potentially disallowing IP fragmentation on wg packets, and handling routing loops better

Derek Fawcus dfawcus+lists-wireguard at employees.org
Mon Jun 7 11:58:29 UTC 2021


On Sun, Jun 06, 2021 at 01:14:16PM +0200, Peter Linder wrote:
> This would break things for me. We're doing a lot of L2 over L3 site to 
> site stuff and we are using wireguard as the outer layer. Inner layer is 
> vxlan or l2tpv3.
>
> In particular, people connect lots of stuff with no regard for MTU. For 
> some things it's also very hard to change so we just assume people 
> don't. Since the L3 network typically has the same MTU as the inner L2 
> network, we need fragmentation. There is no practical way to be able to 
> tell hosts on the L2 network about the limited mtu, for all we know they 
> don't even run IP....

I've not looked in to vxlan much, but for L2TP you always have recourse
to RFC 4623, where the MRU & MRRU can be exchanged.

DF


More information about the WireGuard mailing list