WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* MTU on public wifi
@ 2018-07-03  7:41 Brian Candler
  0 siblings, 0 replies; only message in thread
From: Brian Candler @ 2018-07-03  7:41 UTC (permalink / raw)
  To: wireguard

I was testing wireguard via a public wifi service (Icomera on-train=20
wifi) and found that the tunnel MTU wireguard had chosen was too large:=20
TCP connections got stuck as soon as any large amount of data was sent=20
(e.g. just running "top")

The MTU of the wifi service itself is 1440:

MacBook-Pro-2:~ $ ping -s1412 -D 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 1412 data bytes
1420 bytes from 8.8.8.8: icmp_seq=3D0 ttl=3D58 time=3D46.006 ms
1420 bytes from 8.8.8.8: icmp_seq=3D1 ttl=3D58 time=3D40.847 ms
^C
--- 8.8.8.8 ping statistics ---
[Interface]
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev =3D 40.847/43.427/46.006/2.579 ms
MacBook-Pro-2:~ $ ping -s1414 -D 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 1414 data bytes
556 bytes from 10.101.2.1: frag needed and DF set (MTU 1440)
Vr HL TOS=C2=A0 Len=C2=A0=C2=A0 ID Flg=C2=A0 off TTL Pro=C2=A0 cks=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0 Src Dst
 =C2=A04=C2=A0 5=C2=A0 00 a205 33b6=C2=A0=C2=A0 0 0000=C2=A0 40=C2=A0 01 =
e44d 10.101.2.227 8.8.8.8

(Payload 1412 + 20 bytes IP header + 8 bytes ICMP header =3D 1440)

The client is macOS wireguard-tools/wireguard-go.=C2=A0 Wireguard itself =
had=20
set an MTU on utun1 of 1440.=C2=A0 With some experimentation, I found tha=
t=20
setting MTU of 1400 was fine, but 1410 was too big.

With "MTU =3D 1400" in wg0.conf it now appears to work correctly, althoug=
h=20
I'm not sure how safe that value is - does Wireguard compress data=20
before encapsulation, and therefore is there a chance that worst-case=20
encapsulated packets could still be too big?

But I did try "dd if=3D/dev/urandom bs=3D1024 count=3D100" and it did sen=
d the=20
whole random splurge without locking up the TCP connection.

I also wonder if wireguard could automatically reduce its MTU in=20
response to ICMP "frag needed" packets, at least down to a configured=20
minimum?

Regards,

Brian Candler.

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-03  7:41 MTU on public wifi Brian Candler

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox