Currently I use as standard mss clamping this rule:
chain wg_maxseg {
type filter hook forward priority -1; policy accept;
oifname "wg_*" tcp flags syn tcp option maxseg size set meta nfproto map { ipv4 : 1352, ipv6 : 1372 }
iifname "wg_*" tcp flags syn tcp option maxseg size set meta nfproto map { ipv4 : 1352, ipv6 : 1372 }
}
However, it can happen that with several wireguard tunnels with different uplinks, we need a different MTU. In particular a MTU of 1412 is not possible anymore with DSL-Lite (MTU 1400).
Can I just do
chain wg_maxseg {
type filter hook forward priority -1; policy accept;
oifname "wg_*" tcp flags syn tcp option maxseg size set rt mtu
iifname "wg_*" tcp flags syn tcp option maxseg size set rt mtu
}
? What do you do with wireguard and mss clamping?