1
24.1 Production Series / wireguard default MTU setting changed logic
« on: February 28, 2024, 02:41:13 pm »
Hi all,
in our setup we use jumbo frames through a wireguard VPN tunnel between two OPNsense instances together with OSPF. After the upgrade to 24.1 the dynamic routing stopped working and I could find in the logs
[XZZ9Y-NNTMQ][EC 134217741] Packet[DD]: Neighbor x.x.x.x MTU 8920 is larger than [wg2:x.x.x.x]'s MTU 1420
After switching temporarily to static routing and some hours of debugging I was able to trace down the problem to the MTU logic used in wireguard. In the pre 24.1 OPNsense instance it says in the help for MTU option
But in the 24.1 instance it simply says
Thus, the MTU from the parent device, which is set to 9000, seems not to be considered anymore with 24.1 and OSPF refused to work!
Is this change in the default logic in wireguard intended?
This was a nasty bug, because the MTU option is also hidden in "advanced mode", but setting MUT to 8920 made everything work again right away!
Cheers,
Albert
in our setup we use jumbo frames through a wireguard VPN tunnel between two OPNsense instances together with OSPF. After the upgrade to 24.1 the dynamic routing stopped working and I could find in the logs
[XZZ9Y-NNTMQ][EC 134217741] Packet[DD]: Neighbor x.x.x.x MTU 8920 is larger than [wg2:x.x.x.x]'s MTU 1420
After switching temporarily to static routing and some hours of debugging I was able to trace down the problem to the MTU logic used in wireguard. In the pre 24.1 OPNsense instance it says in the help for MTU option
Quote
Set the interface MTU for this interface. Leaving empty uses the MTU from main interface which is fine for most setups.
But in the 24.1 instance it simply says
Quote
Set a specific device MTU for this instance.
Thus, the MTU from the parent device, which is set to 9000, seems not to be considered anymore with 24.1 and OSPF refused to work!
Is this change in the default logic in wireguard intended?
This was a nasty bug, because the MTU option is also hidden in "advanced mode", but setting MUT to 8920 made everything work again right away!
Cheers,
Albert