ANSWERED Traffic problem with Wireguard

[nocturnaltabernacle 2]

I'm seeing some web pages not working through Wireguard while they work through OpenVPN on the same server.

For example Firefox status bar might say "Performing a TLS handshake..." and the page loads without images and styles, or the page doesn't load at all.

I'm running pfSense 2.6.0 as my router and AirVPN client and I tested from Linux and Mac workstations. What might be the issue?

[Staff 9972]

@nocturnaltabernacle

Hello!

It might be an MTU size issue. By default, on Linux and FreeBSD, WireGuard might set a 1420 bytes MTU size, which is too big for some networks. Shrink it to 1320 or even 1280 bytes (the minimum accepted value) and test again.

In order to change wg interface MTU size on your BSD system, please edit the wg configuration file with any text editor and add the line:

MTU = 1320

in the [Interface] section.

Kind regards
 

[nocturnaltabernacle 2]

Thanks for the tip, that was indeed it. I found other discussion in the pfSense forums about it and they suggested MSS value of 1420 for the WG interface. Either setting will probably work just as well.

[go558a83nk 362]

15 hours ago, nocturnaltabernacle said:

I'm seeing some web pages not working through Wireguard while they work through OpenVPN on the same server.

For example Firefox status bar might say "Performing a TLS handshake..." and the page loads without images and styles, or the page doesn't load at all.

I'm running pfSense 2.6.0 as my router and AirVPN client and I tested from Linux and Mac workstations. What might be the issue?

Go into the wireguard interface that you created and change MTU and MSS to 1420 or some other matching lower value but for me 1420 is fastest.

[nocturnaltabernacle 2]

1 hour ago, go558a83nk said:

Go into the wireguard interface that you created and change MTU and MSS to 1420 or some other matching lower value but for me 1420 is fastest.

Thanks, I added 1420 to MSS and that seems to have fixed it and speed is good.