Do you lower your MTU on OpenWRT when you use Wireguard on LAN device?

Top edit: I'm not configuring any VPN interface on the Router. It's gonna be a regular PPPOE router without VPN. I will be using the VPN client on the PC where I will set MTU to 1376 and tweak the router accordingly.

Shall one set their router's MTU manually to reflect LAN devices (using wireguard) MTU if one is not using fancy ICMP shenanigans for autoconfiguration?

1- If I want to set the MTU for router, which devices should be set?
-eth0
-wan0
-brlan0
-lan1
-lan2

2- Should you set them to the same value as LAN device (1376 in my case) or increase it by accounting +8 for PPPOE or anything else?

(Both devices are ipv4 only but I'm not trying to maximize the value as I have better latency when it's set to = 1376)

3- Is having "MSS Clamping" enabled on WAN interface beneficial in this case?(No ICMP messages between devices or between router and WG server)

4- (not relevant to openWRT but more of a general networking question) Is it any good to set both the "ethernet" and "wireguard" adapters on Windows PC to the same value or leave ethernet adapter with its default 1500?

Edit: Even though a user has felt that he has given me the answers I was looking for, that's not how I see it. So I'm still looking for input from fellow forum members.

Very similar thread (almost seems like the exact same question): Should I change MTU for specific devices?

(Not sure why folks have been posting multiple times recently. :man_shrugging: )

2 Likes

I think you misunderstood and even misreplied to the wrong topic.

You certainly didn't need to post an answer on an older post while more recent (and more important to my current project) questions were asked here.

That post did not get any attention until now you've posted on it.
Even though they may look similar to you, if you check this post you'll see 4 questions, not 2 questions like that other one. And these 2 posts share just 1 question between them.

I will respond to your post here as I chose to ask my more recent and valid question on this post:

You cannot make the MTU larger than the actual PHY's maximum (most Ethernet-based ISPs, this is 1500) - so 1504 is invalid on the ISP unless they explicitly instruct otherwise

The default MTU of my eth0 device after reflashing shows as 1504, it just works and I don't care about it. I wasn't inquiring about it, but you can see it on the screenshot:

If you're literally running Wireguard on LAN to just to encrypt LAN, then your Ethernet's MTU could be raised slightly but you still have a 1500 on WAN restriction on that interface too.

This doesn't make sense, either you missed my point or you seem to forget that all VPN protocols by design works by encrypting and decrypting data. Those packets are specified in bytes and this is what's MTU. Setting the right MTU is proven to be extremely rewarding in VPN scenarios and it's no easy task. However, my 5 questions remain unanswered.

It really gets futile to play with the MTUs.

It certainly is not futile, you're saying that because you're just fine with defaults but I'm not. You can't imagine every scenario nonetheless. In my scenario I have seen the importance of it to come here and spend time to write down all these questions, even reading countless websites about the subject.

I can send you screenshots of my latency dropping from 200 to 100 ms while my jitter dropping to 100-200 to 17ms just by setting the right value for MTU. This is critical for a Mini-PC which gets heated when my mom cooks food in the next room and a not-so-powerful router because fragmenting/defragmenting is extra cpu cost. It may not be so important when you're torrenting, but I would take whatever performance boost I can for live conferences, screen sharing, etc.

Adios.

You must have not read the community guidelines. My bad. Carry on. Also, everyone can read both posts, posting again did nothing put spam - but you insist the question is different, OK. :+1:

(You coulda simply noted that so this post doesn't get closed.)

Ummm I run many tunnels...and it seems you really are lost on what MTU is.

See: https://en.wikipedia.org/wiki/Maximum_transmission_unit

You also realize you've never mentioned the remote end...I guess you missed my point about encrypting LAN only.

100 ms leads me to believe you are not on LAN, so you're right, my information wouldn't apply.

You must have not read my reply in the original topic, so I'll note here you had all questioned answered:

MTU is a required setting for all interfaces.

You set them to the maxiumum.

As noted before, it does noting to keep enabled.

You set the Ethernet to the Ethernet MTU and WG to the WG MTU.

There can't be a mismatch (without issues), so again some of these questions seem like a lack of understanding MTU.

If a lower MTU works for you everywhere, that's fine. People used to do that on dialup connections "back in the day" to get better connection. :+1:

You are trolling me now, can you not turn this into a piss-fight?

As I am the one asking the questions and reading your useless responses about them, I think I'm in a good place to say that you've not given me even one answer I was looking for or I needed.

Please give space for others to help me out as they wish.

???

Yep...I'll go. This is wild...you're spamming, I answered all 5 questions and then you say I'm trolling you.

Wow. :frowning_face: I hope the best for your config. That's quite rude.

(To others, I assumed OP was encrypting LAN because that's what was mentioned previously...I realized that was incorrect when 100 and 200 ms was mentioned...so you'll have to ask about where the VPN is to provide accurate information. Best wishes.)

What's rude is digging out an older post and necroing it for the sake of this one and claiming that they are the same questions while only 2 out of 6 of them is the same. And then you make a remark about community guidelines? How about common sense now?

I've even been patient with this. I wish you well.

Just saying, you can just ignore responses, no need to act impolite, after all you asked questions and @lleachii took time to respond. This forum is not limited in any meanigful way, so his posts do not take space away for others to post....

Regarding to your topic, if you want to avoid fragmentation you should set your VPN interface vMTU such that vMTU+VPN-overhead <= link layer MTU... but that does not guarantee that fragmentation is not happening, as any other link along a network path might have a lower MTU. This is why protocols try path MTU discovery to segment/packetize their data accordingly. Often that works, but not allways... Typically TCP is affected most, and for TCP MSS clamping is a more side effect free way of achieving your goal....

2 Likes

We usually don't double post cross-related topics here, so again, my apologies if you came forum where that doesn't keep their forum tidy.

Understood, again...first experience with someone re-posting any questions and getting mad instead of understanding, adding to the old topic, guessing cause you number these paragraphs I'm supposed to believe all is unrelated, etc. I read you now. :+1:

I'll make a note about you when I see you inquire and never do it again. It's all good.

Apologize for getting off on the wrong foot. No need to attack me further for an honest mistake...

Thanks for your effort but I need to clarify and seperate this topic from the other one.

This time I'm not configuring any VPN interface on the Router. It's gonna be a regular PPPOE router without VPN.

I will be using the VPN client on the PC where I will set MTU to 1376 (it is the optimum I've found in my use-case and also there are test charts showing benefit of setting the MTU between 1335-1390- much less than maximum)

In this case, router has 2 interfaces (ipv4-WAN and LAN) and 5 Devices (eth0, wan0, brlan0, lan1,lan2)

I'm trying to figure out which devices are to be tweaked and if I should create a 8 byte difference (or more) between the router's MTU (?) and PC MTU (1376).

Please don't forget I'm not maximizing here, just trying to make the flow as easy as possible for the packets.

Very simply as a first step, I think setting Lan devices MTU to 1376 would be a good start?

Sorry if you already lowered the MTU of the pre encrypted data correctly, which if I understood you happens on a host computer, then you should NOT lower the MTU on your router.

The only reasons to force an MTU smaller than ethernet's default of 1500 are IMHO:
a) that MTU already results in fragmentation
b) you consciuosly want to reduce the packet size, for example if you have a very slow link and want to reduce transmission times (at the cost of throughput)

So in short only fudge MTU values if you fully understand what that is supposed to effect. And then take the time to confirm that your changes have the desired result.

4 Likes