Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#46253 - [networkmanager-openconnect] MTU is not being set correctly

Attached to Project: Arch Linux
Opened by Stefan Agner (falstaff) - Friday, 11 September 2015, 05:22 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 11 September 2015, 05:48 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
When using the NetworkManager UI, the MTU of the openconnect interface is not set correctly. The MTU should be set to 1406, instead it is set to 1500. A MTU of 1406 is set when using openconnect directly, and leads to a fully working VPN. While it is not entirly obvious who is to blame here, the log has some hints that it might be a permission issue:

Sep 09 17:07:40 trochilidae openconnect[7220]: Got CONNECT response: HTTP/1.1 200 OK
Sep 09 17:07:40 trochilidae openconnect[7220]: CSTP connected. DPD 300, Keepalive 30
Sep 09 17:07:40 trochilidae openconnect[7220]: SIOCSIFMTU: Operation not permitted

The issue has been discovered while investigating connection issues to the companies openconnect server. While a lot of stuff worked fine (e.g. ping and HTTP browsing) a scp copy or a (larger) HTTP POST request did not succeed...

As a work around, the MTU can be set manually after the VPN is fully setup:

# ip link set dev vpn0 mtu 1406

Additional info:
* openconnect: 7.06-2
* networkmanager-openconnect: 1.0.2-2


Steps to reproduce:
Connect to a server (with a "non-standard" MTU? not sure about this).
This task depends upon

Closed by  Doug Newgard (Scimmia)
Friday, 11 September 2015, 05:48 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#46157 
Comment by Stefan Agner (falstaff) - Friday, 11 September 2015, 05:42 GMT
Found a other work-around (or maybe the solution for now?) by setting the network admin capabilities:

# setcap cap_net_admin+ep /usr/bin/openconnect

Loading...