New Content #14508
Updated by Marcos M 11 months ago
Interfaces with suboptimal MTU values can degrade VPN performance; a document that provides examples/steps to optimize the MTU of different VPN types would help resolve the issue. The doc should contain information on common VPN types available in pfSense software:
* OpenVPN
* IPsec (routed/policy)
* WireGuard
The following assumes a WAN link MTU of 1500.
*OpenVPN*
Setting the MTU on the assigned interface (Interfaces > Assignments) will not work correctly since the OpenVPN daemon sets the MTU to 1500 explicitly. Instead, the value should be configured as a custom option in the server/client configuration. The suggested value is @tun-mtu 1428@ to account for @IPv6@ + @UDP@ + @OpenVPN Data@ headers.
*IPsec VTI*
A starting MTU value of @1400@ is used by default which accounts for most tunnel configurations.
*WireGuard*
Similarly to IPsec VTI, a the starting MTU value of @1420@ is used by default.
Further testing, e.g. using ping, can be done to optimize the value. Examples of this testing should be provided. The optimized value is set on the interface assignment configuration.