Help calculate MTU, ISP's 1448

Help calculate MTU, ISP's 1448

[STR .]

Hi,

I have Fiber to our apartment complex basement, from there Cat6 runs to
each apartment. The ISP/apartment service provider suggests an MTU of
1448, which I set for the PPPoE interface on my OpenWRT router.

I read 
https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
which comes to (assuming 1500 byte MTU) to 60 bytes (IPv6) to 80 bytes less to account for Wireguard protocol overhead.

Using this info, I tried an MTU of both (1448-80=1368) and (1448-
60=1388).
As my ISP assigns only IPv4, I expected an MTU of 1388 to work, which I
set on the Wireguard interface in OpenWRT.

However, when set to 1388, almost everything works except any Google
related sites like Maps, Gmail, YT etc.
When set to 1368, everything works and it's the way I have it setup
right now.

What am I missing here?
Why won't Google sites load via my WG VPN when the MTU is set to 1388?

If it helps, I host the WG server on Google's cloud platform and was
informed that GCP has an MTU of 1460 bytes.

Thank you,
S

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Help calculate MTU, ISP's 1448

[Roman Mamedov]

On Tue, 26 Feb 2019 12:39:50 +0000
"STR ." <strykar@hotmail.com> wrote:

> I have Fiber to our apartment complex basement, from there Cat6 runs to
> each apartment. The ISP/apartment service provider suggests an MTU of
> 1448, which I set for the PPPoE interface on my OpenWRT router.

It could be that your ISP meant this as the pre-PPPoE MTU, so 1448 on ethX
link, but 1440 inside PPPoE.

> I read 
> https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
> which comes to (assuming 1500 byte MTU) to 60 bytes (IPv6) to 80 bytes less to account for Wireguard protocol overhead.
> 
> Using this info, I tried an MTU of both (1448-80=1368) and (1448-
> 60=1388).
> As my ISP assigns only IPv4, I expected an MTU of 1388 to work, which I
> set on the Wireguard interface in OpenWRT.
> 
> However, when set to 1388, almost everything works except any Google
> related sites like Maps, Gmail, YT etc.
> When set to 1368, everything works and it's the way I have it setup
> right now.

Try 1380 for a bit.

> What am I missing here?
> Why won't Google sites load via my WG VPN when the MTU is set to 1388?
> 
> If it helps, I host the WG server on Google's cloud platform and was
> informed that GCP has an MTU of 1460 bytes.

Are you setting the same (lower of the two maximums) MTU on both ends of the
wireguard tunnel? (You should)

-- 
With respect,
Roman
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Help calculate MTU, ISP's 1448

[Denis Kisselev]

[-- Attachment #1.1: Type: text/plain, Size: 1732 bytes --]

Check what IP's the google domains are resolving to.

You might be getting IPv6 DNS responses back and your VPN/firewall configuration is blocking them.
I've run into the opposite issue where my ISP's IPv4 stack crashed and Google/Facebook worked (over IPv6) but most other sites failed.
________________________________
From: WireGuard <wireguard-bounces@lists.zx2c4.com> on behalf of STR . <strykar@hotmail.com>
Sent: Tuesday, February 26, 2019 4:39 AM
To: wireguard@lists.zx2c4.com
Subject: Help calculate MTU, ISP's 1448

Hi,

I have Fiber to our apartment complex basement, from there Cat6 runs to
each apartment. The ISP/apartment service provider suggests an MTU of
1448, which I set for the PPPoE interface on my OpenWRT router.

I read
https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
which comes to (assuming 1500 byte MTU) to 60 bytes (IPv6) to 80 bytes less to account for Wireguard protocol overhead.

Using this info, I tried an MTU of both (1448-80=1368) and (1448-
60=1388).
As my ISP assigns only IPv4, I expected an MTU of 1388 to work, which I
set on the Wireguard interface in OpenWRT.

However, when set to 1388, almost everything works except any Google
related sites like Maps, Gmail, YT etc.
When set to 1368, everything works and it's the way I have it setup
right now.

What am I missing here?
Why won't Google sites load via my WG VPN when the MTU is set to 1388?

If it helps, I host the WG server on Google's cloud platform and was
informed that GCP has an MTU of 1460 bytes.

Thank you,
S

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

[-- Attachment #1.2: Type: text/html, Size: 2825 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Help calculate MTU, ISP's 1448

[Derrick Lyndon Pallas]

[-- Attachment #1.1: Type: text/plain, Size: 2306 bytes --]

I've had to drop to 1280 from Linode to several cellular carriers or else IPv6 fails. Ymmv, but the primary problem I've seen is MTU discovery failing because the v6 message is being eaten but not the v4 message. Have you enabled discovery in the kernel?

~Derrick • iPhone

> On Feb 28, 2019, at 11:56 AM, Denis Kisselev <denis@dkisselev.net> wrote:
> 
> Check what IP's the google domains are resolving to.
> 
> You might be getting IPv6 DNS responses back and your VPN/firewall configuration is blocking them.
> I've run into the opposite issue where my ISP's IPv4 stack crashed and Google/Facebook worked (over IPv6) but most other sites failed.
> From: WireGuard <wireguard-bounces@lists.zx2c4.com> on behalf of STR . <strykar@hotmail.com>
> Sent: Tuesday, February 26, 2019 4:39 AM
> To: wireguard@lists.zx2c4.com
> Subject: Help calculate MTU, ISP's 1448
>  
> Hi,
> 
> I have Fiber to our apartment complex basement, from there Cat6 runs to
> each apartment. The ISP/apartment service provider suggests an MTU of
> 1448, which I set for the PPPoE interface on my OpenWRT router.
> 
> I read 
> https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
> which comes to (assuming 1500 byte MTU) to 60 bytes (IPv6) to 80 bytes less to account for Wireguard protocol overhead.
> 
> Using this info, I tried an MTU of both (1448-80=1368) and (1448-
> 60=1388).
> As my ISP assigns only IPv4, I expected an MTU of 1388 to work, which I
> set on the Wireguard interface in OpenWRT.
> 
> However, when set to 1388, almost everything works except any Google
> related sites like Maps, Gmail, YT etc.
> When set to 1368, everything works and it's the way I have it setup
> right now.
> 
> What am I missing here?
> Why won't Google sites load via my WG VPN when the MTU is set to 1388?
> 
> If it helps, I host the WG server on Google's cloud platform and was
> informed that GCP has an MTU of 1460 bytes.
> 
> Thank you,
> S
> 
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

[-- Attachment #1.2: Type: text/html, Size: 3919 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard