It turns out I was mistaken. The gateway does *not* split the packet into 2 DTLS packets. It sends one large DTLS packet and openconnect reads the first 1290 bytes of plaintext as one packet and the rest as another. I do not use official anyconnect clients myself except on windows, which I have gotten a capture from. The ciphersuites are identical. the captures include the dtls handshake, and the largest data packet sent during setup. The linux capture also includes the packets corresponding to a >1290 byte ping (I used 1391 instead of 1291, so there's extra stuff coming back from the gateway corresponding to the IP fragmentation, but that does not obscure the fact that the gateway sends a packet with a 1344 byte DTLS payload, but the max that openconnect sends is 1328) windows anyconnect: https://drive.google.com/file/d/1wlbp8GUXYO8SR2l1TQX6avj8OgL7j5xi/view?usp=drive_web linux openconnect: https://drive.google.com/file/d/1ZdFMsCo9WUa7bCw0EVY5DWxd8dFD7MRD/view?usp=drive_web
