Nftable rules for setting wireguard MTU

Installing and Using OpenWrt
1

Currently I use as standard mss clamping this rule:

chain wg_maxseg {
    type filter hook forward priority -1; policy accept;
	oifname "wg_*" tcp flags syn tcp option maxseg size set meta nfproto map { ipv4 : 1352, ipv6 : 1372 }
	iifname "wg_*" tcp flags syn tcp option maxseg size set meta nfproto map { ipv4 : 1352, ipv6 : 1372 }
}

However, it can happen that with several wireguard tunnels with different uplinks, we need a different MTU. In particular a MTU of 1412 is not possible anymore with DSL-Lite (MTU 1400).

Can I just do

chain wg_maxseg {
    type filter hook forward priority -1; policy accept;
	oifname "wg_*" tcp flags syn tcp option maxseg size set rt mtu
	iifname "wg_*" tcp flags syn tcp option maxseg size set rt mtu
}

? What do you do with wireguard and mss clamping?

2

Why don't you first set the proper MTU on the individual tunnels?

screen28

I just do this on the firewall zone:

screen29