* MTU on wireguard-apple for IPv6
@ 2019-12-17 18:26 Rémi Lapeyre
2019-12-19 1:27 ` Jason A. Donenfeld
0 siblings, 1 reply; 5+ messages in thread
From: Rémi Lapeyre @ 2019-12-17 18:26 UTC (permalink / raw)
To: wireguard
Hi, we have users that are reporting many issues when using the
WireGuard client on MacOS laptops with IPv6 networks. It seems that
most of those issues disappear when we set the MTU to 1280 in the
configuration.
Since they are using laptops, some are frequently on badly behaved
networks. Reading the source code, it seems that this situation is
handled differently on iOS vs MacOS in generateNetworkSettings():
let mtu = tunnelConfiguration.interface.mtu ?? 0
/* 0 means automatic MTU. In theory, we should just do
* `networkSettings.tunnelOverheadBytes = 80` but in
* practice there are too many broken networks out there.
* Instead set it to 1280. Boohoo. Maybe someday we'll
* add a nob, maybe, or iOS will do probing for us.
*/
if mtu == 0 {
#if os(iOS)
networkSettings.mtu = NSNumber(value: 1280)
#elseif os(macOS)
networkSettings.tunnelOverheadBytes = 80
#else
#error("Unimplemented")
#endif
} else {
networkSettings.mtu = NSNumber(value: mtu)
}
Does `networkSettings.tunnelOverheadBytes = 80` means the MTU will
used be the one of the interface minus 80 bits of overhead for the
WireGuard protocol?
Some of our users where tethering over their phone connection so it
seems that 1280 is appropriate in that case, but I’m confused as to
why connections not going through the WireGuard tunnel where not
impacted in that case.
Does it really make sense to treat laptops and iOS devices differently
are sometime connected to random networks? Should this be changed to
`networkSettings.mtu = NSNumber(value: 1280)` in all cases?
Rémi
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: MTU on wireguard-apple for IPv6
2019-12-17 18:26 MTU on wireguard-apple for IPv6 Rémi Lapeyre
@ 2019-12-19 1:27 ` Jason A. Donenfeld
2019-12-19 10:37 ` Rémi Lapeyre
2019-12-27 16:10 ` Rémi Lapeyre
0 siblings, 2 replies; 5+ messages in thread
From: Jason A. Donenfeld @ 2019-12-19 1:27 UTC (permalink / raw)
To: Rémi Lapeyre; +Cc: WireGuard mailing list
On Thu, Dec 19, 2019 at 2:21 AM Rémi Lapeyre <remi.lapeyre@henki.fr> wrote:
> Does `networkSettings.tunnelOverheadBytes = 80` means the MTU will
> used be the one of the interface minus 80 bits of overhead for the
> WireGuard protocol?
Right, it means the MTU of the WireGuard interface will be the MTU of
your wifi interface minus 80.
> Some of our users where tethering over their phone connection so it
> seems that 1280 is appropriate in that case, but I’m confused as to
> why connections not going through the WireGuard tunnel where not
> impacted in that case.
Probably the phone's dhcp server doesn't pass the right MTU back to
the client, but then the phone does the mss-mtu hack to fix up TCP
connections. That hack doesn't work when the traffic is end-to-end
encrypted, as is the case with WireGuard, so no smaller MSS is ever
negotiated.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: MTU on wireguard-apple for IPv6
2019-12-19 1:27 ` Jason A. Donenfeld
@ 2019-12-19 10:37 ` Rémi Lapeyre
2019-12-27 16:10 ` Rémi Lapeyre
1 sibling, 0 replies; 5+ messages in thread
From: Rémi Lapeyre @ 2019-12-19 10:37 UTC (permalink / raw)
To: Rémi Lapeyre, Jason A. Donenfeld; +Cc: WireGuard mailing list
> Probably the phone's dhcp server doesn't pass the right MTU back to
> the client, but then the phone does the mss-mtu hack to fix up TCP
> connections. That hack doesn't work when the traffic is end-to-end
> encrypted, as is the case with WireGuard, so no smaller MSS is ever
> negotiated.
Won’t this situation happen a lot? Should we fix the default MTU to 1280
to avoid users having their tunnel randomly fail on some network?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: MTU on wireguard-apple for IPv6
2019-12-19 1:27 ` Jason A. Donenfeld
2019-12-19 10:37 ` Rémi Lapeyre
@ 2019-12-27 16:10 ` Rémi Lapeyre
1 sibling, 0 replies; 5+ messages in thread
From: Rémi Lapeyre @ 2019-12-27 16:10 UTC (permalink / raw)
To: Rémi Lapeyre, Jason A. Donenfeld; +Cc: WireGuard mailing list
My previous message may have been lost.
> Probably the phone's dhcp server doesn't pass the right MTU back to
> the client, but then the phone does the mss-mtu hack to fix up TCP
> connections. That hack doesn't work when the traffic is end-to-end
> encrypted, as is the case with WireGuard, so no smaller MSS is ever
> negotiated.
Won’t this situation happen a lot? Should we fix the default MTU to 1280
to avoid users having their tunnel randomly fail on some network?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 5+ messages in thread
* MTU on wireguard-apple for IPv6
@ 2019-12-18 10:41 Rémi Lapeyre
0 siblings, 0 replies; 5+ messages in thread
From: Rémi Lapeyre @ 2019-12-18 10:41 UTC (permalink / raw)
To: wireguard
Hi, we have users that are reporting many issues when using the
WireGuard client on MacOS laptops with IPv6 networks. It seems that
most of those issues disappear when we set the MTU to 1280 in the
configuration.
Since they are using laptops, some are frequently on badly behaved
networks. Reading the source code, it seems that this situation is
handled differently on iOS vs MacOS in generateNetworkSettings():
let mtu = tunnelConfiguration.interface.mtu ?? 0
/* 0 means automatic MTU. In theory, we should just do
* `networkSettings.tunnelOverheadBytes = 80` but in
* practice there are too many broken networks out there.
* Instead set it to 1280. Boohoo. Maybe someday we'll
* add a nob, maybe, or iOS will do probing for us.
*/
if mtu == 0 {
#if os(iOS)
networkSettings.mtu = NSNumber(value: 1280)
#elseif os(macOS)
networkSettings.tunnelOverheadBytes = 80
#else
#error("Unimplemented")
#endif
} else {
networkSettings.mtu = NSNumber(value: mtu)
}
Does `networkSettings.tunnelOverheadBytes = 80` means the MTU will
used be the one of the interface minus 80 bits of overhead for the
WireGuard protocol?
Some of our users where tethering over their phone connection so it
seems that 1280 is appropriate in that case, but I’m confused as to
why connections not going through the WireGuard tunnel where not
impacted in that case.
Does it really make sense to treat laptops and iOS devices differently
are sometime connected to random networks? Should this be changed to
`networkSettings.mtu = NSNumber(value: 1280)` in all cases?
Rémi
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-12-27 16:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-17 18:26 MTU on wireguard-apple for IPv6 Rémi Lapeyre
2019-12-19 1:27 ` Jason A. Donenfeld
2019-12-19 10:37 ` Rémi Lapeyre
2019-12-27 16:10 ` Rémi Lapeyre
2019-12-18 10:41 Rémi Lapeyre
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).