The 1300 byte packets come from the remote side. They are split by the
gateway into a 1290 byte chunk and a 10 byte chunk and are sent in 2
DTLS records.
openconnect --mtu has no effect. openconnect still reduces the mtu to
1290 because gnutls will not let it encode a record larger than 1290
bytes when doing the first DPD, as shown in the log
The code surrounding "Failed to write to SSL socket: " is:
static int _openconnect_gnutls_write(gnutls_session_t ses, int fd,
struct openconnect_info *vpninfo, char *buf, size_t len)
{
size_t orig_len = len;
while (len) {
int done = gnutls_record_send(ses, buf, len);
if (done > 0)
len -= done;
else if (done == GNUTLS_E_AGAIN || done ==
GNUTLS_E_INTERRUPTED) {
...
} else {
vpn_progress(vpninfo, PRG_ERR, _("Failed to
write to SSL socket: %s\n"),
gnutls_strerror(done));
https://www.gnutls.org/manual/html_node/Data-transfer-and-termination.html
says that gnutls_record_send will return EMSGSIZE "if the send data
exceed the data MTU value - as returned by gnutls_dtls_get_data_mtu()"
