From c0105a59aab67adf5b5652496da46fffcf841bc9 Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Thu, 31 Mar 2022 16:40:59 +0200 Subject: [PATCH] cli: set MTU in wg-quick conf --- cli/cmd/constants.go | 20 ++++++++++++-------- cli/cmd/init.go | 2 +- cli/cmd/init_test.go | 3 ++- cli/vpn/vpn.go | 3 ++- cli/vpn/vpn_test.go | 4 +++- 5 files changed, 20 insertions(+), 12 deletions(-) diff --git a/cli/cmd/constants.go b/cli/cmd/constants.go index a85073d9b..5309500d5 100644 --- a/cli/cmd/constants.go +++ b/cli/cmd/constants.go @@ -1,13 +1,17 @@ package cmd -// wireguardKeyLength is the length of a WireGuard key in byte. -const wireguardKeyLength = 32 +const ( + // wireguardAdminMTU is the MTU designated for the admin's WireGuard interface. + // + // WireGuard doesn't support Path MTU Discovery. Thus, its default MTU can be too high on some networks. + wireguardAdminMTU = 1300 -// masterSecretLengthDefault is the default length in bytes for CLI generated master secrets. -const masterSecretLengthDefault = 32 + // masterSecretLengthDefault is the default length in bytes for CLI generated master secrets. + masterSecretLengthDefault = 32 -// masterSecretLengthMin is the minimal length in bytes for user provided master secrets. -const masterSecretLengthMin = 16 + // masterSecretLengthMin is the minimal length in bytes for user provided master secrets. + masterSecretLengthMin = 16 -// constellationNameLength is the maximum length of a Constellation's name. -const constellationNameLength = 37 + // constellationNameLength is the maximum length of a Constellation's name. + constellationNameLength = 37 +) diff --git a/cli/cmd/init.go b/cli/cmd/init.go index e5f5a929d..76e85ad19 100644 --- a/cli/cmd/init.go +++ b/cli/cmd/init.go @@ -217,7 +217,7 @@ func (r activationResult) writeWGQuickFile(fileHandler file.Handler, config *con if err != nil { return fmt.Errorf("create wg config: %w", err) } - data, err := vpn.NewWGQuickConfig(wgConf, r.clientVpnIP) + data, err := vpn.NewWGQuickConfig(wgConf, r.clientVpnIP, wireguardAdminMTU) if err != nil { return fmt.Errorf("create wg-quick config: %w", err) } diff --git a/cli/cmd/init_test.go b/cli/cmd/init_test.go index 554e2ed24..782d51d48 100644 --- a/cli/cmd/init_test.go +++ b/cli/cmd/init_test.go @@ -5,6 +5,7 @@ import ( "context" "encoding/base64" "errors" + "fmt" "strconv" "strings" "testing" @@ -728,7 +729,7 @@ func TestWriteWGQuickFile(t *testing.T) { assert.NoError(err) file, err := tc.fileHandler.Read(*tc.config.WGQuickConfigPath) assert.NoError(err) - assert.NotEmpty(file) + assert.Contains(string(file), fmt.Sprint("MTU = ", wireguardAdminMTU)) } }) } diff --git a/cli/vpn/vpn.go b/cli/vpn/vpn.go index 704db21dd..c34373d79 100644 --- a/cli/vpn/vpn.go +++ b/cli/vpn/vpn.go @@ -148,7 +148,7 @@ func NewConfig(coordinatorPubKey, coordinatorPubIP, clientPrivKey string) (wgtyp } // NewWGQuickConfig create a new WireGuard wg-quick configuration file and mashals it to bytes. -func NewWGQuickConfig(config wgtypes.Config, clientVPNIP string) ([]byte, error) { +func NewWGQuickConfig(config wgtypes.Config, clientVPNIP string, mtu int) ([]byte, error) { clientIP := net.ParseIP(clientVPNIP) if clientIP == nil { return nil, fmt.Errorf("invalid client vpn ip '%s'", clientVPNIP) @@ -156,6 +156,7 @@ func NewWGQuickConfig(config wgtypes.Config, clientVPNIP string) ([]byte, error) quickfile := wgquick.Config{ Config: config, Address: []net.IPNet{{IP: clientIP, Mask: []byte{255, 255, 0, 0}}}, + MTU: mtu, } data, err := quickfile.MarshalText() if err != nil { diff --git a/cli/vpn/vpn_test.go b/cli/vpn/vpn_test.go index f7086ac13..f5703e18c 100644 --- a/cli/vpn/vpn_test.go +++ b/cli/vpn/vpn_test.go @@ -192,7 +192,8 @@ func TestNewWGQuickConfig(t *testing.T) { t.Run(name, func(t *testing.T) { assert := assert.New(t) - quickFile, err := NewWGQuickConfig(tc.config, tc.clientVPNIP) + const mtu = 2 + quickFile, err := NewWGQuickConfig(tc.config, tc.clientVPNIP, mtu) if tc.wantErr { assert.Error(err) @@ -202,6 +203,7 @@ func TestNewWGQuickConfig(t *testing.T) { assert.NoError(quickConfig.UnmarshalText(quickFile)) assert.Equal(tc.config.PrivateKey, quickConfig.PrivateKey) assert.Equal(tc.clientVPNIP, quickConfig.Address[0].IP.String()) + assert.Equal(mtu, quickConfig.MTU) } }) }