Openconnect VPN fingerprint (MTU)

[trochdewei]

Expected behavior:

It's desirable to hide that i use VPN

Actual Behavior:

Site http://witch.valdikss.org.ru/a reports that "MTU = 1269 <...> MTU is strange. Probably OpenVPN."

Steps to Reproduce:

1. Default Openconnect setup using Streisand(existing server, ubuntu 16.04.4, ocserv 0.10.11-1build1) How can i change MTU value? Setting mtu = 1334 doesn't work as i can see ip link show vpn0 5: vpn0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1268 qdisc fq_codel state UP mode DEFAULT group default qlen 500 link/none

[hadifarnoud]

to be clear, this is how ISPs can find out if I'm using VPN?

[nopdotcom]

It might be useful to lots of people to force a low but consistent MTU on a whole server. @alimakki may have some ideas on how to manage MTU weirdness on ocserv.