openconnect tries to set mtu for the interface even when run by non-root user
Following the instructions on the https://www.infradead.org/openconnect/nonroot.html page, I still get the following from openconnect:
Connected as x.x.x.x, using SSL, with DTLS disabled
SIOCSIFMTU: Operation not permitted
Indeed, this is due to:
openat(AT_FDCWD, "/dev/net/tun", O_RDWR) = 6
ioctl(6, TUNSETIFF, 0x7ffc78775190) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 7
ioctl(7, SIOCSIFMTU, {ifr_name="tun0", ifr_mtu=1319}) = -1 EPERM (Operation not permitted)
write(2, "SIOCSIFMTU: Operation not permit"..., 36SIOCSIFMTU: Operation not permitted
) = 36
close(7) = 0
If we are to keep things separate (as the nonroot.html page suggests) and have vpn-script/vpn-slice configure all the details after the tunnel is up (and actually vpn-slice does adjust the MTU value), then this ioctl() call should be removed from the openconnect.
Thanks.
Edited by onehalf3570