CRXN
/
docs
mirror of https://codeberg.org/CRXN/docs.git
1
0
Fork 0
Code Releases Activity

add wireguard docs how to adjust mtu and howto debug wg

This commit is contained in:
Marek Küthe 2023-01-24 11:34:39 +01:00
parent 841bc38d90
commit 4636b9bc88
No known key found for this signature in database
GPG Key ID: 7E869146699108C7
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
docs/tunneling/wireguard.md
View File

@ -122,6 +122,44 @@ This can then be executed as a cronjob every 30 minutes, for example:
*/30 * * * * /usr/bin/wg set <name> peer "<pubkey>" endpoint "<endpoint>"
```
## MTU
The MTU for WireGuard is calculated from the following components:
- IP header
- For IPv4 20 Bytes
- For IPv6 40 bytes
- WireGuard header
- This is a constant 40 bytes.
So if the Clearnet connection has an MTU of 1500, the tunnel MTU when tunneling over IPv4 is 1440 and for IPv6 it is 1420. This has been taken into account in WireGuard, so the default MTU of WireGuard is 1420. This means that WireGuard can be tunneled over IPv4 or IPv6 without worry. However, if you are sure that you want to tunnel over IPv4 and you want a higher packet size, you can set the MTU to 1440. On the other hand, if the Clearnet interface has a lower MTU than 1500, you should lower the WireGuard MTU to avoid bugs and IP fragmentation.
When using wg-quick, you can adjust the MTU with the following statement under `[Interface]` in the configuration file:
```
MTU = <mtu>
```
`<mtu>` is replaced by the desired MTU.
## Debugging
WireGuard configuration errors are normally somewhat difficult to detect. However, it is possible to enable logging. With the following command, you can enable logging:
```
echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
```
The log can be viewed with dmesg, for example:
```
dmesg -wH
```
or
```
dmesg --follow --human
```
## Other documentation
The dn42 Wiki also has a guide to WireGuard: [in dn42](https://wiki.dn42/howto/wireguard) or [in clearnet](https://dn42.dev/howto/wireguard)
## Further links
- [WireGuard Quick Start](https://www.wireguard.com/quickstart/)
- [Unofficial WireGuard Documentation](https://github.com/pirate/wireguard-docs)
- [How to see debug logs for WireGuard (e.g. to see authentication attempts)?](https://serverfault.com/questions/1020279/how-to-see-debug-logs-for-wireguard-e-g-to-see-authentication-attempts)
- [Mailling list: Header / MTU sizes for Wireguard](https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html)