[WireGuard] Header / MTU sizes for Wireguard
Jason A. Donenfeld
Jason at zx2c4.com
Mon Dec 11 02:36:27 CET 2017
Many people ask about the packet breakdown of WireGuard, and though
this is explained in [1] and [2], many find this ancient mailing list
thread, which now contains out of date information. So this email is
to bring the thread up to date, for folks who stumble upon it.
The overhead of WireGuard breaks down as follows:
- 20-byte IPv4 header or 40 byte IPv6 header
- 8-byte UDP header
- 4-byte type
- 4-byte key index
- 8-byte nonce
- N-byte encrypted data
- 16-byte authentication tag
So, if you assume 1500 byte ethernet frames, the worst case (IPv6)
winds up being 1500-(40+8+4+4+8+16), leaving N=1420 bytes. However, if
you know ahead of time that you're going to be using IPv4 exclusively,
then you could get away with N=1440 bytes.
[1] https://www.wireguard.com/protocol/
[2] https://www.wireguard.com/papers/wireguard.pdf
More information about the WireGuard
mailing list