Wireguard MTU?

[Ranger802004]

I'm using a Wireguard config from my VPN provider. I notice doing ping tests that it sets the MTU at 1420 for the WG connection.

Is there any advantage to setting the MTU on the modem and/or the router WAN to 1392?

RT-AX86U

No, leave your WAN MTU at what it is suppose to be, your VPN MTU needs to be set to whatever the maximum transmission can be + overhead packet bytes to fit within the WAN MTU otherwise you will get packet fragmentation and that degrades the quality of your link severely.

 

[privacyguy123]

I just noticed this today when diagnosing some bittorrent connection problems.

Help me understand this - WG Is reading my Routers default MTU of 1500 and subtracting 80 to get 1420 and that is what the WireGuard interface is running at. My Windows laptop WiFI adapter still thinks it should be at 1500 ... this is the machine I need to change right? Not the router? So in Windows I should override to 1420 because all my traffic is filtered through the WG interface on my router?

 

[Ranger802004]

I just noticed this today when diagnosing some bittorrent connection problems.

Help me understand this - WG Is reading my Routers default MTU of 1500 and subtracting 80 to get 1420 and that is what the WireGuard interface is running at. My Windows laptop WiFI adapter still thinks it should be at 1500 ... this is the machine I need to change right? Not the router? So in Windows I should override to 1420 because all my traffic is filtered through the WG interface on my router?

No leave the clients alone, they will also use 1500 like your router by default and the router will handle fragmentation of the packets going over the VPN.

 

[privacyguy123]

No leave the clients alone, they will also use 1500 like your router by default and the router will handle fragmentation of the packets going over the VPN.

I was to understand fragmentation was bad - why would I want this?

 

[Ranger802004]

I was to understand fragmentation was bad - why would I want this?

For a VPN tunnel you won’t really have a choice because the actual transmitted data in the packet will be smaller than 1500 to include the packet overhead for the VPN. With TCP connections within the tunnel they will be able to see this and adjust using what’s called MSS (Maximum Segment Size). You can load up wireshark and start a connection that goes over the VPN and see this happen. It will have some fragmentation at first and then all of the packets will adjust to a smaller size that will fit in the MTU with overhead. With OpenVPN specify an MSS value with mssfix but I’m not sure if there is one for Wireguard.