why there's even separate
MTU reported for CSTP and DTLS when you use a *single* tun interface for
them both, and switch between them as and when your UDP connectivity
works or not.

Perhaps openconnect should be using the smaller of the two MTUs.... or
something.

-- 
dwmw2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130930/aecc5047/attachment-0001.bin>


More information about the openconnect-devel mailing list