On 10-Jan-22 15:37, henning.re...@gmail.com wrote:
I run in some connection troubles between two wireguards host (one running fedora 35, one arch linux). If I tried to transfer large files through SSH (SCP or btrfs send/receive thorugh ssh through wireguard tunnel) it stucks after a few byte and nothing transfered anymore.

This happens in the last days, so probably an update on one or both machines. I also saw, that there some changes on the MTU thing (If I remember correctly, a per peer MTU is configurable)

However. My first try was just set the MTU to a lower number (MTU = 1200) and yes, scp works again. Okay, so I did the good old ping test. "ping -M do -s $SIZE -c 1" with $SIZE increasing. And that surprised me. It works until an Size of 36932 Bytes. Checked with wireguard and "MTU = 36932" and yes, scp still working.

Can somebody explain, why the old default setting of "65456" doesn't work anymore but the MTU can set to much higher values as typical ones?


Guess: Fragmentation happens somewhere and fragments are blocked at your router/firewall/host.  Blocking fragments is a common, if misguided, "security enhancement".

A packet trace would provide the necessary clues in any case.

Wireshark is a convenient way to get one.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to