WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* Improve "[WireGuard] Header / MTU sizes for Wireguard"
@ 2019-07-17  9:45 Yousong Zhou
  2019-07-17  9:56 ` Roman Mamedov
  0 siblings, 1 reply; 2+ messages in thread
From: Yousong Zhou @ 2019-07-17  9:45 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

Hi,

For WireGuard overhead breakdown [1], maybe it's worth also mentioning
that N the length of encrypted data will be padded to be multiples of
16.

I am only aware of this when fragmentation was spotted.  With 1500 as
MTU for ethernet, PPPoE has MTU 1492 (1500 - 8).  I thought 1432 (1492
- 60) for wireguard should work for ipv4-only traffic. It needs to be
1424 to avoid fragmentation.

Google also directed me to an old deprecated link [2] with pointer to
[1].  So maybe it's useful this info should have a place in the
wireguard website.

 [1] https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
 [2] https://lists.zx2c4.com/pipermail/wireguard/2016-July/000314.html

Regards,
                yousong
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Improve "[WireGuard] Header / MTU sizes for Wireguard"
  2019-07-17  9:45 Improve "[WireGuard] Header / MTU sizes for Wireguard" Yousong Zhou
@ 2019-07-17  9:56 ` Roman Mamedov
  0 siblings, 0 replies; 2+ messages in thread
From: Roman Mamedov @ 2019-07-17  9:56 UTC (permalink / raw)
  To: Yousong Zhou; +Cc: WireGuard mailing list

On Wed, 17 Jul 2019 17:45:18 +0800
Yousong Zhou <yszhou4tech@gmail.com> wrote:

> For WireGuard overhead breakdown [1], maybe it's worth also mentioning
> that N the length of encrypted data will be padded to be multiples of
> 16.
> 
> I am only aware of this when fragmentation was spotted.  With 1500 as
> MTU for ethernet, PPPoE has MTU 1492 (1500 - 8).  I thought 1432 (1492
> - 60) for wireguard should work for ipv4-only traffic. It needs to be
> 1424 to avoid fragmentation.

1432 should work as long as you set it on *both* ends of your WireGuard tunnel.
I wrote about this here (expect mine was on IPv6, so all MTUs listed are 20
bytes lower): https://lists.zx2c4.com/pipermail/wireguard/2019-April/004078.html
Could you try 1432 on both endpoints and confirm it works (or not)?

So far I don't know any clear explanation of what's described in the above
referenced message. Also that was before the IPv6 fragmentation was allowed
for WG, so now it will change (likely will still work and send fragmented
packets, instead of all the "Fail" cases in the table).

-- 
With respect,
Roman
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-17  9:45 Improve "[WireGuard] Header / MTU sizes for Wireguard" Yousong Zhou
2019-07-17  9:56 ` Roman Mamedov

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox