E.Johansson
DD-WRT Novice
Joined: 29 Oct 2021
Posts: 10
|
 Posted: Wed Nov 17, 2021 17:19 Post subject: |
 |
P.S. I found that the highest setting that works for Comcast / Xfinity "xfinitywifi" hotspots is MTU = 1395.
You have to have that value set in the dd-wrt router, but you do not need to change the MTU setting at the other end of the tunnel (unless it's also connected to an "xfinitywifi" hotspot, I suppose). I'm connecting the dd-wrt router as a WG client to a pfsense box running WG as the server, the pfsense box is connected to my Comcast cable modem, and everything works fine with MTU set to default on the pfsense side. The MTU needs to be limited to 1395 for traffic from the dd-wrt box to the pfsense box, but not the other way around.
I haven't had time yet to do extensive testing to see if MTU=1395 works for all hosts on the client LAN, just the dd-wrt Status page, and I also tested that a SSH session through the tunnel to the dd-wrt router now works too.
Also remember that on the Services/Services page, Secure Shell must be Enabled, and “SSH TCP Forwarding” also *must* be Enabled - otherwise dd-wrt restricts access to SSH and the Web GUI to the local LAN **only**.
HTH anyone else searching for a solution to this.
BTW, routing between client subnets is now working too: I can access client 1's router from a computer connected to client router 2, and v-v, which is really cool. Of course, I will set up firewall rules on the server as needed to restrict access between hosts.
Thanks again.
Last edited by E.Johansson on Fri Nov 19, 2021 4:41; edited 6 times in total |
|
E.Johansson
DD-WRT Novice
Joined: 29 Oct 2021
Posts: 10
|
| Posted: Wed Nov 17, 2021 17:36 Post subject: |
|
P.P.S. More of a rhetorical question really, but isn't Wireguard meant to auto-negotiate the correct MTU value for any given link?
I have no understanding of the details of MTU, beyond the analogy that "The bridge on the route with the lowest weight limit is the weakest link and thus sets the limit for heaviest truck that can travel over that route" or similar basic understanding.
I did try to test to determine the MTU myself - obviously I did it wrong - by setting up a sftp server to send large files up and down the tunnel, at the MTU limit I had set, and they came through with out restriction.
So, maybe a question for the developers to consider: Is there perhaps an improvement to be made in dd-wrt or in the implementation of WG on dd-wrt when it comes to either the maximum MTU that the Status page / Web GUI / SSH will tolerate, or in how the built-in WG client negotiates MTU with the server?
Thanks.  |
|
