Hi all,
I have a fairly simple wireguard setup between my opnsense at home and a VPS in a datacenter. Wireguard is configured with an MTU of 1380 on both, the wireguard config (both ends) and on my wg0 interface on my opnsense.
This works flawlessly until I reboot. After that, the tunnel comes back up properly but it looks like the MTU isn't being set properly in the interface.
When I head to the wg0 interface on the opnsense and click apply once without doing any changes, the tunnel instantly works and transfers data.
I do think that this is related to the MTU as http works partially after reboot (before re-applying the interfaces settings) but https doesn't at all, this is the same which I observed before I put the MTU down to 1380 (behind a PPPoE IPv6 line).
Does anyone have insights what might be going wrong here?
Thanks,
Robin
Sorry to dumb..
Does anyone have an idea?
I just had the same behavior after a reboot again. Checking ifconfig, I see that the MTU of 1380 is applied and I can reach the other end of the tunnel, however anything TLS based doesn't go through until through until I click apply in the interface UI again.
root@fw01:~ # ifconfig wg1
wg1: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1380
options=80000<LINKSTATE>
inet 10.0.0.2 netmask 0xffffff00
groups: wg wireguard
nd6 options=103<PERFORMNUD,ACCEPT_RTADV,NO_DAD>
Interfaces > LAN - set the MSS to a suitably low value.