A little help with MTU please...

[CarlitoGrey]

Hi all,

Not a network engineer here but I've tried to glean what I can and provide as much info possible. Just a little confused on how to set MTU - I believe this to be the cause of the last intermittent issues I am seeing such as random sites not loading.

I have a dual WAN set up, and each WAN connection has a wireguard tunnel within. To establish the MTU this is the process I have been using:

Set physical interface to MTU 1508
Disable wireguard and route ICMP to a specific WAN connection.
Ping and increase packet size until I stop getting a response. Let's say the max I get is 1456
Set:
   Physical interface to 1456+28
   PPPoE to 1456+28-8
   Wireguard instance and interface to 1456+28-8-60

For my second WAN the MTU is much lower, 1352, after pinging (it's a 5G connection), it's currently set:

   Physical interface to 1352+28
   Wireguard tunnel to 1352+28-60

I have also set normalisation for each wireguard interface with an MSS of 1456+28-8-60-40 for WAN1 and 1352+28-60

As mentioned with the above set up I am getting good speeds, but still websites will randomly stall. On refresh a few times they load quickly as I would expect.

Any validation of my process, or pointers would be very much appreciated!

[Monviech (Cedrik)]

Hey, in here you can find the best practice wireguard mtu and mss.

https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html

Discussion on github was here:
https://github.com/opnsense/docs/pull/498