On 10-Jan-22 15:37, henning.reich@gmail.com wrote:
> Hi,
> I run in some connection troubles between two wireguards host (one 
> running fedora 35, one arch linux). If I tried to transfer large files 
> through SSH (SCP or btrfs send/receive thorugh ssh through wireguard 
> tunnel) it stucks after a few byte and nothing transfered anymore.
>
> This happens in the last days, so probably an update on one or both 
> machines. I also saw, that there some changes on the MTU thing (If I 
> remember correctly, a per peer MTU is configurable)
>
> However. My first try was just set the MTU to a lower number (MTU = 
> 1200) and yes, scp works again.
> Okay, so I did the good old ping test. "ping -M do -s $SIZE -c 1 
> 172.16.0.2" with $SIZE increasing. And that surprised me. It works 
> until an Size of 36932 Bytes. Checked with wireguard and "MTU = 36932" 
> and yes, scp still working.
>
> Can somebody explain, why the old default setting of "65456" doesn't 
> work anymore but the MTU can set to much higher values as typical ones?
>
> Thanks
> Henning
>
Guess: Fragmentation happens somewhere and fragments are blocked at your 
router/firewall/host.  Blocking fragments is a common, if misguided, 
"security enhancement".

A packet trace would provide the necessary clues in any case.

Wireshark is a convenient way to get one.