Wireguard PPPoE MTU issue

LSIO Discussion Container Support
1

Hi there!

I have an issue with Wireguard container that I use for routing my home traffic to the Internet. It looks like NAT-related which is described in the section «Road warriors, roaming and returning home» because it works with LTE (for Android) and doesn’t work from home Wi-Fi behind the NAT (both for Linux Mint and Android):

Снимок экрана от 2020-06-11 20-13-41
Снимок экрана от 2020-06-11 20-13-411165×423 70.4 KB

I think it has something to do with DNS. Because some sites could be opened with a browser and some are not. After flushing DNS all sites couldn’t be opened with a browser. Speedtest CLI successfully performed the Download test and failed with the Upload test. But dig successfully resolves names with the container’s DNS server. Android fails with Playstore and sites but successfully connects to the Telegram. So I don’t clearly understand what happens here.

The container runs on KVM VPS, my home router is TP-Link WR1043-ND and I use Pi-hole DNS on the RPi in my home network. I’ll give you all the necessary configs and logs that could help to understand and solve the problem. Help me please find a solution, I can’t do it myself, unfortunately.

2

Your current setup is not described clearly. You mention

and

but the section of the readme you copied is about running a wireguard server at home and making sure that a mobile device can still connect while connected to the same lan as the wireguard server.

You need to give us a lot more details on your current setup.

Post the command you used to create the container, where it is running and exactly how you’re trying to connect to it.

3

Oh, what a mistake on my part. It gives me the wrong way for searching solution from the outset :man_facepalming:t2:

The container runs with docker-compose on the Racknerd KVM VPS. I connect to it from the home network with Linux Mint 19.3 Cinnamon and Android 10 smartphone with almost identical configs (just Addresses are different). Android uses the official Wireguard app and Desktop connects with wg-quick up wg0.

All used configs gist.

4

I fix it with Android by setting MTU to 1200. But I can’t apply this fix to Desktop: wg-quick doesn’t allow MTU less than 1280 for some reason.

5

Ok, it was the MTU issue definitely. MTU on my router→provider PPPoE connection was 1300 and I don’t remember why. As it figured here Wireguard needs about 80 bytes for it, so it could use max MTU 1300-80=1220. But wg-quick doesn’t allow MTU less than 1280 bytes (still don’t know why).

So the solution is:

  1. Set PPPoE MTU on the router to recommended 1480 (1492 is the maximum allowed value for PPPoE).
  2. Add MTU = 1400 to the client configs (1480-80)
6

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.