search

eclipse-opendut / opendut

Test Electronic Control Units around the world in a transparent network.
https://opendut.eclipse.dev
Apache License 2.0
24 stars 13 forks source link

The MTU of wireguard interfaces created by Netbird must be adjustable #9

Open kKdH opened 9 months ago

kKdH commented 9 months ago

MTU - technical background

The default MTU of Wireguard is 1420. In Netbird the default MTU value is 1280 because it accounts for some additional header (140 bytes) that is required by the tunneling feature of netbird. This tunneling feature allows for connecting arbitrary participants/peers over different layers of NAT while making sure that they are communicating with the most direct connection that is possible. Then generic route encapsulation (GRE) requires another 38 bytes of the header to work. The bridged interface with netbird will end up with an MTU of 1242.

Network configuration for ECUs

If we want to bridge arbitrary interfaces we need to keep the default MTU at 1500 bytes. Therefore we need to raise the MTU of the wireguard interface by (1500 - 1242) = 258 bytes. The final MTU of our wireguard device created by netbird should be 1280 + 258 = 1538 bytes.

How to find necessary MTU to make our setup work? This was evaluated here

wireguard-tunnel

Relevant feature request in Netbird

I want to be able to change MTU (similar to vanilla Wireguard or Netmaker), either through local configuration or management UI. See official issue.

For us updating the default MTU value might already be enough: https://github.com/netbirdio/netbird/blob/6c2b364966c7dd0f6eaed0cd3f8fa378d757f319/iface/iface.go#L16

const (
    DefaultMTU    = 1280 // should be 
    DefaultWgPort = 51820
)

pull-request and pre-release

@reimarstier has already opened a pull-request: https://github.com/netbirdio/netbird/pull/1101

Until the changes are available upstream a custom release can be found here: https://github.com/reimarstier/netbird/blob/0.22.7-357aab4/client/proto/daemon.proto https://github.com/reimarstier/netbird/releases/tag/0.22.7-357aab4

ThHirsch commented 6 months ago

Any chance, in getting this into the release any soon? I was not able to get Netbird to properly handle https to an Endpoint, if my client is/was conntected to a network which connects to the internet by a DOCIS3-1 cable modem. It seems the packets either get fragmented (which is rendering the https unresponsive) or dropped then. In any case I can ping, but won't get any (secure) connection that is going to send 'bigger' content. Fiddling with the MTU in router or the interface by itself doesn't seem to help either, so it seems to be the netbird client by itsself which needst to be 'tuned' for the MTU.

kKdH commented 6 months ago

Hey @ThHirsch, we also looking forward to get this feature soon, but we cannot force the netbird developers. We are just netbird users too.

Within openDuT we use a custom build of netbird containing changes from @reimarstier to adjust the MTU to our needs.

If you want, you can comment here to let the netbird developers know, that there are more users waiting on that feature and maybe they will raise the priority.