On 13-08-18, Roman Mamedov wrote:
> On Mon, 13 Aug 2018 02:53:44 +1000
> StarBrilliant <coder@poorlab.com> wrote:
> 
> > I know Wireguard can already do IP layer fragmentation. (Just set
> > tunnel MTU >= 1441 then fragmentation will be turned on)
> 
> Is that really expected to work? I tried setting MTU 9000 on both ends of a WG
> tunnel, but large packets still do not seem to come through properly. Did you
> try using it like that in any kind of environment (aside from that one
> restrictive network)?

Yes, it works: we use that to enforce a 1500 MTU on the wg interface, it
avoids a lot of headache.  Wireguard may end up sending UDP packets larger
than the MTU, which the kernel fragments at the IP layer.  The kernel of
the remote endpoint then reassembles these packets before giving them to
wireguard.

That being said, if you have a nasty firewall or middlebox in the (public)
path between your endpoints, it might indeed drop fragmented IP packets,
breaking this use-case.

Baptiste