I had to add mtu_fix to the firewall wireguard zone configuration to prevent mtu stalls when browsing to some web sites. Please add this to the standard configuration.
I added
uci set firewall.wireguard.mtu_fix=‘1’
to the /etc/init.d/wireguard script
I added it to the wireguard_add_firewall function in the section that creates the wireguard zone.
This makes the Slate travel router with wireguard a great product.
Thanks
can you describe in more detail what will happen when “mtu stalls”?
Some web sites respond very very slow. Some do not respond at all. I can remedy the problem by reducing the MTU on my laptop to 1420 to match the Wireguard tunnel and that fixed the problem. That knowledge led me to study the mtu_fix option in the OpenWRT router config. I found that by adding mtu_fix = 1 solved the problem without me having to change my laptop MTU.
Your standard configuration includes the mtu_fix option on the “wan” interface but it also needs to be on the “wireguard” interface.
My configuration uses Slate software version gl-ar750s-3.003-0929-c4873dd44df3d81cb1aebb56771307fb.
My Slate connects via WiFi to the hotel WiFi. Wireguard connects to a Ubiquiti EdgeRouter at my house. My laptop was connected via wire to the Slate.
One of the websites that does not work without reducing the MTU or using the mtu_fix option is https://www.12bones.com (a restaurant).
Let me know if you need more info.
It is very clear.
I just tried on my AR750s and windows and I don’t have this problem. Setting up mut_fix doesn’t change anything. I can always access 12bones.com without problem. Anything else I can try?
That’s odd. I have a friend with an identical setup to mine that behaves exactly the same as mine. What do you use for the server end of the Wireguard Tunnel?
+1
I had exactly the same problem - none of my banks status sites would load until I implemented this fix from @PaulS
@alzhao as it doesn’t make a difference for you but does for others, can you please add it to the next release as it clearly doesn’t do any harm and could save you a lot of support queries as the Slate become more popular
Sure. Let’s add this.
As an experiment (I get blocked on some websites using ovpn), I tried adding this line:
uci set firewall.vpn_zone.mtu_fix='1’
to the startvpn script in init.d.
The VPN then failed to connect.
Why can’t it connect?
To be clear (and sorry for hijaking the thread), I tried this with OpenVPN and not Wireguard.
I have no idea but the VPN button just stays at connect. I presume it’s because the
uci set firewall.vpn_zone.mtu_fix='1’
is an invalid command, although the log didn’t show anything.
+1 on adding this! I just spent 2 hours trying to get a wireguard client working on my Slate - adding this immediately solved my problem!!
Agree it. Will add enable it by default.
Hi, is this fix live now for the client?
Yup, have added this for both client and server.
Dear Kyson-lok,
I am using Wireguard as a server on MT300N V2 and clients on Android phone, MT300A and AR-750S. Which firmware(s) should I be using to benefit from this fix ?
Thanks,
Pseudonoise
Will be available in next release.
Thanks Kyson-lok will that be a production release or testing ? What release number should I look out for ?
Thanks
Pseudonoise