Sometimes, when you are running Wireguard VPN, you encounter issues on your laptop/desktop, where loading certain websites that are on another server on the same private VPN network.
The symptoms are very slow loading, because of there are lots of errors and retries.
Sometimes, the site would not load at all.
But when you try from an Android phone, everything loads normally.
That points to an MTU issue.
To diagnose the issue, you need to run the following command, and changing wg0 to whatever your Wireguard interface name is:
sudo ip link set wg0 mtu 1420Then, you run the following command with a high MTU, reducing it, until you get no errors and zero packet loss.
ping -M do -s 1420 -c 10 host1.example.com
PING ssp.home.priv (10.10.0.4) 1405(1433) bytes of data.
ping: local error: message too long, mtu=1420
ping: local error: message too long, mtu=1420
ping: local error: message too long, mtu=1420
^C
--- ssp.home.priv ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2056msKeep trying other values that are lower, then go up in small increments:
ping -M do -s 1390 -c 10 host1.example.com
ping -M do -s 1395 -c 10 host1.example.comFinally, find the largest number that works, for example:
ping -M do -s 1392 -c 10 host1.example.com
PING host1.example.com (10.10.0.4) 1392(1420) bytes of data.
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=1 ttl=63 time=151 ms
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=2 ttl=63 time=109 ms
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=3 ttl=63 time=228 ms
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=4 ttl=63 time=186 ms
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=5 ttl=63 time=155 ms
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=6 ttl=63 time=104 ms
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=7 ttl=63 time=223 ms
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=8 ttl=63 time=82.0 ms
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=9 ttl=63 time=141 ms
1400 bytes from host1.example.com (10.10.0.4): icmp_seq=10 ttl=63 time=98.6 ms
--- host1.example.com ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9012msThen edit the file: /etc/wireguard/wg0.conf
Add the line:
MTU = 1392Then restart Wireguard:
systemctl restart wg-quick@wg0Then test that ping still works:
ping -c 10 host1.example.com
Most Comments
Most commented on articles ...