Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard site2site MTU setting advice?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard site2site MTU setting advice? (Read 1282 times)
jwest
Newbie
Posts: 23
Karma: 0
Wireguard site2site MTU setting advice?
«
on:
March 05, 2024, 08:05:46 pm »
I have two locations. For each one there is a roadwarrior (wireguard) setup which is instance 1. Then there is a site to site VPN set up between the two (wireguard) which is instance 2. All this works well, but I'm curious about a point in the instructions maybe someone can advise on.
In the official opnsense wireguard site2site instructions (
https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
) under step 4A and 4B there is a section that mentions setting up a normalization rule to prevent wireguard from trying to stuff 1500 bytes inside a 1500 byte packet. I omitted that step on each side. Not the whole step, I did add the rule to allow traffic, just the normalization rule I skipped.
It seems to work fine, but I noticed that when I look at the site2site interfaces they list 1420 as the MTU. Would this not indicate that without the rule, something is already smart enough to reduce the MTU? Or am I missing something still necessary? 1420 sounds about right, but the doc page says use less than or equal to 1380. I feel like I'm missing some understanding.... Any thoughts MOST appreciated!
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1613
Karma: 176
Re: Wireguard site2site MTU setting advice?
«
Reply #1 on:
March 05, 2024, 08:38:39 pm »
You can read about it here:
https://github.com/opnsense/docs/pull/498
The MTU (packet size with headers) should be 1420 or below, and the MSS (payload inside the packet) should be 40-60 bytes lower.
Logged
Hardware:
DEC740
jwest
Newbie
Posts: 23
Karma: 0
Re: Wireguard site2site MTU setting advice?
«
Reply #2 on:
March 05, 2024, 09:20:02 pm »
Ah thanks for the link, read it all and I'm off and running. Thanks so much!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard site2site MTU setting advice?