Unknown DTLS packets

Daniel Lenski dlenski at gmail.com
Thu Apr 12 20:40:17 PDT 2018


On Thu, Apr 12, 2018 at 8:18 PM, Charles Wise <ctwise at gmail.com> wrote:
> Looks like it's the MTU. I did the -vvvv and --dump and the output
> said the MTU should be 1322 (DTLS option X-DTLS-MTU : 1322). When I
> enable DTLS and _don't_ set the MTU, I run iperf3 and the traffic
> drops to zero almost immediately. When I set it explicitly (-m 1322)
> the traffic goes through (plus it's much faster then with --no-dtls).

I'm glad it works, but I'm still confused.

1. If the server says the MTU should be 1322 (via the "X-DTLS-MTU"
header), then openconnect (via the vpnc-script) is setting the MTU of
the interface to 1322.
2. If you specify `-m 1322` explicitly, openconnect (via the
vpnc-script) is also setting the MTU of the interface to 1322.

What is happening differently when you specify the MTU explicitly?
What do the operating system configuration utilities say that the MTU
of the tunnel device is in (1) vs (2)?

Dan



More information about the openconnect-devel mailing list