Closed otternetwork closed 5 months ago
It is better to load iptables rules before bring up wireguard interface. Wireguard has an option to specify its MTU. If limit WG interface MTU to a safe number, for example 1200, then after padding, the overall UDP packet is still smaller than the link MTU.
When adding random padding, it would be nice to watch out the MTU to not exceed the maximum UDP packet length to avoid fragmentation. If the packet is already as large as possible, then add nothing at all.
Let's say we have an interface with MTU 1500. Then the maximum UDP payload will be 1472.
If you don't want to deal with getting MTU of the outgoing interface, it would be safe to turn the padding off completely somewhere after ~1200 bytes.
Sender:
Receiver:
PS. This issue was likely affected by this problem: https://github.com/infinet/xt_wgobfs/issues/3