Some questions about the protocol

sopium sopium at
Mon Mar 20 06:06:13 CET 2017


Thanks for the reply. Some more questions.

The most tricky one first:

Do we send back keep-alive packets in response to keep-alive packets?
[No?] If so, they will ping-pong indefinitely, and persistent
keep-alive seems unnecessary. If not, do we send keep-alive packets in
response to persistent keep-alive packets? [Yes?] Then we need to
distinguish these two different types of keep-alive?


2017-03-16 0:34 GMT+08:00 Jason A. Donenfeld <Jason at>:
> [...]
>> * Shall we start handshake in case the _previous_ session is not
>>   alive, or too old? My guess is NO?
> I'm not sure I understand your question. Could you rephrase? Here's
> some text that might clarify things possibly:

[Not a question] I was thinking of these timers as tied to individual
sessions. It all makes sense if they are tied to the peer.

>> * When padding packets, how to avoid getting larger than MTU,
>>   because we don't seem to know the MTU?
> You know the MTU of the WireGuard interface, and so you pad packets to
> fit into that. You can query this from the TUN device.
> WireGuard currently doesn't do per-peer-endpoint PMTU, but I'm working
> on this, and I'll update you when this is worked out.

Since a WireGuard interface can have multiple peers, some may have
a smaller MTU than the interface MTU?


More information about the WireGuard mailing list