* Improve "[WireGuard] Header / MTU sizes for Wireguard"
@ 2019-07-17 9:45 Yousong Zhou
2019-07-17 9:56 ` Roman Mamedov
0 siblings, 1 reply; 2+ messages in thread
From: Yousong Zhou @ 2019-07-17 9:45 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
Hi,
For WireGuard overhead breakdown [1], maybe it's worth also mentioning
that N the length of encrypted data will be padded to be multiples of
16.
I am only aware of this when fragmentation was spotted. With 1500 as
MTU for ethernet, PPPoE has MTU 1492 (1500 - 8). I thought 1432 (1492
- 60) for wireguard should work for ipv4-only traffic. It needs to be
1424 to avoid fragmentation.
Google also directed me to an old deprecated link [2] with pointer to
[1]. So maybe it's useful this info should have a place in the
wireguard website.
[1] https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
[2] https://lists.zx2c4.com/pipermail/wireguard/2016-July/000314.html
Regards,
yousong
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Improve "[WireGuard] Header / MTU sizes for Wireguard"
2019-07-17 9:45 Improve "[WireGuard] Header / MTU sizes for Wireguard" Yousong Zhou
@ 2019-07-17 9:56 ` Roman Mamedov
0 siblings, 0 replies; 2+ messages in thread
From: Roman Mamedov @ 2019-07-17 9:56 UTC (permalink / raw)
To: Yousong Zhou; +Cc: WireGuard mailing list
On Wed, 17 Jul 2019 17:45:18 +0800
Yousong Zhou <yszhou4tech@gmail.com> wrote:
> For WireGuard overhead breakdown [1], maybe it's worth also mentioning
> that N the length of encrypted data will be padded to be multiples of
> 16.
>
> I am only aware of this when fragmentation was spotted. With 1500 as
> MTU for ethernet, PPPoE has MTU 1492 (1500 - 8). I thought 1432 (1492
> - 60) for wireguard should work for ipv4-only traffic. It needs to be
> 1424 to avoid fragmentation.
1432 should work as long as you set it on *both* ends of your WireGuard tunnel.
I wrote about this here (expect mine was on IPv6, so all MTUs listed are 20
bytes lower): https://lists.zx2c4.com/pipermail/wireguard/2019-April/004078.html
Could you try 1432 on both endpoints and confirm it works (or not)?
So far I don't know any clear explanation of what's described in the above
referenced message. Also that was before the IPv6 fragmentation was allowed
for WG, so now it will change (likely will still work and send fragmented
packets, instead of all the "Fail" cases in the table).
--
With respect,
Roman
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-07-17 9:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-17 9:45 Improve "[WireGuard] Header / MTU sizes for Wireguard" Yousong Zhou
2019-07-17 9:56 ` Roman Mamedov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).