... I'm still noticing some issues in pcaps
You may want to analyze these particular packets in depth. It seems that there was some out-of-order delivery. At the same time it mentions "reassembled PDUs" while size is larger than 1500 bytes. This might be due to wireguard's overhead ... which might mean that sending peer of wireguard had to fragment packet to fit underlying MTU. When it comes to fragmented packets, wireshark sometimes freaks out for no real reason in such cases. Even if there was actual out-of-order delivery (which is not very common), this is not a problem for TCP, TCP stack guarantees in-order delivery to higher layers, the only big problem is reduced speed (out-of-order delivery may trigger retransmissions and TCP window shrinkage).
You'd have to analyze further to determine if out-of-order delivery is due to MT firewall or due to other issues in the network.
Statistics: Posted by mkx — Mon Jan 29, 2024 6:40 pm