Jump to content
Not connected, Your IP: 18.117.93.183
Wojtek242

Can the default wireguard MTU value be increased

Recommended Posts

I have a raspberry pi at home on which I run a wireguard server. I use this server to connect to my home network over wireguard.

In order to avoid opening ports on my home router and to have both IPv4 and IPv6 access to my home network and for extra security, the raspberry pi first connects to AirVPN via wireguard and I set up port forwarding to the raspberry pi. Therefore, I effectively run wireguard over wireguard. Raspberry pi connects to AirVPN, I connect to the raspberry pi via AirVPN. This was great for me specifically, because it allowed me to have a dual-stack IPv4/IPv6 address for this server even though my provider only gave me an IPv4 address. It's also more secure since I can revoke the AirVPN keys without access to my home network thus breaking all connections to my home network.

This setup works when the raspberry pi server is IPv4-only which was sufficient to access my private home IPv4 network. That is, the pi<->AirVPN tunnel has dual-stack interfaces, but the underlying connection is IPv4, but the me<->pi wireguard interfaces are IPv4, but the underlying connection can be either IPv4 or IPv6.

Now I do have an IPv6 address at home and I am migrating my network to IPv6 to also allow the me<->pi interfaces to be dual-stack. However, I've run into a problem in migrating my pi server wireguard interface to IPv6. The AirVPN tunnel config sets an MTU of 1320. In order to make sure my wireguard-over-wireguard traffic fits over this tunnel, I set the MTU of my interfaces to 1320-80 = 1240. However, I learned today the hard way that the minimum MTU for IPv6 is 1280... I would like to keep this wireguard-over-wireguard solution since it allows me to keep dual-stack access regardless of whether I have dual-stack via my operator and it gives me greater control over the entrypoint since I can disable port forwarding or revoke keys via the AirVPN website from outside my home network.

What is the reason for setting the default MTU to be 1320? What problems will I encounter if I increase it to 1360 so that my IPv6 server interface can have the required 1280 MTU? Is a 1320 MTU just a good default to make sure it works for everybody?

Share this post


Link to post

Probably 1320 was choose as it usually just works. Most likely your network will function with a higher value, so give it a try. It all depends on your internet connection MTU. If you know it, you can calculate other MTUs. Check your router WAN interface settings or ask ISP. Standard Ethernet has 1500. Wireguard + the rest of the stack takes 80, so the Wireguard default is 1420. However, if the base MTU is lower than 1500, which happens with some internet connection types, you'll start getting issues. Usually low speed and stuff like HTTPS, SSH not working reliably.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...