vanja/gluetun
1
0
Fork 0
mirror of https://github.com/qdm12/gluetun.git synced 2026-05-06 20:10:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

hotfix(pmtud): set mss on all VPN routes

Browse Source 
- fix behavior for OpenVPN splitting default route in multiple routes
- fix behavior for Wireguard if user specifies AllowedIPs
This commit is contained in:
Quentin McGaw
2026-03-08 23:27:04 +00:00
parent d98afce793
commit 069cde8a85
3 changed files with 34 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/vpn/interfaces.go
+1 -1
View File
@@ -24,7 +24,7 @@ type Firewall interface {
type Routing interface {
VPNLocalGatewayIP(vpnInterface string) (gateway netip.Addr, err error)
VPNRoute(vpnIntf string) (route netlink.Route, err error)
VPNRoutes(vpnIntf string) (route []netlink.Route, err error)
}
type PortForward interface {
internal/vpn/tunnelup.go
+18 -12
View File
@@ -174,9 +174,9 @@ func updateToMaxMTU(ctx context.Context, vpnInterface string,
return fmt.Errorf("getting VPN gateway IP address: %w", err)
}
vpnRoute, err := routing.VPNRoute(vpnInterface)
vpnRoutes, err := routing.VPNRoutes(vpnInterface)
if err != nil {
return fmt.Errorf("getting VPN route: %w", err)
return fmt.Errorf("getting VPN routes: %w", err)
}
link, err := netlinker.LinkByName(vpnInterface)
@@ -208,7 +208,7 @@ func updateToMaxMTU(ctx context.Context, vpnInterface string,
logger.Infof("setting VPN interface %s MTU to maximum valid MTU %d", vpnInterface, vpnLinkMTU)
}
err = setTCPMSSOnVPNRoute(vpnLinkMTU, vpnRoute, netlinker)
err = setTCPMSSOnVPNRoutes(vpnLinkMTU, vpnRoutes, netlinker)
if err != nil {
err = fmt.Errorf("setting safe TCP MSS for MTU %d: %w", vpnLinkMTU, err)
vpnLinkMTU = originalMTU
@@ -224,14 +224,20 @@ func updateToMaxMTU(ctx context.Context, vpnInterface string,
return nil
}
func setTCPMSSOnVPNRoute(mtu uint32, route netlink.Route, netlinker NetLinker) error {
ipHeaderLength := pconstants.IPv4HeaderLength
if route.Dst.Addr().Is6() {
ipHeaderLength = pconstants.IPv6HeaderLength
func setTCPMSSOnVPNRoutes(mtu uint32, routes []netlink.Route, netlinker NetLinker) error {
for _, route := range routes {
ipHeaderLength := pconstants.IPv4HeaderLength
if route.Dst.Addr().Is6() {
ipHeaderLength = pconstants.IPv6HeaderLength
}
const mysteriousOverhead = 20 // most likely TCP options, such as the 12B of timestamps
overhead := ipHeaderLength + pconstants.BaseTCPHeaderLength + mysteriousOverhead
mss := mtu - overhead
route.AdvMSS = mss
err := netlinker.RouteReplace(route)
if err != nil {
return fmt.Errorf("replacing route %v: %w", route, err)
}
}
const mysteriousOverhead = 20 // most likely TCP options, such as the 12B of timestamps
overhead := ipHeaderLength + pconstants.BaseTCPHeaderLength + mysteriousOverhead
mss := mtu - overhead
route.AdvMSS = mss
return netlinker.RouteReplace(route)
return nil
}