search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.21k stars 517 forks source link

Ability to set Wireguard interface MTU for Endpoints #2347

Open TimTheOverlord opened 3 months ago

TimTheOverlord commented 3 months ago

Is your feature request related to a problem? Please describe. Preface: This is a home lab setup that I'm using for learning and experimentation.

This could be classified as a bug, but I have issues with certain networked applications and software when trying to connect to services out on the internet that are reliant on standard MTU sizes (1420 or 1500) and while using Netbird. The chief example of this is when I am trying to match make in video games and am unable to connect to multiplayer services. This doesn't happen for everything, for example, I have no issues when trying to use Discord, Git, or streaming media such as Youtube or Spotify. This specifically is an issue for joining a Steam friend's hosted game of Stardew Valley and other games using Steam's matchmaking services. My Wireguard interfaces for my local peer (my desktop) and the Netbird exit node have an MTU set at 1280. When trying to join the game, it fails to connect, even though the Steam friends list populates and all other Steam functions behave as expected. When the MTU is set on both the exit node and the local peer to something more standard, like 1500, the game suddenly connects without issue and all other functionality remains as well.

Describe the solution you'd like I would like a way in the Netbird Peers web interface to be able to set the MTU for the wireguard interfaces of client devices/endpoints, either as the admin of the whole VPN service, or as the device owner (e.g. the SSO account signed into a device and the web portal).

Describe alternatives you've considered I have proven that changing the MTU on both the local peer and the Netbird exit node to a standard 1500 alleviates my issue, but it resets the interface on each host every time that host either disconnects and reconnects to the Netbird management host. I suppose I could manually set the MTU every single time, but I'd prefer a one and done setting option in the web portal.

Additional context

TCPDump of packets fragmenting during matchmaking:

03:25:09.247827 IP exit.mydomain.com > 146-66-155-72.valve.net: udp
03:25:09.254269 IP 155.133.244.51.27029 > exit.mydomain.com.49306: UDP, length 1300
03:25:09.254311 IP exit.mydomain.com > 155.133.244.51: ICMP exit.mydomain.com unreachable - need to frag (mtu 1280), length 556
03:25:09.260874 IP 162-254-193-98.valve.net.27049 > exit.mydomain.com.37987: UDP, length 1300
03:25:09.260916 IP exit.mydomain.com > 162-254-193-98.valve.net: ICMP exit.mydomain.com unreachable - need to frag (mtu 1280), length 556

MTU set for the wt0 interface: sudo ip link set dev wt0 mtu 1500

Apologies for not doing better to collect evidence in support of my feature request. Please comment if additional log or configuration information is needed to determine the value of this request.

alexcupertme commented 1 month ago

Agreed +1 Inability to change MTU breaks SSH and detects netbird as VPN on websites (can't bypass regional restrictions), when using exit node