Hello, long time lurker, first post. I moved over from pfSense a few months ago and couldn't be happier!
Anyhow, one small issue. I am hosting my own VPN server with both OpenVPN and Wireguard and I experience the same issue on both services. I also have a VTI with Wireguard (but already tried changing it to IPSec, and experienced the same exact issue)
Under the firewall rules (both openVPN and WG), I created a rule to route a specific alias over the VTI. When trying to access the alias from the VPN, the page tries to load. I get the favicon, but eventually it just times out.
Copy the exact same rule but under the LAN interface, and it works perfectly when accessing from my home network
Sounds like an MTU issue to me, and I've played around with it but no luck. Any other suggestions?
Thank you
Try clamping the MSS too, eg: use 1400 for both MTU and MSS.
Thank you. After running a packet capture I realized that the issue was unrelated to MTU. I had to create an outbound NAT rule. Source is the WG subnet, destination is the alias I created, and NAT address is the OPT interface address associated with the VPN.