Skip to content

Feature request: MTU testing to find the best MTU #2570

New issue
New issue
Open
#2586
Open
Feature request: MTU testing to find the best MTU#2570
#2586
Labels
Category: Firewall ⛓️Category: OpenVPN 🔐Category: Wireguard 🔐Complexity: ☣️ Hard to doStatus: 🔒 After next releaseWill be done after the next releaseStatus: 🟡 Nearly resolvedThis might be resolved or is about to be resolved
@qdm12

Description

@qdm12
qdm12
opened on Nov 7, 2024

What's the feature 🧐

  • See feat(vpn): path MTU discovery to find the best MTU #2586
  • if MTU testing it fast enough, deprecate WIREGUARD_MTU, OPENVPN_MSSFIX and remove default MTU values in Openvpn configurations
  • do we need a large link MTU to send large ICMP packets to test the MTU? If yes, we should hold all traffic (firewall?) until the MTU is found. This would make the implementation complicated.

Extra information and references

  • Created from issue Bug: dns over tls timing out on latest image (TLS handshake) #2533 (comment)
  • High MTU gives a higher bandwidth (less header overhead)
  • Low MTU is more reliable
  • All network links from the VPN client to the VPN server must support the MTU (AFAIK)
  • OpenVPN has the mtu-test option which takes about 3 minutes
  • Wireguard would need its own implementation, so we might as well have the same implementation for both wireguard and openvpn

Metadata

Metadata

Assignees

No one assigned

    Labels

    Category: Firewall ⛓️Category: OpenVPN 🔐Category: Wireguard 🔐Complexity: ☣️ Hard to doStatus: 🔒 After next releaseWill be done after the next releaseStatus: 🟡 Nearly resolvedThis might be resolved or is about to be resolved

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions