Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Custom Monitor IP Gateway hangs

    WireGuard
    3
    3
    360
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      madnet
      last edited by

      Wanted to have a failsafe 2nd VPN connection to a different server with the same provider (mullvad) with wireguard, but i wanted to ping a good public dns (1.1.1.1, and why can't you use same monitor ip in different gateways and maybe a round robin config is odd?!).

      So monitor my own wireguard ip feelt dumb. I'm i right? Had sub 0.5ms. And put on packet loss and latency mode.

      Worked for some time and then my pfsense totaly brooke when i changed a setting in wireguard. Couldn't even boot after a not forced shutdown. Showed a lot of lines in terminal.

      Installed a new with new config. Everything was fine until a changed to monitor to a DNS. Freezed everything to WAN, even failsafe to WAN (tier 3). Feels like a bug in pfSense. Removed my custom gateway config with different monitor ip and everything worked perfect again..

      Can someone test this config. It feels like a bug.

      P.s. What MTU do Wireguard in pfSense use? I know it was about 1420 in linux in the early beta face 2 years ago with ipv6 (last time i played with WG). I don't use ipv6 and want highest possible MTU and maybe change it. Should i use same mtu over all local that use WG to not get a performance hit?

      cmcdonaldC E 2 Replies Last reply Reply Quote 0
      • cmcdonaldC
        cmcdonald Netgate Developer @madnet
        last edited by

        @madnet 1420 is the MTU, and set the mss box in the GUI to 1420 as well. WireGuard has 80 bytes of header, which means you’ve got 1420 bytes of payload....but you also have 20 bytes of TCP and 20 IP so you also need an mss clamp of 1380, which is enabled by setting the mss field to 1420

        Need help fast? https://www.netgate.com/support

        1 Reply Last reply Reply Quote 0
        • E
          ElGuapo @madnet
          last edited by

          @madnet I change MTU values to 1500 on my Site to Site VPN as the default value of 1420 was affecting google services (no youtube, no gmail, not maps nothing that had to do with google worked and I also had issues with Apple email servers that did not worked with MTU set to 1420) but as soon as the MTU value was changed to 1500 all worked fine
          only issue that I see is that the MTU values will revert back to 1420 after sometime by itself inside Pfsense but if I change it again and save it will set it back to 1500 and all work good but it will be good to know if there is a way to hard set the MTU to 1500)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post