ics-openconnect
ics-openconnect copied to clipboard
cernekee
Incorrect MTU
I have a server running ocserv 0.10.8. Under ubuntu 15.04, using openconnect as client, I got an mtu of 1361 at both ends for the tun devices. On my android phone (kitkat 4.4.2), if I use cisco anyconnect, I got an mtu of 1241 at both ends. With openconnect on the phone, I got 1269 at server side, but 1280 at client side. I'm not sure if this is normal, but with openconnect, I can't connect to google play, always timeout. With anyconnect, I can. With both of those two clients, I can't visit some sites which I can under ubuntu, but got google play connected surely is the first priority here.
Thanks.
I just found that for reasons I don't know, although the Ubuntu machine and the phone are behind the same firewall, on the phone I got X-CSTP-Base_MTU:1335, which led to a X-CSTP-MTU and X-DTLS-MTU of 1269. 1269 < 1280, so your client forced a MTU of 1280. Can you please change this behaviour? BTW, on the Ubuntu machine, X-CSTP-Base-MTU is 1427.
P.S. I corrected the typo, when 1269 < 1280, your client fall back to 1280. Also the reason for such a small MTU is my phone is only got an MTU of 1400 on wifi.
If my understanding is correct, the current behaviour is needed for ipv6? So in my case (when mtu<1280), I think the correct behaviour should be disable ipv6 for that interface which I think is now what ocserv doing?
With VPN connections it's quite often determined wrong because of many nontrivial network hops. MTU is definitely the setting you want to be at hand in such cases. But yes, by default it should be autodetected.
