Some questions about the protocol

Jason A. Donenfeld Jason at
Mon Mar 20 16:18:09 CET 2017

On Mon, Mar 20, 2017 at 6:06 AM, sopium <sopium at> wrote:
> Do we send back keep-alive packets in response to keep-alive packets?
> [No?] If so, they will ping-pong indefinitely, and persistent
> keep-alive seems unnecessary. If not, do we send keep-alive packets in
> response to persistent keep-alive packets? [Yes?] Then we need to
> distinguish these two different types of keep-alive?

You do _not_ send a keepalive to a keepalive.
You do _not_ need to distinguish the two different types of keepalives.
You do _not_ send keepalive packets in response to persistent
keepalive packets. They are the same and indistinguishable.

The rule is:
   If a non-keepalive data packet has been received from a given peer,
but we have not
   sent either a non-keepalive data packet nor a keepalive data packet
to the given peer
   within the last KEEPALIVE ms, then we send a keepalive data packet.

When persistent keepalive is enabled, we simply send a keepalive every
X ms, which satisfies the condition above, and thus no additional
keepalives need to be sent, if persistent keepalive interval is >

>> WireGuard currently doesn't do per-peer-endpoint PMTU, but I'm working
>> on this, and I'll update you when this is worked out.
> Since a WireGuard interface can have multiple peers, some may have
> a smaller MTU than the interface MTU?

Yes. Per-peer PMTU discovery is currently a TODO item, but currently
is not worked out. Right now the best we can do is per-interface. This
will change at some point in the future, but not now.

More information about the WireGuard mailing list