-
Notifications
You must be signed in to change notification settings - Fork 2k
WireGuard hosted on GCP cannot access Google and many other sites #1552
Comments
👋 @Haoyet - I'm not actively involved with Streisand anymore and can't provide you with help but on the surface your problem sounds similar to one I debugged in the past: #1089 (comment) I would recommend checking whether you have success accessing these sites after adjusting your MTU or switching to a provider other than GCE. |
@Ronaldkornblow : Good news - I was able to reproduce the problem and I can recommend a short-term workaround while I spend some time figuring out the best solution longer term. In practice it seems a MTU larger than 1360 results in UDP fragmentation on the GCE network. Out of box my server/client both had an MTU of 1420. You should be able to resolve this by updating the MTU on the You can do so by running: I'll have to spend some time thinking about how best to address this permanently. Thanks for reporting! Originally posted by @cpu in #1089 (comment) So I tried the solution but I got Forgive me for my ignorance. |
Since
Thank you so much for the assistance! |
Just to explain, the WireGuard interface on the server is |
I'm re-opening this because it should be something Streisand does when it knows it's on GCE. Thank you for the description! |
I change eth0 mtu to 1500
it works for me, then you dont have to worried about MTU issue for Wiregurad, Ikev2, Openconnect |
This worked for me as well. Not sure why this issue should be closed. I'm going to try and figure out how to set this on startup on the server and the client. Does anyone have an idea on how to do that? |
I found this thread https://lists.zx2c4.com/pipermail/wireguard/2019-May/004190.html Doesn't this mean that this issue solved in new versions of wg? |
This is a known issue due to Google GCP's MTU and has been discussed on the lists. @trochdewei No, if your public wireguard server is on GCP, their MTU of 1460 will still come into play. |
Expected behavior:
Be able to bypass all websites with Wireguard
Actual Behavior:
Some previously blocked sites are unblocked but some normal sites like google.com got blocked
Steps to Reproduce:
Ansible Information
Streisand Information
Enabled Roles
Additional Details:
Log output from Ansible or other relevant services (link to Gist for longer output):
Target Cloud Provider: Google Compute Engine (Google Cloud Platform)
Operating System of target host: Debian I suppose
Operating System of client: Arch linux/Android
Version of Ansible, using
ansible --version
: 2.7.9Output from
git rev-parse HEAD
in your Streisand directory : 8f06cadThe text was updated successfully, but these errors were encountered: