On 08.06.2012 19:09, David Woodhouse wrote: > On Fri, 2012-06-08 at 19:05 +0200, Bernhard Schmidt wrote: >> It basically works, but I think you are using the wrong MTU value. I'm >> currently in an IPv4-only non-MTU-challenged location. Cisco Anyconnect >> client connects with 1418 bytes MTU, openconnect with 1315. I'm not >> exactly sure what the difference between X-DTLS-MTU and D-CSTP-MTU is >> supposed to be, but the tunnel should be able to transport the larger value. >> >> TCP_INFO rcv mss 1348, snd mss 1348, adv mss 1448, pmtu 1500 > > Hm, so we should be sending X-CSTP-MTU: 1335, X-CSTP-Base-MTU: 1500. > > What is the Cisco client sending? And can you see the debug output from > the server, like you sent in your first message? Unfortunately I don't have access to the ASA, so I can't get that debug output before Monday. But to me it looks like OpenConnect could just use X-DTLS-MTU returned by the ASA and be done with it, no? According to the debug output in the first post the ASA is sending Sending X-CSTP-MTU: 1335 Sending X-DTLS-MTU: 1418 to AnyConnect as well. Apparently AnyConnect is using X-DTLS-MTU and you are using X-CSTP-MTU (you did not get a X-DTLS-MTU before as far as I can see). Bernhard
