Buggy MTU with Wireguard (attached pcapng)
Vasili Pupkin
diggest at gmail.com
Mon Feb 3 19:04:23 CET 2020
The TCP connection MSS is set to 1460 bytes and also Don't fragment flag
is set. The server selects this MSS as a frame size on its side and
packet is dropped, probably. If you are using linux router try to use
this command "iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j
TCPMSS --clamp-mss-to-pmtu" or be careful to set MTU on all client
machines adapters correctly.
On 10.01.2020 1:05, alpha_one_x86 wrote:
>
> Hi,
>
> I have wireguard interface "veth", and my real interface "eth0".
>
> No bug with openvpn, but with wireguard on IPv4 for https, I have bug,
> see the attached file, the returned data is 3300byte, then Destination
> unreachable (Fragmentation needed).
>
> Bug into wireguard? How fix this?
>
> The ok.pcapng it's same https download do with openvpn.
>
> Cheers,
>
>
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200203/630716f7/attachment.html>
More information about the WireGuard
mailing list