wireguard and TCP MSS discovery problem
1 view
Skip to first unread message
Wojciech Puchar
Feb 1, 2026, 5:55:22 AMFeb 1
to freebsd-...@freebsd.org
i started using wireguard (wg) recently instead of openvpn.
Works fine, but it's MTU 1420 makes problem.
problematic case is as follows
computer in local network <=> serwer <=(wg)=> another server <=ipfw NAT=> internet
when trying to view webpage from computer in local network it depends on
webpage. some loads without problems, some after long waiting.
ftp ftp.freebsd.org - connects, display directories, when issuing get -
stall at 0 bytes.
All cases clearly suggest there is some problems in TCP packets size
discovery.
How can i diagnose it?
Works fine, but it's MTU 1420 makes problem.
problematic case is as follows
computer in local network <=> serwer <=(wg)=> another server <=ipfw NAT=> internet
when trying to view webpage from computer in local network it depends on
webpage. some loads without problems, some after long waiting.
ftp ftp.freebsd.org - connects, display directories, when issuing get -
stall at 0 bytes.
All cases clearly suggest there is some problems in TCP packets size
discovery.
How can i diagnose it?
Wojciech Puchar
Feb 1, 2026, 5:59:18 AMFeb 1
to freebsd-...@freebsd.org
problem is "fixed" if i set mtu 1420 on ethernet interface in computer in
local network
local network
MailAtOsfux
Feb 3, 2026, 2:44:34 PMFeb 3
to Wojciech Puchar, freebsd-...@freebsd.org
Excellent questions.
Recently I encountered MTU/MSS issues with (debian) wg clients
connecting to my (FreeBSD, mtu 1420) vpn server. In my situation,
setting the MTU of the debian wg-clients` wg interface to 1392 proved to
be a stable workaround for remote-clients connecting over my pppoe
internet connection. I 've never tried setting the mtu on the FreeBSD
vpn server to anything other than 1420 though because I quickly
suspected my router/pppoe setup to be somehow involved.
I figured my issues might be partly due to the cumulative penalties
vlan/pppoe encapsulation impose on max MTU and might be related to
incorrectly configured mss-clamping in my mpd5 daemon.Not quite sure on
how to further troubleshoot either and because the lowered MTU for
internet-connecting clients is quite effective I quickly dropped the
issue :)
Recently I encountered MTU/MSS issues with (debian) wg clients
connecting to my (FreeBSD, mtu 1420) vpn server. In my situation,
setting the MTU of the debian wg-clients` wg interface to 1392 proved to
be a stable workaround for remote-clients connecting over my pppoe
internet connection. I 've never tried setting the mtu on the FreeBSD
vpn server to anything other than 1420 though because I quickly
suspected my router/pppoe setup to be somehow involved.
I figured my issues might be partly due to the cumulative penalties
vlan/pppoe encapsulation impose on max MTU and might be related to
incorrectly configured mss-clamping in my mpd5 daemon.Not quite sure on
how to further troubleshoot either and because the lowered MTU for
internet-connecting clients is quite effective I quickly dropped the
issue :)
Wojciech Puchar
Feb 4, 2026, 4:38:10 AMFeb 4
to MailAtOsfux, freebsd-...@freebsd.org
> my (FreeBSD, mtu 1420) vpn server. In my situation, setting the MTU of the
> debian wg-clients` wg interface to 1392 proved to be a stable workaround for
> remote-clients connecting over my pppoe internet connection. I 've never
> tried setting the mtu on the FreeBSD vpn server to anything other than 1420
> though because I quickly suspected my router/pppoe setup to be somehow
> involved.
>
> I figured my issues might be partly due to the cumulative penalties
> vlan/pppoe encapsulation impose on max MTU and might be related to
> incorrectly configured mss-clamping in my mpd5 daemon.Not quite sure on how
> to further troubleshoot either and because the lowered MTU for
> internet-connecting clients is quite effective I quickly dropped the issue :)
I have no pppoe or similar things. changing mtu of wg interface made no
> debian wg-clients` wg interface to 1392 proved to be a stable workaround for
> remote-clients connecting over my pppoe internet connection. I 've never
> tried setting the mtu on the FreeBSD vpn server to anything other than 1420
> though because I quickly suspected my router/pppoe setup to be somehow
> involved.
>
> I figured my issues might be partly due to the cumulative penalties
> vlan/pppoe encapsulation impose on max MTU and might be related to
> incorrectly configured mss-clamping in my mpd5 daemon.Not quite sure on how
> to further troubleshoot either and because the lowered MTU for
> internet-connecting clients is quite effective I quickly dropped the issue :)
effect.
Reply all
Reply to author
Forward
0 new messages