On Mon, Aug 13, 2018 at 5:06 AM Roman Mamedov <r...@romanrm.net> wrote: > > On Mon, 13 Aug 2018 02:53:44 +1000 > StarBrilliant <co...@poorlab.com> wrote: > > > I know Wireguard can already do IP layer fragmentation. (Just set > > tunnel MTU >= 1441 then fragmentation will be turned on) > > Is that really expected to work? I tried setting MTU 9000 on both ends of a WG > tunnel, but large packets still do not seem to come through properly. Did you > try using it like that in any kind of environment (aside from that one > restrictive network)? > > In theory using MTU 9000 or such would help lower the huge overhead percentage > of running IP over VXLAN over IP over WG over IP. I was looking into that the > other day, but my idea was to fragment VXLAN packets across multiple WG ones, > which turned out to be impossible (VXLAN RFC forbids fragmentation).
I have succeeded in setting a MTU of 1966 bytes inside VXLAN with a non-restrictive Ethernet. Due to a Linux bug, you need to do "sudo ethtool -K vxlan0 rx off tx off", or all UDP packets will have wrong checksums and being dropped. You might want to check my project on generating a Wireguard+VXLAN with a tool https://github.com/m13253/VxWireguard-Generator (Note that this is not production-ready. In other words, please back up your main database often) _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard