From 5e9258a0f52f5e2a7eb24502534e3caabbbc5f6b Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Fri, 1 May 2015 19:58:17 +0300 Subject: [PATCH] [DOC] What MTU is and how it is calculated Signed-off-by: Sergey Matveev --- cmd/govpn-client/main.go | 3 ++- cmd/govpn-server/main.go | 3 ++- doc/user.texi | 16 ++++++++++------ 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/cmd/govpn-client/main.go b/cmd/govpn-client/main.go index c4b4fe4..6b7fac1 100644 --- a/cmd/govpn-client/main.go +++ b/cmd/govpn-client/main.go @@ -37,7 +37,7 @@ var ( upPath = flag.String("up", "", "Path to up-script") downPath = flag.String("down", "", "Path to down-script") stats = flag.String("stats", "", "Enable stats retrieving on host:port") - mtu = flag.Int("mtu", 1500, "MTU") + mtu = flag.Int("mtu", 1452, "MTU for outgoing packets") nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference") timeoutP = flag.Int("timeout", 60, "Timeout seconds") ) @@ -87,6 +87,7 @@ func main() { knownPeers := govpn.KnownPeers(map[string]**govpn.Peer{remote.String(): &peer}) log.Println(govpn.VersionGet()) + log.Println("Max MTU on TAP interface:", govpn.TAPMaxMTU()) if *stats != "" { log.Println("Stats are going to listen on", *stats) statsPort, err := net.Listen("tcp", *stats) diff --git a/cmd/govpn-server/main.go b/cmd/govpn-server/main.go index cfcc45f..43c2722 100644 --- a/cmd/govpn-server/main.go +++ b/cmd/govpn-server/main.go @@ -36,7 +36,7 @@ var ( bindAddr = flag.String("bind", "[::]:1194", "Bind to address") peersPath = flag.String("peers", "peers", "Path to peers keys directory") stats = flag.String("stats", "", "Enable stats retrieving on host:port") - mtu = flag.Int("mtu", 1500, "MTU") + mtu = flag.Int("mtu", 1452, "MTU for outgoing packets") nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference") timeoutP = flag.Int("timeout", 60, "Timeout seconds") ) @@ -121,6 +121,7 @@ func main() { ethSink := make(chan EthEvent) log.Println(govpn.VersionGet()) + log.Println("Max MTU on TAP interface:", govpn.TAPMaxMTU()) if *stats != "" { log.Println("Stats are going to listen on", *stats) statsPort, err := net.Listen("tcp", *stats) diff --git a/doc/user.texi b/doc/user.texi index d2bc984..5f3bd59 100644 --- a/doc/user.texi +++ b/doc/user.texi @@ -22,8 +22,12 @@ replayed ones. This option gives ability to create some window of allowable difference. That opens the door for replay attacks for narrow time interval. @item MTU -Maximum transmission unit, maximum frame size that is acceptable on TAP -interface. +Maximum transmission unit for outgoing GoVPN's packets. It varies and +depends on your environment. By default MTU equals to 1452 bytes: 40 +bytes per IPv6 and 8 bytes per UDP. So GoVPN's packets won't be larger +than this value. It will print maximum acceptable value for TAP +interface during startup. As a rule TAP's MTU is 42 bytes smaller: 26 +bytes overheard for transport message, 14 bytes Ethernet frame overhead. @end table Client needs to know his identification, path to the authentication key, @@ -82,7 +86,7 @@ GNU/Linux IPv4 client-server example: server% echo "echo tap10" >> peers/CLIENTID/up.sh server% ip addr add 192.168.0.1/24 dev wlan0 server% tunctl -t tap10 -server% ip link set mtu 1462 dev tap10 +server% ip link set mtu 1412 dev tap10 server% ip addr add 172.16.0.1/24 dev tap10 server% ip link set up dev tap10 server% GOMAXPROC=4 govpn-server -bind 192.168.0.1:1194 @@ -93,7 +97,7 @@ client% umask 066 client% echo MYLONG64HEXKEY > key.txt client% ip addr add 192.168.0.2/24 dev wlan0 client% tunctl -t tap10 -client% ip link set mtu 1462 dev tap10 +client% ip link set mtu 1412 dev tap10 client% ip addr add 172.16.0.2/24 dev tap10 client% ip link set up dev tap10 client% ip route add default via 172.16.0.1 @@ -110,7 +114,7 @@ FreeBSD IPv6 client-server example, with stats enabled on the server server% cat > peers/CLIENTID/up.sh <