• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

wireguard mtu issues

Scheduled Pinned Locked Moved WireGuard
7 Posts 6 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O
    Ofloo
    last edited by Ofloo Mar 6, 2021, 8:36 AM Mar 6, 2021, 8:35 AM

    Not sure if it's a bug but seems like it. I have wireguard setup on a client behind a firewall. I can ping to the server from the client side and visa versa. The server functions as a gateway for internet traffic. On the server side I've added the clients network to be out. When I'm ping'ing outside to 8.8.8.8 from any client within the client network. Everything works fine. However when I'm trying to load a webpage. It keeps trying to load it.

    To me clearly MTU mss clamping problem so I've manually set this to the WG interface on the client side and server side. And now everything works fine.

    MTU is set to 1420 MSS is set to 1380. I've used those values because that's the default value. However something is causing this not to set by default !? Otherwise it would just off worked without me having to set anything.

    Where can I report a bug?

    C 1 Reply Last reply Mar 6, 2021, 5:08 PM Reply Quote 0
    • C
      cmcdonald Netgate Developer @Ofloo
      last edited by cmcdonald Mar 6, 2021, 5:11 PM Mar 6, 2021, 5:08 PM

      @ofloo already being worked on, I reported it several days ago. You’ll want to set the MSS field in the GUI to 1420 which sets the MSS clamp to 1380.

      https://redmine.pfsense.org/issues/11600

      Need help fast? https://www.netgate.com/support

      O 1 Reply Last reply Mar 6, 2021, 6:20 PM Reply Quote 1
      • O
        Ofloo @cmcdonald
        last edited by Mar 6, 2021, 6:20 PM

        @rcmcdonald91 OK great.

        C 1 Reply Last reply Feb 27, 2024, 12:11 PM Reply Quote 0
        • C
          CZvacko @Ofloo
          last edited by Feb 27, 2024, 12:11 PM

          I also recently had a problem with MTU on pfsense v 2.7.2 & WireGuard v 0.2.1, I had to set MTU 1420 on the WG interface to resolve issue.

          I set up a WireGuard Site-to-Site VPN according to instructions, everything worked, only the local client (Windows OS) had a problem accessing the remote samba share (Linux OS). I was able to open the remote machine by IP, the share appeared, but I was unable to list the folders inside the share. When the local client accessed the remote samba share (but with Windows OS), it worked fine.

          Just sharing...

          1 Reply Last reply Reply Quote 0
          • P
            pLu
            last edited by Aug 28, 2024, 3:16 PM

            I also had to manually set the MTU on the assigned interface to 1420 in pfSesnse 2.7.2, otherwise it would have the standard 1500.

            E 1 Reply Last reply Sep 4, 2024, 12:35 PM Reply Quote 0
            • E
              eagle61 @pLu
              last edited by eagle61 Sep 4, 2024, 12:35 PM Sep 4, 2024, 12:35 PM

              @pLu said in wireguard mtu issues:

              also had to manually set the MTU on the assigned interface to 1420 in pfSesnse 2.7.2, otherwise it would have the standard 1500.

              That's fine in IPv4-Networks. If you run also IPv6 the MTU needs to be between 1280 and 1412.

              Y 1 Reply Last reply Oct 31, 2024, 9:25 PM Reply Quote 0
              • Y
                yon 0 @eagle61
                last edited by Oct 31, 2024, 9:25 PM

                i have to setup mss to 1280.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received