From afbfe4f217a2a202f0eefe943c7c1ef648311339 Mon Sep 17 00:00:00 2001
From: David Anderson <danderson@tailscale.com>
Date: Tue, 14 Apr 2020 16:36:17 -0700
Subject: [PATCH] wgengine: drop wireguard MTU to 1280 bytes.

Signed-off-by: David Anderson <danderson@tailscale.com>
---
 wgengine/userspace.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/wgengine/userspace.go b/wgengine/userspace.go
index b5e05e8b6..f4e080cc0 100644
--- a/wgengine/userspace.go
+++ b/wgengine/userspace.go
@@ -34,6 +34,16 @@ import (
 	"tailscale.com/wgengine/packet"
 )
 
+// minimalMTU is the MTU we set on tailscale's tuntap
+// interface. wireguard-go defaults to 1420 bytes, which only works if
+// the "outer" MTU is 1500 bytes. This breaks on DSL connections
+// (typically 1492 MTU) and on GCE (1460 MTU?!).
+//
+// 1280 is the smallest MTU allowed for IPv6, which is a sensible
+// "probably works everywhere" setting until we develop proper PMTU
+// discovery.
+const minimalMTU = 1280
+
 type userspaceEngine struct {
 	logf      logger.Logf
 	reqCh     chan struct{}
@@ -84,7 +94,7 @@ func NewUserspaceEngine(logf logger.Logf, tunname string, listenPort uint16) (En
 
 	logf("Starting userspace wireguard engine with tun device %q", tunname)
 
-	tundev, err := tun.CreateTUN(tunname, device.DefaultMTU)
+	tundev, err := tun.CreateTUN(tunname, minimalMTU)
 	if err != nil {
 		diagnoseTUNFailure(logf)
 		logf("CreateTUN: %v", err)