Improve "[WireGuard] Header / MTU sizes for Wireguard"

Roman Mamedov rm at
Wed Jul 17 11:56:10 CEST 2019

On Wed, 17 Jul 2019 17:45:18 +0800
Yousong Zhou <yszhou4tech at> wrote:

> For WireGuard overhead breakdown [1], maybe it's worth also mentioning
> that N the length of encrypted data will be padded to be multiples of
> 16.
> I am only aware of this when fragmentation was spotted.  With 1500 as
> MTU for ethernet, PPPoE has MTU 1492 (1500 - 8).  I thought 1432 (1492
> - 60) for wireguard should work for ipv4-only traffic. It needs to be
> 1424 to avoid fragmentation.

1432 should work as long as you set it on *both* ends of your WireGuard tunnel.
I wrote about this here (expect mine was on IPv6, so all MTUs listed are 20
bytes lower):
Could you try 1432 on both endpoints and confirm it works (or not)?

So far I don't know any clear explanation of what's described in the above
referenced message. Also that was before the IPv6 fragmentation was allowed
for WG, so now it will change (likely will still work and send fragmented
packets, instead of all the "Fail" cases in the table).

With respect,

More information about the WireGuard mailing list