Sorry for the late reply, but I wanted to wait a few days before giving feedback. I can confirm that -tcplro on the vio(4) interface solved the issue for me. The server has an uptime of ~7 days now.
> On 24. Oct 2024, at 12:17, Stuart Henderson <s...@spacehopper.org> wrote: > > On 2024/10/23 22:36, Oliver Schweger wrote: >> I’ll test your recommendations over the next few days, but I don’t expect >> -tcplro to make any difference, as wireguard only uses udp. > > However TCP can be carried inside wg. And some things are carried from > an "inner" packet to a packet carried in some outer layer. I've not > looked at how things are done with wg(4) but it's not impossible that > something is carried across which shouldn't be. > >> For the nic, I can choose between virtio, e1000, and rtl8139, so I’ll be >> testing each one individually, both with and without ipv6. > > People have definitely reported issues where some em(4) and some vio(4) > are involved. However there are various complexities: firstly these > drivers support various different types of interface with different > options, secondly the interface type where a packet is *received* is > involved. So for example a packet rx'd on some interface, wrapped in > wg(4), then tx'd on a TSO interface, may result in different behaviour > depending on whether the rx interface has LRO or not.
