> On Mon, 2014-06-23 at 21:58 +0100, David Woodhouse wrote: >> Is there anything else we need to fix before we call it 6.00? >> There's the Windows tun issues with odd netmasks and the ubiquitous >> confusion about how we're supposed to handle the MTU, but I'm not sure >> I'm going to hold my breath for those to be fixed. > > btw. regarding that, I realized that all anyconnect clients connecting > to ocserv, the first seconds of the session perform an MTU discovery > using DPD packets (over DTLS). These DPD packets range from the maximum > MTU to small values, and have a padding with some fixed format (they do > not just contain arbitrary data after the dpd header). I attach some > example captures in case you're interested, but I wouldn't consider that > as a blocker for 6.00. Hm, joy. So that's a third way of negotiating the MTU, and this time possibly even after the interface has been set up? We haven't really understood how the X-CSTP-Base-MTU thing works yet, have we? Or indeed how it can *ever* work reliably... which may explain why there's now a new method :) It might be worth trying to get this into 6.00; I'll take a look. Thanks. -- dwmw2
