Question about MTU and Wireguard and the current changes
tlhackque
tlhackque at yahoo.com
Mon Jan 10 20:56:07 UTC 2022
On 10-Jan-22 15:37, henning.reich at gmail.com wrote:
> Hi,
> I run in some connection troubles between two wireguards host (one
> running fedora 35, one arch linux). If I tried to transfer large files
> through SSH (SCP or btrfs send/receive thorugh ssh through wireguard
> tunnel) it stucks after a few byte and nothing transfered anymore.
>
> This happens in the last days, so probably an update on one or both
> machines. I also saw, that there some changes on the MTU thing (If I
> remember correctly, a per peer MTU is configurable)
>
> However. My first try was just set the MTU to a lower number (MTU =
> 1200) and yes, scp works again.
> Okay, so I did the good old ping test. "ping -M do -s $SIZE -c 1
> 172.16.0.2" with $SIZE increasing. And that surprised me. It works
> until an Size of 36932 Bytes. Checked with wireguard and "MTU = 36932"
> and yes, scp still working.
>
> Can somebody explain, why the old default setting of "65456" doesn't
> work anymore but the MTU can set to much higher values as typical ones?
>
> Thanks
> Henning
>
Guess: Fragmentation happens somewhere and fragments are blocked at your
router/firewall/host. Blocking fragments is a common, if misguided,
"security enhancement".
A packet trace would provide the necessary clues in any case.
Wireshark is a convenient way to get one.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20220110/5a80ea98/attachment.sig>
More information about the WireGuard
mailing list