WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUTX 07.01.1 MTU of WIREGUARD interfaces

0 votes
641 views 6 comments
by anonymous

Hello,

By default the MTU of the wireguard interfaces is set to 1420 bytes (1500=default MTU of wwan0  minus 80). This will lead to dropped frames if the MTU of wwan0 is smaller for example 1460 then the limit is 1380. See here  here and probably others.

Would it be possible for the UI to check the MTU of the wan interface when the tunnel is created and adjust the value accordingly ?

Regards,

1 Answer

0 votes
by anonymous

Hello,

I'll bring attention to this question separately and will discuss it with our RnD internally. While having a lower default MTU might help for some mobile/PPPoE users, I've seen some complaints that even lower MTU (1360 when using IPv6 for example or even as low as 1280 in some very specific cases, see RFC2460, section 5) is necessary to make things work without interruptions. It's quite difficult to predict how service will function in any specific environment and setting MTU too low may cause performance drops due to increased packet fragmentation.

One thing I'd like to note is it may be enough to enable MSS Clamping by default (when WG zone is created) instead of lowering the default MTU. However, this may not work every case - in some cases MTU would still have to be set below 1420 (1400, 1392, 1380, 1360 etc...). Issues would arise (most notably) when using mobile or PPPoE interfaces.

Best regards,

Tomas.

by anonymous
I have one case a RUTX11 in the EU to a dd-wrt in the US, both ends have a 1500 bytes MTU on the wwan interface the tunnel isn't usable for any wg MTU above 1360 bytes. MSS clamping changes nothing. Go figure ...
by anonymous
Where do we enable MSS clamping in the interface?
by anonymous
In Network->Firewall/Zones.

I have completely given up trying to use MTUs above 1280 for wireguard. Not worth the hassle for a small performance gain.
by anonymous
Thanks. I tried mucking around with MSS clamping but my problem is bigger than just the WireGuard interface now. I'm having problems with MTU in general, packets going out wwan0 are not fragmenting properly. I'm testing with ping -s1472 1.1.1.1 for example and packets are just dropping dead.
by anonymous
What is the MTU of the wwan0 interface ? Have you tried to put the SIM in a phone and check the MTU? Is it the same ?
by anonymous
I'll post back shortly. I'm in the weeds right now. Currently experimenting with an MTU of 1428 on wwan0 and MSS clamping on a custom firewall zone.