Running openconnect 5.01 (on ubuntu 13.10) it seems X-DTLS-MTU is ingnored (log attached below). In fact, openconnect has stopped working for me since ubuntu 13.04. The actual observation what upstream traffic effectively stalling. Yesterday, i figured out that explicitely setting the base-mtu using the commandline gets around the problem. best regards Andreas -- Andreas Steffan Achter Billing 14 22399 Hamburg Germany skype: contentreich M: +49 1793903615 T: +49 40 23943542 F: +49 40 23943542 http://www.contentreich.de Contentreich : Alfresco WCM / ECM, JEE, Grails -------------- next part -------------- POST https://vpn.somedomain.com/ Attempting to connect to server 82.144.58.90:443 SSL negotiation with vpn.somedomain.com Connected to HTTPS on vpn.somedomain.com Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 22 Oct 2013 07:23:21 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://vpn.somedomain.com/ SSL negotiation with vpn.somedomain.com Connected to HTTPS on vpn.somedomain.com Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 22 Oct 2013 07:23:21 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://vpn.somedomain.com/+webvpn+/index.html SSL negotiation with vpn.somedomain.com Connected to HTTPS on vpn.somedomain.com Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) POST https://vpn.somedomain.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=<elided>; path=/; secure Set-Cookie: webvpnc=... Set-Cookie: webvpnx= Set-Cookie: webvpnaac=1; path=/; secure X-Transcend-Version: 1 HTTP body chunked (-2) TCP_INFO rcv mss 1380, snd mss 1380, adv mss 1460, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc. X-CSTP-Address: 192.168.16.23 X-CSTP-Netmask: 255.255.255.0 X-CSTP-DNS: 192.168.0.204 X-CSTP-DNS: 192.168.1.204 X-CSTP-NBNS: 192.168.0.204 X-CSTP-NBNS: 192.168.1.204 X-CSTP-Lease-Duration: 1209600 X-CSTP-Session-Timeout: none X-CSTP-Idle-Timeout: 1800 X-CSTP-Disconnected-Timeout: 1800 X-CSTP-Default-Domain: bph.de X-CSTP-Keep: true X-CSTP-Tunnel-All-DNS: false X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: 5396775833383E639A33890C3C2CAB3EEEB72BC8091C7C0292B46E1E44169D76 X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-CSTP-MTU: 1347 X-DTLS-MTU: 1418 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-TCP-Keepalive: true CSTP connected. DPD 30, Keepalive 20
