Persistant MTU change for Wireguard Site-to-Site VPN

Comments

5 comments

  • Avatar
    Firewalla

    Most of the time you shouldn't need to change the MTU between the client and the server side. May I know what ISP are you using? (or the protocol being used on the WAN side of both sites?)

    Are you running other VPN protocols over the WireGuard VPN?

     

    0
    Comment actions Permalink
  • Avatar
    Alan

    I have a separate support ticket (87028) that has been open working through this issue. And based on additional testing on my part have clearly nailed down the problem with the MTU on the VPN Tunnel. And I've confirmed that manually setting the MTU to 1300 on each end of the tunnel resolves all the problems I've had. Comcast on one end and Comcast Community wifi on the other end. And yes there are other Wireguard VPNs on these Firewallas. 

    So I know MTU is the issue and solution. Now I just need to figure out the best way to persist a change.

    0
    Comment actions Permalink
  • Avatar
    Firewalla Team

    Our engineer will work with you on support ticket 87028.

    0
    Comment actions Permalink
  • Avatar
    tahoe250

    Is there any update to this?  I am also looking to adjust the MTU.

    0
    Comment actions Permalink
  • Avatar
    Alan

    I ended up making a user cron job that runs every 5 minutes on each firewall to set the MTU on the connection. This is working and the site-to-site VPN is functional. I have SNMP enabled on my firewalls and do see a higher number of packet errors than I'd like on the server side of the site-to-site VPN -- but it doesn't appear to be impacting functionality. 

    0
    Comment actions Permalink

Please sign in to leave a comment.