Allow editing of MTU for Wireguard peers #1467
Description
Sometimes it's needed to adapt the Wireguard peer MTU to optimize connections or make them work but currently it's only possible to edit the MTU for the Wireguard server.
Proposed solution
Allow editing of MTU for Wireguard peers
Alternative solutions
Admins need to edit the peer configuration file manually
Additional context
From Community forum:
This is more of an opinion on how to properly create a VPN tunnel on a server for multiple peers,
but at this point Nethsecurity is going against the recommendations and best practices.
And the MTU configured this way will not work for peers connecting over “bad” network providers.
For example some bus and railway carriers, hotels etc.
It’s caused by a network configuration error at the provider.
If the provider has a smaller MTU on the route to the internet than the standard one, because they probably have the connection wrapped in another VPN layer, but the WiFi of the provider won’t tell your computer and the network stack of your OS.
Anything TCP (including TCP OpenVPN) will work but not UDP (Wireguard).
VPNs that set the normal MTU on TUN connections in UDP mode fail epically, because longer datagrams are silently discarded, instead of rejected it with an error.
So you need to reduce the MTU on the VPN network interface of the peer using the UDP protocol so that it can pass through those providers.
That is the reason you need to change the MTU for the peers and there config files, not the server MTU. The need of changing the servers MTU is very unlikely and rare, because most of the servers are not using networks with these problems.
See also
https://community.nethserver.org/t/wireguard-mtu-not-propagated-to-clients-configuration-files/26782
Thanks to antonin.chadima