Fragmentation on UDP layer possible?

Baptiste Jonglez baptiste at bitsofnetworks.org
Tue Aug 14 12:29:49 CEST 2018


On 13-08-18, Roman Mamedov wrote:
> On Mon, 13 Aug 2018 02:53:44 +1000
> StarBrilliant <coder at poorlab.com> wrote:
> 
> > I know Wireguard can already do IP layer fragmentation. (Just set
> > tunnel MTU >= 1441 then fragmentation will be turned on)
> 
> Is that really expected to work? I tried setting MTU 9000 on both ends of a WG
> tunnel, but large packets still do not seem to come through properly. Did you
> try using it like that in any kind of environment (aside from that one
> restrictive network)?

Yes, it works: we use that to enforce a 1500 MTU on the wg interface, it
avoids a lot of headache.  Wireguard may end up sending UDP packets larger
than the MTU, which the kernel fragments at the IP layer.  The kernel of
the remote endpoint then reassembles these packets before giving them to
wireguard.

That being said, if you have a nasty firewall or middlebox in the (public)
path between your endpoints, it might indeed drop fragmented IP packets,
breaking this use-case.

Baptiste
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180814/711d67c3/attachment.asc>


More information about the WireGuard mailing list