Winpkflt Rebind

Home Forums Discussions Support Winpkflt Rebind

Tagged: 

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • November 28, 2024 at 9:17 pm #13940
    feller
    Participant

      Hi!
      I use c++ rebind example and winpkflt to to redirect traffic from ehternet adapter to wireguard adapter. Just install winpkflt, build rebind example and run. Have constantly issue with loading sites in Chrome and Firefox – tooo slow loading or timeout errors. Wireshark shows many packets retransmission and out-of-order. Is it known issue or am I doing something wrong? If anyone else faced such issues, what is solutions?

      Thanks!

      November 28, 2024 at 10:12 pm #13941
      Vadim Smirnov
      Keymaster

        The Ethernet connection likely has a larger MTU than the WireGuard adapter. To address this discrepancy, you need to clamp the Maximum Segment Size (MSS) for TCP connections.

        November 29, 2024 at 1:31 pm #13943
        feller
        Participant

          Vadim thank you for response! Do I heed to do MSS on the server or with help of the MTU on the client and server WireGuard adapters? As I understand MSS clamping depends on the adapters MTU as well as can be set directly on the WireGuard server?

          November 29, 2024 at 1:43 pm #13944
          feller
          Participant

            Since when I set ethernet adapter mtu and wireguard adapter mtu on the client to 1380 as well as eth0 mtu and wg0 mtu on the server to 1380 it doesn’t solve situation, sites are still loaded too slowly and with timeout errors

            November 30, 2024 at 4:30 pm #13945
            Vadim Smirnov
            Keymaster

              I would apply MSS clamping when relaying the TCP SYN packet from the Ethernet to the WireGuard interface. If issues persist despite the MSS clamping, I recommend recording the processed traffic (see the capture example) and analyzing it in Wireshark

              December 1, 2024 at 12:59 pm #13946
              feller
              Participant

                Vadim, do you mean I have to modify rebind c++ example to parse TCP SYN packet and modify MSS value in such packet before rout it to WireGuard adapter? If so I am not sure how it can help, since packets fragmentation happens on TCP/IP level and I guess that WireGuard adapter expects already packets with size <= (WireGuard MTU – encryption overhead), maybe I am wrong here… I just want to avoid IP fragmentation when packets are redirected from Ethernet adapter to Wireguard and vice versa, and I guess that it case is already implemented in the rebind c++ example

                Again, thank you very much for your help, it is really appreciated!

                December 2, 2024 at 7:27 pm #13947
                Vadim Smirnov
                Keymaster

                  Yes, that’s exactly what I mean. This technique is implemented in the WireSock VPN Client’s Transparent mode to ensure that packets sent by the TCP stack fit within 1420 bytes.

                • Author
                  Posts
                Viewing 7 posts - 1 through 7 (of 7 total)
                • You must be logged in to reply to this topic.