Re: WireGuard Windows should have default MTU of 1280.
On Tue, 22 Feb 2022 00:57:10 +0500 Roman Mamedov wrote: > On Mon, 21 Feb 2022 22:16:22 +0300 > Michael Tokarev wrote: > > > 21.02.2022 22:11, Michael Adams wrote: > > > Throwing in my two cents: I was using MTU 1280 on Tinc a few years back, > > > for IPv6 VPN support on Windows & Linux. It's good practice. > > > > Lemme guess. The OP is routing wg packets over IPv6? Can this be > > the problem here, because V6 has larger overhead so that 1420 is > > too large to fit into 1500 bytes together with IPv6 header? > > 1420 is picked specifically so that it fits into a 1500 byte packet with IPv6. > > If you run WG exclusively over IPv4, you can use up to 1432. Correction: 1440. https://www.mail-archive.com/wireguard@lists.zx2c4.com/msg01856.html I'm just used to subtracting 8 everywhere, because my ISP *does* use PPPoE. :) -- With respect, Roman
Re: WireGuard Windows should have default MTU of 1280.
On Mon, 21 Feb 2022 22:16:22 +0300 Michael Tokarev wrote: > 21.02.2022 22:11, Michael Adams wrote: > > Throwing in my two cents: I was using MTU 1280 on Tinc a few years back, > > for IPv6 VPN support on Windows & Linux. It's good practice. > > Lemme guess. The OP is routing wg packets over IPv6? Can this be > the problem here, because V6 has larger overhead so that 1420 is > too large to fit into 1500 bytes together with IPv6 header? 1420 is picked specifically so that it fits into a 1500 byte packet with IPv6. If you run WG exclusively over IPv4, you can use up to 1432. However, if your ISP uses, say, PPPoE or L2TP, you need to reduce these numbers accordingly, as the underlying interface will not have the full 1500 byte MTU. -- With respect, Roman
Re: WireGuard Windows should have default MTU of 1280.
21.02.2022 22:11, Michael Adams wrote: Throwing in my two cents: I was using MTU 1280 on Tinc a few years back, for IPv6 VPN support on Windows & Linux. It's good practice. BTW, tinc is quite good these days at figuring the right pMTU. It fails only in case of completely broken network.. /mjt
Re: WireGuard Windows should have default MTU of 1280.
21.02.2022 22:11, Michael Adams wrote: Throwing in my two cents: I was using MTU 1280 on Tinc a few years back, for IPv6 VPN support on Windows & Linux. It's good practice. Lemme guess. The OP is routing wg packets over IPv6? Can this be the problem here, because V6 has larger overhead so that 1420 is too large to fit into 1500 bytes together with IPv6 header? Speaking of the good practice - it really depends. /mjt
Re: WireGuard Windows should have default MTU of 1280.
19.02.2022 04:23, Rujbin wrote: Hello, i am just confused. When i use default MTU the Performance on Windows is VERY poor. It is almost unuseable. It happens on multiple Windows devices. I started using MTU 1280 for a while, but why is it only Windows with that issue? First, the speed is limited to 100mbps maximum. Thats weird, when i use MTU 1280 i have 1gbps. https://i.imgur.com/ELGOWDQ.png In our case with default MTU (of 1420 iirc), in-tunnel performance is near the direct pefrormance. When lowering MTU to 1280, the speed reduces a bit but not much (I guess due to larger overhead due to smaller packet size). This bug exists for a long time to me. I ran Wireguard on almost every provider, (i didnt check if it happens on Azure) but this bug exists on Hetzner, DigitalOcean, OVH. This is not normal. I am running the latest stable version of Wireguard Windows. Kernel module on servers and BoringTun. I don't see a bug here. /mjt
Re: WireGuard Windows should have default MTU of 1280.
On 18-Feb-22 20:23, Rujbin wrote: Hello, i am just confused. When i use default MTU the Performance on Windows is VERY poor. It is almost unuseable. It happens on multiple Windows devices. I started using MTU 1280 for a while, but why is it only Windows with that issue? First, the speed is limited to 100mbps maximum. Thats weird, when i use MTU 1280 i have 1gbps. https://i.imgur.com/ELGOWDQ.png This bug exists for a long time to me. I ran Wireguard on almost every provider, (i didnt check if it happens on Azure) but this bug exists on Hetzner, DigitalOcean, OVH. This is not normal. I am running the latest stable version of Wireguard Windows. Kernel module on servers and BoringTun. The question is so vague that you're not going to get unconfused without doing more work. Sounds like a fragmentation issue. Where can't be determined from the information given. But if path MTU discovery is disabled/broken, that kind of slowdown isn't surprising. 1280 is the minimum MTU for IPv6. (Path discovery is encouraged to use larger if possible.) See RFC2460 section 5. Where are you setting the MTU? On the physical IF, or the WireGuard IF? If the former, you want to increase by the size of the WG overhead. If your physical IF is IPv4, but you're tunneling IPv6 over WG - the minimum MTU for IPv4 is 512, so unless some MTU is set (and available for the complete route), WG packets will definitely fragment. In short, you need to provide more information (including a complete configuration, traceroutes with packet sizes, see if MTU discovery is blocked, ...), and do more work in order to get a useful answer. This includes the Windows question. Is WG running on windows, or on some router? IPv4? How does this differ from the other devices? What are they (IOS, Android, Linux, VMS, ZOS, ...)? OpenPGP_signature Description: OpenPGP digital signature
WireGuard Windows should have default MTU of 1280.
Hello, i am just confused. When i use default MTU the Performance on Windows is VERY poor. It is almost unuseable. It happens on multiple Windows devices. I started using MTU 1280 for a while, but why is it only Windows with that issue? First, the speed is limited to 100mbps maximum. Thats weird, when i use MTU 1280 i have 1gbps. https://i.imgur.com/ELGOWDQ.png This bug exists for a long time to me. I ran Wireguard on almost every provider, (i didnt check if it happens on Azure) but this bug exists on Hetzner, DigitalOcean, OVH. This is not normal. I am running the latest stable version of Wireguard Windows. Kernel module on servers and BoringTun.
Wireguard netstack client/server
Hi, Was trying to understand the netstack related examples in wireguard-go/tun/netstack/examples/ Examples for netstack available in other distributions, all do createNIC using the fd of the network on the host-machine or likewise. So packets enter/leave netstack through those interfaces. With wireguard-go/tun/netstack/examples/ I dont see any interface created on the host machine, then how are the packets enter/leave netstack where wireguard devices are running? Plz advice. Regards, dev