Development discussion of WireGuard
 help / color / mirror / Atom feed
* Question about MTU and Wireguard and the current changes
@ 2022-01-10 20:37 henning.reich
  2022-01-10 20:56 ` tlhackque
  0 siblings, 1 reply; 2+ messages in thread
From: henning.reich @ 2022-01-10 20:37 UTC (permalink / raw)
  To: wireguard

Hi,
I run in some connection troubles between two wireguards host (one 
running fedora 35, one arch linux). If I tried to transfer large files 
through SSH (SCP or btrfs send/receive thorugh ssh through wireguard 
tunnel) it stucks after a few byte and nothing transfered anymore.

This happens in the last days, so probably an update on one or both 
machines. I also saw, that there some changes on the MTU thing (If I 
remember correctly, a per peer MTU is configurable)

However. My first try was just set the MTU to a lower number (MTU = 
1200) and yes, scp works again.
Okay, so I did the good old ping test. "ping -M do -s $SIZE -c 1 
172.16.0.2" with $SIZE increasing. And that surprised me. It works until 
an Size of 36932 Bytes. Checked with wireguard and "MTU = 36932" and 
yes, scp still working.

Can somebody explain, why the old default setting of "65456" doesn't 
work anymore but the MTU can set to much higher values as typical ones?

Thanks
Henning


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Question about MTU and Wireguard and the current changes
  2022-01-10 20:37 Question about MTU and Wireguard and the current changes henning.reich
@ 2022-01-10 20:56 ` tlhackque
  0 siblings, 0 replies; 2+ messages in thread
From: tlhackque @ 2022-01-10 20:56 UTC (permalink / raw)
  To: wireguard


[-- Attachment #1.1: Type: text/plain, Size: 1369 bytes --]

On 10-Jan-22 15:37, henning.reich@gmail.com wrote:
> Hi,
> I run in some connection troubles between two wireguards host (one 
> running fedora 35, one arch linux). If I tried to transfer large files 
> through SSH (SCP or btrfs send/receive thorugh ssh through wireguard 
> tunnel) it stucks after a few byte and nothing transfered anymore.
>
> This happens in the last days, so probably an update on one or both 
> machines. I also saw, that there some changes on the MTU thing (If I 
> remember correctly, a per peer MTU is configurable)
>
> However. My first try was just set the MTU to a lower number (MTU = 
> 1200) and yes, scp works again.
> Okay, so I did the good old ping test. "ping -M do -s $SIZE -c 1 
> 172.16.0.2" with $SIZE increasing. And that surprised me. It works 
> until an Size of 36932 Bytes. Checked with wireguard and "MTU = 36932" 
> and yes, scp still working.
>
> Can somebody explain, why the old default setting of "65456" doesn't 
> work anymore but the MTU can set to much higher values as typical ones?
>
> Thanks
> Henning
>
Guess: Fragmentation happens somewhere and fragments are blocked at your 
router/firewall/host.  Blocking fragments is a common, if misguided, 
"security enhancement".

A packet trace would provide the necessary clues in any case.

Wireshark is a convenient way to get one.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-01-10 20:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-10 20:37 Question about MTU and Wireguard and the current changes henning.reich
2022-01-10 20:56 ` tlhackque

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).