Buggy MTU with Wireguard (attached pcapng)

Vasili Pupkin diggest at gmail.com
Mon Feb 3 19:04:23 CET 2020

The TCP connection MSS is set to 1460 bytes and also Don't fragment flag 
is set. The server selects this MSS as a frame size on its side and 
packet is dropped, probably. If you are using linux router try to use 
this command "iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j 
TCPMSS --clamp-mss-to-pmtu" or be careful to set MTU on all client 
machines adapters correctly.

On 10.01.2020 1:05, alpha_one_x86 wrote:
> Hi,
> I have wireguard interface "veth", and my real interface "eth0".
> No bug with openvpn, but with wireguard on IPv4 for https, I have bug, 
> see the attached file, the returned data is 3300byte, then Destination 
> unreachable (Fragmentation needed).
> Bug into wireguard? How fix this?
> The ok.pcapng it's same https download do with openvpn.
> Cheers,
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200203/630716f7/attachment.html>

More information about the WireGuard mailing list