On 09/30/2013 11:58 AM, David Woodhouse wrote: > On Mon, 2013-09-30 at 11:29 +0200, Nikos Mavrogiannopoulos wrote: >> >> Ok, that makes sense. It seems that openconnect uses the last MTU >> suggested and in that case it is the CSTP (TCP) MTU for the tun device. >> The DTLS MTU is ignored. I'll make ocserv to return a single MTU value >> for both CSTP and DTLS to avoid such issues. > > I'd be wary of following openconnect's lead on MTU handling. We haven't > quite worked out what the Cisco "plan" is, or why there's even separate > MTU reported for CSTP and DTLS when you use a *single* tun interface for > them both, and switch between them as and when your UDP connectivity > works or not. Having seen quite some mess in the CISCO's client, I wouldn't be surprised if there was no plan there. > Perhaps openconnect should be using the smaller of the two MTUs.... or > something. I think using the smaller value would be the best option. Should I send a patch? regards, Nikos
