Todo #12756
openAdd information on correct MTU to use with WireGuard
0%
Description
Page: https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html
Feedback:
In all four Wireguard configuration recepies, there is no mention of changing the MTU and MSS values
Updated by → luckman212 about 1 year ago
@viktor or Christian McDonald — What should the MTU be set to? 1420?
I recently spent a few hours troubleshooting a slow site-to-site WG VPN, and in the end it seemed to boil down to needing to manually set the MTU to 1420 on the interfaces of each side of the tunnel.
I notice this used to be automatically set (see https://github.com/pfsense/pfsense/commit/8b9d2275015be7bf8febb1714f8a979d7c5f2beb) but was removed in https://github.com/pfsense/pfsense/commit/281dede0421a0b80183ce5d0305de695eca43b7e and does not appear to have been put back.
Updated by Marcos M about 1 year ago
https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
- 20-byte IPv4 header or 40 byte IPv6 header - 8-byte UDP header - 4-byte type - 4-byte key index - 8-byte nonce - N-byte encrypted data - 16-byte authentication tag
1420 for IPv6, 1440 for IPv4.
Updated by Jim Pingle 11 months ago
- Subject changed from Feedback on pfSense Configuration Recipes — WireGuard Remote Access VPN Configuration Example to Add information on correct MTU to use with WireGuard