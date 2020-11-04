When I use WireGuard-based VPN and run "ping -f -l MTU" commands in Windows to find optimal MTU (+28 for ICMP) for pjysical LAN adapter (NIC), Windows reports about needing or not needing to fragment packets based on MTU do not correspond to Wireshark reports. Wireshark reports IPv4 packet loss due to fragmentation for any MTU other than 1500 (-28). WireGuard TUN adapter is set by VPN software to 1420, which is default for WireGuard.



Without VPN, optimal MTU that requires no fragmentation is 1500 (-28) and WireGuard header is supposedly 60 bits, which means optimal MTU with WireGuard-based VPN is supposednto be 1440 (-28).



Not only that, but with or without WireGuard VPN, there is a 12bit MTU range between 1400 and 1500 that results in 'no response' Windows ping reply 100% of the time, but MTU in that range does not prevent websites from loading and Wireshark does not detect packet loss for that MTU range.