Hi,
Pritunl server: v1.32.3732.84 c5d79a | wireguard 1.0.20200513-1~18.04.2
Pritunl client: MacOS v1.3.3785.81 | wireguard-tools 1.0.20210914_1
Problem: MSS fix doesn’t work for Wireguard connections resulting in random sites being inaccessible.
Connection MTU: 1280 (setting a lower value results in [winter-plains-2389] 2024-02-07 10:22:39 ERROR Management socket exception
error preventing server to start
Client-side packet capture while connected with OpenVPN:
No. Time Source Destination Protocol Length Total Length Version Info
1 0.000000 172.20.0.4 3.68.175.98 TCP 68 64 53425 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=1881480190 TSecr=0 SACK_PERM
2 0.070784 3.68.175.98 172.20.0.4 TCP 64 60 443 → 53425 [SYN, ACK] Seq=0 Ack=1 Win=32200 Len=0 MSS=1190 SACK_PERM TSval=4179559107 TSecr=1881480190 WS=4096
3 0.070968 172.20.0.4 3.68.175.98 TCP 56 52 53425 → 443 [ACK] Seq=1 Ack=1 Win=131904 Len=0 TSval=1881480261 TSecr=4179559107
4 0.073844 172.20.0.4 3.68.175.98 TLSv1.3 388 384 TLS 1.0 Client Hello (SNI=3.68.175.98)
5 0.142993 3.68.175.98 172.20.0.4 TCP 56 52 443 → 53425 [ACK] Seq=1 Ack=333 Win=32768 Len=0 TSval=4179559178 TSecr=1881480264
6 0.143120 3.68.175.98 172.20.0.4 TLSv1.3 1234 1230 TLS 1.2,TLS 1.2 Server Hello, Change Cipher Spec
7 0.143278 172.20.0.4 3.68.175.98 TCP 56 52 53425 → 443 [ACK] Seq=333 Ack=1179 Win=130752 Len=0 TSval=1881480333 TSecr=4179559179
8 0.150327 3.68.175.98 172.20.0.4 TCP 1234 1230 443 → 53425 [PSH, ACK] Seq=1179 Ack=333 Win=32768 Len=1178 TSval=4179559179 TSecr=1881480264 [TCP segment of a reassembled PDU]
9 0.150564 3.68.175.98 172.20.0.4 TCP 1234 1230 443 → 53425 [ACK] Seq=2357 Ack=333 Win=32768 Len=1178 TSval=4179559179 TSecr=1881480264 [TCP segment of a reassembled PDU]
10 0.150624 3.68.175.98 172.20.0.4 TLSv1.3 972 968 TLS 1.2 Application Data
Client-side packet capture while connected with Wireguard:
No. Time Source Destination Protocol Length Total Length Version Info
94 70.808145 172.20.24.4 3.68.175.98 TCP 68 64 53465 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1380 WS=64 TSval=2192964412 TSecr=0 SACK_PERM
95 70.849315 3.68.175.98 172.20.24.4 TCP 64 60 443 → 53465 [SYN, ACK] Seq=0 Ack=1 Win=32200 Len=0 MSS=1300 SACK_PERM TSval=468270415 TSecr=2192964412 WS=4096
96 70.849405 172.20.24.4 3.68.175.98 TCP 56 52 53465 → 443 [ACK] Seq=1 Ack=1 Win=131328 Len=0 TSval=2192964454 TSecr=468270415
97 70.853667 172.20.24.4 3.68.175.98 TLSv1 388 384 TLS 1.0 Client Hello (SNI=3.68.175.98)
98 70.913961 3.68.175.98 172.20.24.4 TCP 56 52 443 → 53465 [ACK] Seq=1 Ack=333 Win=32768 Len=0 TSval=468270459 TSecr=2192964457
99 70.985517 3.68.175.98 172.20.24.4 SSL 642 638 [TCP Previous segment not captured] , Continuation Data
100 70.985697 172.20.24.4 3.68.175.98 TCP 68 64 [TCP Dup ACK 96#1] 53465 → 443 [ACK] Seq=333 Ack=1 Win=131328 Len=0 TSval=2192964590 TSecr=468270459 SLE=3865 SRE=4451
253 73.324809 172.20.24.4 3.68.175.98 TCP 44 40 53465 → 443 [RST, ACK] Seq=333 Ack=1 Win=131328 Len=0