On Thursday, December 18, 2025 at 01:08:29 AM GMT+9, Stuart Henderson <[email protected]> wrote:
On 2025-12-17, Stéphane Guedon <[email protected]> wrote: >> This is a multi-part message in MIME format. >> --------------T09rgncy60gERzj3vsDVRYGQ >> Content-Type: text/plain; charset=UTF-8; format=flowed >> Content-Transfer-Encoding: 7bit >> >> I have setup a wg tunnel between a cloud server VM (dina) and my home >> network (mirror is my main router). Both run the last release of OpenBSD. >> >> Globally, it works fine. I have notably syslog messages in that tunnel. >> >> But trying to ssh into the vm is holding, I have no clue why : >mtu blackhole. >the endpoints are at default (1500), but the tunnel is 1420. that's ok >when the tunnel is directly on the endpoints as then they know not to >use larger packets over it, but if it's done via a router then you >often need to fiddle with packets to get this to work nicely. >try this: >match on wg0 inet proto tcp scrub (max-mss 1380) >match on wg0 inet6 proto tcp scrub (max-mss 1360) Sorry to jump from in. Is there any advantage on doing it this way instead of reducing mtu on wgX to 1200 or something? I kind of used the latter when faced with such issues.
