On 2013?09?30? 16:50, Nikos Mavrogiannopoulos wrote: > Thanks. That could be the issue. Could you try this patch? > I'm not sure about the 9 bytes larger though. Could it be 8 bytes > instead? I cannot think what this extra byte is for. With this patch the MTU on the client side is 1 byte larger (1215 v.s. 1214). Log of ocserv: ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 peer CSTP MTU is 1280 ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 TCP MSS is 1427 ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 DTLS ciphersuite: AES128-SHA ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 suggesting DTLS MTU 1214 ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 suggesting CSTP MTU 1215 ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 plaintext MTU is 1280 ocserv[23446]: [xxx.xxx.xxx.xxx]:54873 setting vpns0 MTU to 1280 ocserv[23446]: [main] DTLS record version: 1.0 ocserv[23446]: [main] DTLS hello version: 1.0 ocserv[23446]: [xxx.xxx.xxx.xxx]:54873 passed UDP socket ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 TCP MSS is 1427 ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 received UDP fd and connected to peer ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 setting up DTLS connection ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 setting MTU to 1215 ocserv[23446]: [xxx.xxx.xxx.xxx]:54873 setting vpns0 MTU to 1214 ocserv[23450]: [xxx.xxx.xxx.xxx]:54873 DTLS handshake completed (MTU: 1215) Regards, Yin Guanhao
