Traffic on port 53 fails on LTE but works on WiFi

John graysky at
Mon Nov 19 09:40:47 CET 2018

Thank you both for the replies.  I first tried reducing the MTU
(/etc/wireguard/wg0.conf setting MTU = xxxx) where I tried values of
1360, 1300, 1200, and 1100 but all met with the same result.

I next tried the suggestion to run `tcpdump udp port 53` when I have a
problematic client connect on LTE and when I have a successful
connection on LTE (different providers).  I need to read up more of
this output before I post publicly as I might be disclosing personal
privacy info.  I will say that each of them contain some lines like:

... Type63103 (Class 50031)? <BAD PTR>[|domain]
... Type4168 (Class 47859)? <BAD PTR>[|domain]

The difference is that the problematic client seems to only contain
lines with either 256 or 512 sizes (I assume sizes).
time stamp IP > wireguard.domain: 256 [xxxxa]
[xxxxq] [xxxn] [xxxxau][|domain]
time stamp IP wireguard.37024 > xxx+ PTR? (44)
time stamp IP > wireguard.domain: 512 [xxxxa]
[xxxxq] [xxxn] [xxxxau][|domain]

But the successful client connection has these plus a number of lines
where the 256 or 512 is 1024.  Again, I need to read about not
disclosing personal info before I post the entire dump file.

Is the little info I did post diagnostic?
On Mon, Nov 19, 2018 at 2:32 AM M. Dietrich <mdt at> wrote:
> Hi John,
> Quotation from John at November 18, 2018 19:55:
> > ... on port 53 ... do _not_ work when I connect via LTE
> > (Verizon supplying the data).  On LTE, I am no longer able
> > to transfer data to/from the server peer but I can handshake
> > with it.
> Vodafone blocks UDP traffic on port 53 in LTE.
> > 1) What can I try on the server peer side to diagnose?
> I would check with tcpdump. it seems Verizon does some package
> inspection, maybe reducing MTU will do?
> > 2) Do people feel that Verizon is actively blocking the
> > connection on port 53?
> Not with Verizon but Vodafone which does a complete block -
> not even the handshake goes through. Not sure about the cause
> for that, maybe they want to control your DNS that way.
> Regards,
> M. Dietrich

More information about the WireGuard mailing list