Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
No ruleset for wireguard + mtu question
« previous
next »
Print
Pages: [
1
]
Author
Topic: No ruleset for wireguard + mtu question (Read 3494 times)
christianw
Newbie
Posts: 12
Karma: 1
No ruleset for wireguard + mtu question
«
on:
December 27, 2019, 09:52:26 am »
Hi,
I can't believe, that I'm the first one with this issue, so it's probably rather a problem between my keyboard and my chair...
After I installed WireGuard, there ist no ruleset (Firewall --> rules) for wireguard Interface. When I manually add a new Interface "WireGuard", there will be two rulesets "WireGuard". After removing of just added wireguard interface, everything seems okay, so there ist only one ruleset left.
Is that the intended workflow? :-)
And...
We have some udp traffic from collectd through wireguard tunnel. Unfortunately about 50% of those packets will not pass the tunnel, because wireguard mtu ist 1392 and those packets are > 1392.
Code:
[Select]
IP 10.10.0.1.51518 > 172.16.200.6.2003: UDP, bad length 1393 > 1392
Has anybody an idea for best practice? I think of UDP fragmentation, adjust collectd packet size (possible?) or wireguard mtu changes.
Best regards...
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: No ruleset for wireguard + mtu question
«
Reply #1 on:
December 27, 2019, 04:27:18 pm »
WireGuard MTU can be changed in local instance configuration. Normally the Firewall should frag those packets when they arent set with DF bit. If DF is set, change your local clients.
Don't assign an interface and label it WireGuard .. use something like WG0.
If the firewall tab doesn't apprear after enabling wireguard, go to a firewall rule (no matter which one), edit and save without changes, then it's there
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
christianw
Newbie
Posts: 12
Karma: 1
Re: No ruleset for wireguard + mtu question
«
Reply #2 on:
January 02, 2020, 05:28:16 am »
Hi mimugmail,
thank you. I'll try turning UDP fragmentation on at client side.
The hint with saving some rules is what I was looking for. :-)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
No ruleset for wireguard + mtu question