search

yggdrasil-network / yggdrasil-go

An experiment in scalable routing as an encrypted IPv6 overlay network
https://yggdrasil-network.github.io
Other
3.52k stars 242 forks source link

Add checking or fix MTU bounds for TUN/TAP interface #603

Closed Revertron closed 3 years ago

Revertron commented 4 years ago

Currently, if I set MTU to 65536, there is no error message and Yggdrasil starts as it is okay. But the traffic doesn't go through TAP any way. Done so by error on Windows 10 and was very puzzled.

Vort commented 4 years ago

Also default value for Windows should be lowered to 65521. I have asked for it months ago.

neilalexander commented 4 years ago

@Revertron @Vort

Please test yggdrasil-develop-0.3.11-0032 - this should correctly handle the MTU bounds problems and reduce the TAP MTU down as needed for ethernet headers (upper limit of 65521).

Vort commented 4 years ago

I don't completely understand what you made. Yggdrasil generates config with IfMTU: 65535 and then shows that it is out of the limits (why not make it correct right from the start?). And are you sure that 65535 is impossible value for correctly implemented TAP driver?

So this version works, but I'm not sure that handling of MTU this way is correct.

neilalexander commented 4 years ago

The generated config at this stage does still refer to 65535, but that's something we will improve in the next release. We're frozen now for changes for v0.3.12 that aren't showstoppers.

On Windows with the OpenVPN TAP driver all bets seem to be off, but I seem get more than enough reports from people that an MTU of 65535 on Windows results in some issues.

In the future, the configuration will produce a hard error at startup if the value is incorrect and the MTU will be adjusted correctly in the generated config. It's also on my radar to support WinTun instead (#394) so hopefully that will be far better than this trash OpenVPN driver.

Vort commented 4 years ago

So if, theoretically, WinTun will have support for 65535 MTU, you will make changes for limits again? Or that can not happen?

neilalexander commented 4 years ago

The limit is still 65535 for TUN devices. It's only TAP devices for which the MTU is adjusted.

Revertron commented 4 years ago

Please test yggdrasil-develop-0.3.11-0032 - this should correctly handle the MTU bounds problems and reduce the TAP MTU down as needed for ethernet headers (upper limit of 65521).

Works perfectly for me.

neilalexander commented 3 years ago

TAP devices are no longer supported so the bulk of this is no longer relevant. For TUN, we will adjust MTU accordingly based on the OS and maximum packet header size (v0.4).