test ocserv

ansible/protocols/oc/openconnect-post-scripts/disconnect.sh.j2

 #!/bin/bash
-dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 66}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
+dev="$TUNDEV" localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} link6Address={{conn.link6Address}} remoteNextMark={{conn.remoteNextMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 58}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh

src/inventory.ts

@@ -299,12 +299,14 @@ class InventoryBuilder {
       local.ocpasswdLines.push(await generateOcpasswdLine(name, this.vars.ocservPassword));
     }
 
+    const mtu = Math.min(localGateway ? localGateway.mtu : 1500, remoteGateway ? remoteGateway.mtu : 1500);
+
     if (ocType === 'client') {
       local.dockerServices.services[`openconnect-${name}`] = {
         restart: 'always',
         image: 'git-registry.mycard.moe/railgun/openconnect',
         network_mode: 'host',
-        command: ['bash', '-c', `echo '${this.vars.ocservPassword}' | openconnect --user=${name} --passwd-on-stdin --passtos --interface=${name} ${remoteOcservPort}`],
+        command: ['bash', '-c', `echo '${this.vars.ocservPassword}' | openconnect --user=${name} --passwd-on-stdin --passtos --interface=${name} --mtu=${mtu - 58} ${remoteOcservPort}`],
         cap_add: ['NET_ADMIN'],
         devices: ['/dev/net/tun:/dev/net/tun'],
         volumes: [
@@ -314,7 +316,6 @@ class InventoryBuilder {
       };
     }
 
-    const mtu = Math.min(localGateway ? localGateway.mtu : 1500, remoteGateway ? remoteGateway.mtu : 1500);
     //console.log(local.name, name, mtu);
 
     if (outbound) {