8a2e8bda0f
hotfix(amneziawg): fix errors ( #3240 )
2026-03-21 23:24:03 +01:00
2438fc2c3a
chore!(firewall): iptables logger level is set at FIREWALL_IPTABLES_LOG_LEVEL
...
- firewall log level is still fully controlled by `LOG_LEVEL`
- iptables log level defaults to `info` even if global log level is `debug` to minimize the amount of debug logs
- iptables log level is only set to debug if retro-compatible `FIREWALL_DEBUG=on` or if `FIREWALL_IPTABLES_LOG_LEVEL=debug`
2026-03-16 12:46:53 +00:00
0eeee5c496
chore(pmtud): clarify debug logs and fix log error message
2026-02-25 04:23:56 +00:00
d21953f62e
chore(firewall): split apart iptables specific code in internal/firewall/iptables
2026-02-25 04:23:53 +00:00
c5eacac644
chore(pmtud/tcp): remove unused TCP flags
2026-02-20 16:25:14 +00:00
7fbf2cbee3
hotfix(pmtud/tcp): return an error if no MSS destination server worked
2026-02-20 16:25:02 +00:00
1dee183a70
chore(pmtud/tcp): silently discard IPv6 network unreachable errors
2026-02-20 16:24:25 +00:00
c66d8bed00
hotfix(pmtud/tcp): fix code for IPv6 destinations
2026-02-20 16:23:40 +00:00
73b3e2c88a
chore(pmtud/tcp): remove unused test code
2026-02-20 15:37:56 +00:00
ea87c0a2aa
hotfix(pmtud): lower min MTU to MSS-matching-MTU minus 100 in case MSS is very small
2026-02-19 22:39:24 +00:00
2192874de8
hotfix(pmtud/icmp): ignore non echo messages instead of returning an error
2026-02-19 18:05:48 +00:00
007c5159f4
hotfix(pmtud): increase TCP margin from 150 to 300 compared to ICMP found MTU
2026-02-19 17:24:06 +00:00
c6b211ef9b
feat(pmtud/tcp): support mixed IPv4 and IPv6 TCP servers
...
- Add default cloudflare and google tls ipv6 servers to default tcp servers
- update integration test to try against both ipv4 and ipv6 servers
2026-02-19 17:11:16 +00:00
1c43a045d1
hotfix(pmtud/tcp): fix timeout apply per network call, not globally
2026-02-19 17:10:30 +00:00
67b66bba9e
hotfix(pmtud/icmp): set IPv6 dont fragment options just in case
2026-02-19 17:10:30 +00:00
8d86470905
feat(pmtud/tcp): use the TCP server with highest MSS to run MTU tests
2026-02-19 14:03:46 +00:00
fb85ae79d1
chore(pmtud/tcp): move test helpers in helpers_test.go
2026-02-19 13:20:59 +00:00
783616f61d
chore(pmtud/tcp): close connections with an RST packet on context cancelation
2026-02-19 13:20:59 +00:00
bc79901f1e
chore(pmtud/tcp): restrict temp firewall rules to source ip and source port
2026-02-19 13:20:58 +00:00
1c56189abc
hotfix(pmtud/tcp): fix rare race condition
2026-02-18 19:07:31 +00:00
224618337c
hotfix(pmtud/tcp): respect MSS from server into account
2026-02-18 18:32:31 +00:00
183d351b58
chore(pmtud/icmp): do not use net.ErrClosed when inappropriate
2026-02-17 21:46:24 +00:00
04d7cef294
hotfix(pmtud/tcp): block kernel from racing to send RST packets
...
- this makes PMTUD TCP reliable
- this only works on kernels with the mark module
- on kernels without the mark module, the icmp pmtud mtu found is used
2026-02-17 21:46:24 +00:00
5f903d1fbf
chore(pmtud): remove calls to syscall in favor of unix and windows
...
- syscall is deprecated and is not kept up-to-date
- each OS is inherently different hence the syscall being deprecated
2026-02-17 21:46:04 +00:00
36dfd5b631
hotfix(pmtud): do not try every address for ICMP PMTUD
2026-02-16 23:54:38 +00:00
f81b8342d6
hotfix(pmtud/tcp): temporary test fix
2026-02-16 23:54:38 +00:00
cdec25da52
feat(pmtud/tcp): generate MTU test data to mimic TLS if possible to avoid being blocked
2026-02-16 19:57:12 +00:00
201d1041f4
hotfix(pmtud/tcp): send MTU data in first and only ACK packet
...
- less likely to be flagged
- correct using TCP fast-open
2026-02-16 19:56:14 +00:00
be92aa2ac4
Path MTU discovery fixes and improvements ( #3109 )
...
- Existing option `WIREGUARD_MTU` , if set, disables PMTUD and is used
- New option `PMTUD_ICMP_ADDRESSES=1.1.1.1,8.8.8.8` and `PMTUD_TCP_ADDRESSES=1.1.1.1:443,8.8.8.8:443`
- ICMP PMTUD now targets external-by-default IP addresses
- New TCP PMTUD (binary search only) as a second MTU confirmation and fallback mechanism.
- Force set TCP MSS to MTU - IP header - TCP base header - "magic 20 bytes" 🎆
- Fix #3108
2026-02-14 19:40:34 -05:00
fe3d4a94d4
chore(all): make code compilable for other platforms than Linux
2026-01-24 17:56:10 +00:00
de38d759a4
feat(vpn): path MTU discovery to find the best MTU ( #2586 )
2026-01-21 09:02:23 -08:00
Zhurik