* Re: [WireGuard] Header / MTU sizes for Wireguard
@ 2023-08-17 20:14 blurt_overkill882
2023-08-23 16:15 ` Roman Mamedov
0 siblings, 1 reply; 6+ messages in thread
From: blurt_overkill882 @ 2023-08-17 20:14 UTC (permalink / raw)
To: wireguard
Hello, I hope this is the right place.
I see here[1] that if you're using IPv4 exclusively, you can get away with an MTU of 1440. If my client only has IPv4 internet, however the server issues an IPv6 address for use by the client, can the client still use 1440 without fragmentation, or must the client use 1420, because even though their connection is IPv4, they are issued an IPv6 address within the tunnel?
[1] https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
Thanks in advance!
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [WireGuard] Header / MTU sizes for Wireguard
2023-08-17 20:14 [WireGuard] Header / MTU sizes for Wireguard blurt_overkill882
@ 2023-08-23 16:15 ` Roman Mamedov
[not found] ` <CAC9cSOA4-NDcVNs6s_mMT8kp3J8apnCMEXFGx4_XokipABhmAQ@mail.gmail.com>
0 siblings, 1 reply; 6+ messages in thread
From: Roman Mamedov @ 2023-08-23 16:15 UTC (permalink / raw)
To: blurt_overkill882; +Cc: wireguard
On Thu, 17 Aug 2023 20:14:52 +0000
blurt_overkill882@simplelogin.com wrote:
> I see here[1] that if you're using IPv4 exclusively, you can get away with
> an MTU of 1440. If my client only has IPv4 internet, however the server
> issues an IPv6 address for use by the client, can the client still use 1440
> without fragmentation, or must the client use 1420, because even though
> their connection is IPv4, they are issued an IPv6 address within the tunnel?
>
> [1] https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
Yes they can. This is only affected by whether or not WG itself runs over
v4/v6, not whether you use v4 or v6 inside WG.
Be aware though that some residential Internet connections use MTU-reducing
tunnels for ISP authentication. The most popular one would be PPPoE with 8
bytes that you need to substract, but there also can be L2TP or PPTP with
larger overheads.
--
With respect,
Roman
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [WireGuard] Header / MTU sizes for Wireguard
[not found] ` <CAC9cSOA4-NDcVNs6s_mMT8kp3J8apnCMEXFGx4_XokipABhmAQ@mail.gmail.com>
@ 2023-08-24 13:21 ` Roman Mamedov
0 siblings, 0 replies; 6+ messages in thread
From: Roman Mamedov @ 2023-08-24 13:21 UTC (permalink / raw)
To: Saint Michael; +Cc: blurt_overkill882, wireguard
On Thu, 24 Aug 2023 08:50:20 -0400
Saint Michael <venefax@gmail.com> wrote:
> This is the Achiles' heel of Wireguard. It reduces the MTU too much. Other
> tunneling techniques use a much larger MTU. I use Mikotik routers and one
> of the supported tunnels goes up to 1472. Some apps requiere a large MTU.
> Why Wireguard requieres so much space, so to speak?
Because it uses encryption, and each packet is also cryptographically signed.
I believe the other tunnels you have in mind will transfer data in plaintext
(unencrypted).
--
With respect,
Roman
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [WireGuard] Header / MTU sizes for Wireguard
2016-07-26 23:41 ` Jason A. Donenfeld
@ 2017-12-11 1:36 ` Jason A. Donenfeld
0 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-12-11 1:36 UTC (permalink / raw)
To: WireGuard mailing list
Many people ask about the packet breakdown of WireGuard, and though
this is explained in [1] and [2], many find this ancient mailing list
thread, which now contains out of date information. So this email is
to bring the thread up to date, for folks who stumble upon it.
The overhead of WireGuard breaks down as follows:
- 20-byte IPv4 header or 40 byte IPv6 header
- 8-byte UDP header
- 4-byte type
- 4-byte key index
- 8-byte nonce
- N-byte encrypted data
- 16-byte authentication tag
So, if you assume 1500 byte ethernet frames, the worst case (IPv6)
winds up being 1500-(40+8+4+4+8+16), leaving N=1420 bytes. However, if
you know ahead of time that you're going to be using IPv4 exclusively,
then you could get away with N=1440 bytes.
[1] https://www.wireguard.com/protocol/
[2] https://www.wireguard.com/papers/wireguard.pdf
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [WireGuard] Header / MTU sizes for Wireguard
2016-07-26 19:42 jens
@ 2016-07-26 23:41 ` Jason A. Donenfeld
2017-12-11 1:36 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2016-07-26 23:41 UTC (permalink / raw)
To: jens; +Cc: WireGuard mailing list
Hi Jens,
I assume it was you asking in the IRC channel about this same thing
before signing out? Sorry I wasn't there when you were; I only just
now arrived home.
There actually is some optimization potential for you with regards to
the MTU. The overhead of WireGuard breaks down as follows:
- 20 byte IPv4 header or 40 byte IPv6 header
- 8 byte UDP header
- 1 byte type
- 4 byte key index
- 8 byte nonce
- N byte encrypted data
- 16 byte poly1305 authentication tag
So, if you assume 1500 byte ethernet frames, the worst case (IPv6)
winds up being 1500-(40+8+1+4+8+16), leaving N=1423 bytes. However, if
you know ahead of time that you're going to be using IPv4 exclusively,
then you could get away with 1443 bytes.
Hope that helps,
Jason
^ permalink raw reply [flat|nested] 6+ messages in thread
* [WireGuard] Header / MTU sizes for Wireguard
@ 2016-07-26 19:42 jens
2016-07-26 23:41 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: jens @ 2016-07-26 19:42 UTC (permalink / raw)
To: wireguard
[-- Attachment #1: Type: text/plain, Size: 572 bytes --]
hi,
we are succesfully built an alternative for our tincd backbone with
wireguard (and on top l2tpv3/batv15).
with iperf we get up to 500Mbs on l2tpv3 level.. (upto 700 on pure
wireguard)
for optimization we need to know more and better about the used header,
the possible data-size per packet-header to increase throuhput with all
the other layers.
Do you know your headersize, or some more easy details in
headersize/packetsize...
where does the default mtu of 1423 come from
thx jens
--
make the world nicer, please use PGP encryption
[-- Attachment #2: Type: text/html, Size: 893 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-08-24 13:23 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-17 20:14 [WireGuard] Header / MTU sizes for Wireguard blurt_overkill882
2023-08-23 16:15 ` Roman Mamedov
[not found] ` <CAC9cSOA4-NDcVNs6s_mMT8kp3J8apnCMEXFGx4_XokipABhmAQ@mail.gmail.com>
2023-08-24 13:21 ` Roman Mamedov
-- strict thread matches above, loose matches on Subject: below --
2016-07-26 19:42 jens
2016-07-26 23:41 ` Jason A. Donenfeld
2017-12-11 1:36 ` Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).