On Tue, Jun 24, 2014 at 5:04 PM, Kevin Cernekee <cernekee at gmail.com> wrote: > <nmav at gnutls.org> wrote: >>> Hm, joy. So that's a third way of negotiating the MTU, and this time >>> possibly even after the interface has been set up? >> >> That's a quite reasonable approach as one's idea of the MTU during >> negotiation may not be precise. I don't think it's an issue to change >> the MTU of the tun device at any point (at least if you know the name >> of the tun device and SIOCSIFMTU is available). > That does require CAP_NET_ADMIN; Android will have a problem with > this. The app only has the ability to perform a one-time interface > setup through a special API[1]; it doesn't run with root access. Could the MTU discovery phase take place prior to establishing the TUN? I.e., send the special DPD and expect a reply within a second or two. If the reply is received create the device, if not resend a smaller packet. That would add few seconds of latency in the creation of the tun device and the channel, but the user wouldn't need to search for the mtu manually. regards, Nikos