potentially disallowing IP fragmentation on wg packets, and handling routing loops better

[Orsiris de Jong]

Hello,

Sorry to « unburry » this thread, but I’d love to know what has been decided for Wireguard regarding UDP fragmentation.
I use to play with a setup to bridge two physical ethernet ports through internet in order to create a LAN2LAN tunnel, that roughly looks like the following :

(SITE1 SWITCH)----ETH1----BRIDGE1----GRETAP1----WIREGUARD1----WAN1----(internet)----WAN2----WIREGUARD2---GRETAP2---BRIDGE2---ETH2----(SITE2 SWITCH)

Setting the wireguard MTU on both sides to 9200 and setting MSS clamping, I was able to let this chain act almost as a transparent ethernet cable, where packets from ETH1 to ETH2 could be up to 9000 bytes MTU, even if the WAN MTU were 1500 bytes or less.
Although I know many reasons why this is not ideal, and applications should compute pMTU in order to properly speak to each other, I have some industrial appliances that cannot be upgraded, that require a MTU 9000 link between both sites.

When I made this setup on RHEL 8, everything worked okay, even if the bandwith was low due to fragmentation.
But setting up the same in RHEL 9, I cannot transfer packets of sizes more than 1360 (which is 1500 minus wireguard and gretap headers).

I guess that somewhere between both releases, something has been changed in the way Wireguard allows or does honor do not fragment packets.
I’ve searched alot, and only found this thread that discusses a similar setup from Roman.

Could anyone give me some insight what was decided for the Wireguard fragmentation, and perhaps a tip to make this setup work again ?

Best regards,
Orsiris de Jong from NetInvent.