What's new

Wireguard MTU?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

hifiwifi

Regular Contributor
I'm using a Wireguard config from my VPN provider. I notice doing ping tests that it sets the MTU at 1420 for the WG connection.

Is there any advantage to setting the MTU on the modem and/or the router WAN to 1392?

RT-AX86U
 
In your environment? We don't know.

Test, note, and come back and let us know too.
 
It should be a part of the WireGuard configuration but has yet to be present in the latest GUI.
Screenshot_4.png
 
Also, I can't find the parameter "Listen Port" for Client configuration.

Can I see the config file through SSH and configure it manually?
 
I have the issue related exactly with wireguard MTU. Under default client config an opening of the remote "server" router GUI "hangs" by fragmentation reason. When use windows client directly on local PC and I set MTU = 1360 the issue resoves. But I do not see the way to specify this parameter for router. I tried to force this line into the config file then import it into router, but this does not work. May be router's wireguard version is old?
 
Also, I can't find the parameter "Listen Port" for Client configuration.

Can I see the config file through SSH and configure it manually?

You don't use listen port in a client config. Just in a server config. In a client config, you specify a port in the endpoint directive.
 
It is perfectly legitimate to specify a listen port on the client config, you do not have to and in that case a random port will be chosen.
True enough. I guess what I was getting at is since a listen port is generally not required to be specifically stated in client setup, the Asus GUI has no option for it. Then again, they don't have an option to set the MTU, so what do I know.....
 
Other third party firmwares have options to set the listen port and MTU.
I have seen problems with MTU (slow, non loading websites with UDP etc.) so having the ability to set MTU is something which is very useful.
Having the option to set a listen port can be useful I have seen providers which expect the same listen port on the Client as on the Server (of course that is a bad implementation) further more if you have multiple tunnels running you have to make sure they all have a different listen port.
 
Sorry to add to this but I am a wee bit confused about the MTU setting for the "Wireguard Server" vs the Peer.
The Peer Configs are exported and I have added MTU=1420 (as a trial) to the [Interface] section of the (presumably) Peer conf file.

I see folks talking about this MTU number needing to be the same (or less) than the Server.
Is the Wireguard 'Server' MTU setting just the MTU 1492 one in the WAN page of the Asus menu?

ta

k.
 

Attachments

  • Interface 1420.jpg
    Interface 1420.jpg
    15.2 KB · Views: 84
Is the Wireguard 'Server' MTU setting just the MTU 1492 one in the WAN page of the Asus menu?
No, it should normally be set to 80 less, so if your wan is 1492 then Wireguard MTU should be set to 1412. But Im not sure how well the firmware handles this. My wan is 1500 and wg server is 1420.
Since the firmware is not supporting custom mtu you will need to ssh into the router to find out what it is set to, or to change it.
 
No, it should normally be set to 80 less, so if your wan is 1492 then Wireguard MTU should be set to 1412. But Im not sure how well the firmware handles this. My wan is 1500 and wg server is 1420.
Since the firmware is not supporting custom mtu you will need to ssh into the router to find out what it is set to, or to change it.
Thanks for that. As above I just added the MTU= line in to the peer .Conf file, is this the item you are referring to as being ignored by the FW? Importing the Conf into WG in iOS shows up the MTU line which you can amend on the fly.
 
No, it should normally be set to 80 less, so if your wan is 1492 then Wireguard MTU should be set to 1412. But Im not sure how well the firmware handles this. My wan is 1500 and wg server is 1420.
Since the firmware is not supporting custom mtu you will need to ssh into the router to find out what it is set to, or to change it.
I did not know this, I have been using wireguard for a while. When, or how, did you discover this necessity?
 
No, it should normally be set to 80 less, so if your wan is 1492 then Wireguard MTU should be set to 1412. But Im not sure how well the firmware handles this. My wan is 1500 and wg server is 1420.
Since the firmware is not supporting custom mtu you will need to ssh into the router to find out what it is set to, or to change it.
could you elaborate which file needs to be amended please, where in the file and any syntax ?

tia

k
 
I did not know this, I have been using wireguard for a while. When, or how, did you discover this necessity?
We have had this discussion in the wgm threads. I initially searched for a "safe" value and set mine to 1412, @Martineau figured this to be 1500 - 80 (for wg) - 8 (for ppp). These figures are all over the internet, wg ipv4 header is 60 bytes, wg ipv6 header is 80 bytes.
https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html

So if you are ipv4 only you could boost your mtu to 1440 (or 1432 for ppp) but it will hardly make much difference. Rather a tad to low then too high.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top