Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    wireguard mtu issues

    Scheduled Pinned Locked Moved
    WireGuard
    6
    7
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Ofloo
      last edited by Ofloo

      Not sure if it's a bug but seems like it. I have wireguard setup on a client behind a firewall. I can ping to the server from the client side and visa versa. The server functions as a gateway for internet traffic. On the server side I've added the clients network to be out. When I'm ping'ing outside to 8.8.8.8 from any client within the client network. Everything works fine. However when I'm trying to load a webpage. It keeps trying to load it.

      To me clearly MTU mss clamping problem so I've manually set this to the WG interface on the client side and server side. And now everything works fine.

      MTU is set to 1420 MSS is set to 1380. I've used those values because that's the default value. However something is causing this not to set by default !? Otherwise it would just off worked without me having to set anything.

      Where can I report a bug?

      cmcdonaldC 1 Reply Last reply Reply Quote 0
      • cmcdonaldC
        cmcdonald Netgate Developer @Ofloo
        last edited by cmcdonald

        @ofloo already being worked on, I reported it several days ago. You’ll want to set the MSS field in the GUI to 1420 which sets the MSS clamp to 1380.

        https://redmine.pfsense.org/issues/11600

        Need help fast? https://www.netgate.com/support

        O 1 Reply Last reply Reply Quote 1
        • O
          Ofloo @cmcdonald
          last edited by

          @rcmcdonald91 OK great.

          C 1 Reply Last reply Reply Quote 0
          • C
            CZvacko @Ofloo
            last edited by

            I also recently had a problem with MTU on pfsense v 2.7.2 & WireGuard v 0.2.1, I had to set MTU 1420 on the WG interface to resolve issue.

            I set up a WireGuard Site-to-Site VPN according to instructions, everything worked, only the local client (Windows OS) had a problem accessing the remote samba share (Linux OS). I was able to open the remote machine by IP, the share appeared, but I was unable to list the folders inside the share. When the local client accessed the remote samba share (but with Windows OS), it worked fine.

            Just sharing...

            1 Reply Last reply Reply Quote 0
            • P
              pLu
              last edited by

              I also had to manually set the MTU on the assigned interface to 1420 in pfSesnse 2.7.2, otherwise it would have the standard 1500.

              E 1 Reply Last reply Reply Quote 0
              • E
                eagle61 @pLu
                last edited by eagle61

                @pLu said in wireguard mtu issues:

                also had to manually set the MTU on the assigned interface to 1420 in pfSesnse 2.7.2, otherwise it would have the standard 1500.

                That's fine in IPv4-Networks. If you run also IPv6 the MTU needs to be between 1280 and 1412.

                yon 0Y 1 Reply Last reply Reply Quote 0
                • yon 0Y
                  yon 0 @eagle61
                  last edited by

                  i have to setup mss to 1280.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post