The OSPF Neighborship can get stuck in the Exstart/Exchange state, especially when OSPF is negotiated over an IPsec tunnel.

How is this MTU mismatch is identified:

• During the Exstart State, DBD packets are exchanged, which contain Interface MTU  information.
• As per RFC 2328, Section 10.6. If the Interface MTU field in the Database Description packet indicates an IP datagram size larger than the router can accept on the receiving interface without fragmentation, the Database Description packet is rejected.

Solution:
Enable mtu-ignore on the OSPF interface or manually set the MTU to be the same on both sides. 

Configuring MTU.

config router ospf
    config ospf-interface
        edit int_1
            set mtu xxxx  <----- Desired MTU size.
        next
    end
end

Enable mtu-ignore on the OSPF interface.

config router ospf
    config ospf-interface
        edit int_1
            set mtu-ignore enable
    end
end

Configure MTU value at the Interface:

Note:

This configuration is necessary when jumbo frame is enabled on the neighbor's interface. Since FortiGate by default doesn't support Jumbo frames(as default MTU is 1500) and it has to be enabled at the interface level by using the MTU size 9000+ at the interface level that is participating in the OSPF configuration.

config system interface

    edit port <x>

        set mtu-override enable

        set mtu 9216 ------> MTU Value.

    end

end

Note:

To form the OSPF neighborship, the MTU also should match on both ends or ignore the MTU using the command set mtu-ignore enable.

Troubleshooting steps:

diagnose ip router ospf all enable

diagnose ip router ospf level info

diagnose debug console timestamp enable

diagnose debug enable

Here is an example of the debug output:

Related articles:

Technical Note: MTU size and Jumbo frames support on FortiGate devices 

Technical Tip: Set up a jumbo frame in the IPsec VPN interface