On 8/30/21 1:24 PM, Daniel wrote:
Hi
Le 27/08/2021 à 23:44, Roman Mamedov a écrit :
On Sat, 28 Aug 2021 07:05:45 +0930
Mike O'Connor <m...@pineview.net> wrote:
On a 1500 link I'm having to use 1280 to get ipv6 to successfully go
over a wireguard link.
Then it is not a true 1500 MTU link, something in-between drops
packets at a
lower bar. Or maybe not all of them, but just UDP, for example.
But yeah, 1280 is worth trying as well, maybe Daniel has a similar
issue.
As for me I am using MTU 1412 WG over IPv6 on a 1492 MTU underlying
link just
fine.
After lot of few testings, I think the problem is elsewhere. Setup of
the server:
. eth0 with one public ipv4 IP and ipv6 /64
. 2 tunnels (one gre, one sit), each of them having one ipv4 and one
ipv6 /64. They take care on trafic from/to our /48 ipv6 range
. 2 tun openvpn interfaces for customers with ipv6 address from our
/48 range
. wireguard interface with ipv6 address from our /48 range
Using tcpdump -i any I see the trafic coming to the gre interface and
that's all. But netstat show
udp6 0 0 :::12345 :::* 0 125391 -
and ps aux output is
dh@peech:~$ ps ax|grep wg
6969 ? I< 0:00 [wg-crypt-wig4to]
7026 ? I 0:00 [kworker/1:2-wg-kex-wig4tootai]
Question: is wireguard really listening on all ipv6 addresses ? If
not, how is the address choosen ?
[...]
Thanks for your help
Hi,
I'm having to use MSS 1380 for IPv4 and MSS 1360 for IPv6 with
Wireguard, and it works great. However I'm not entirely sure what the
underlying link MTU actually is because WAN says 1500, but pinging with
`-m DO` sometimes doesn't work like it is in fact MTU 1500 all the way.