MTU configuration - Githubissues

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.

https://netbird.io

BSD 3-Clause "New" or "Revised" License

11.3k stars 518 forks source link

MTU configuration #743

Open n0k0m3 opened 1 year ago

n0k0m3 commented 1 year ago

Is your feature request related to a problem? Please describe. I want to be able to change MTU (similar to vanilla Wireguard or Netmaker), either through local configuration or management UI

Describe the solution you'd like Expose MTU configuration to /etc/netbird/config.json or management UI, and config will either be loaded with -c or update when up is called

Describe alternatives you've considered None, as NetBird doesn't expose MTU configuration to client

Additional context None

ThHirsch commented 8 months ago

I am looking for a solution/fix as well. We were not able to get Netbird working on secure connections (https, ssh, ...) after (initial) successfull handshake with the servicec to the target client, if the source client is in a networt where the router is connected to a DOCIS3.1 cable modem (it seems it adds/needs additional encapsulation then). Especially if the connection is then going to send the data in bigger packets, which then get fragmented because of the MTU and breaking the secure connection checks then. (at typical MTU Problem?!). Fiddling with the MTU on other levels of the connection did not help - so it seems Netbirds client MTU must be configurable. BTW - I am on MAC OSX 14.2.1 So please consider to include this in the published client, as I am not a delvelooer and I am not able to compile own client with the fixes/patches that seem to be provided by others.

Nexulo commented 7 months ago

@ThHirsch have you found a workaround to fix this problem? It seems that i have the same problem as you, a network of mine is also connected to the internet via a DOCIS3.1 cable modem.

I think this is why all pings between the networks work without problems (from A to B and B to A), but I can only access all WebUIs and SSH servers in one way. So from network B to A everything works fine, but from network A to B I can only ping all clients in the remote network and nothing more (no WebUI access and no SSH connections of/to clients in Network B).

ThHirsch commented 7 months ago

@maisen20 : No, we ended up in configuring the (lower) MTU on the (WLAN-)Network-Card in the OS (MacOSX in my case). It seems, if it is configured there, Wireguard/Netbird will 'magically' honor this then (or at least adapt to it). Hopt this helps for your situation.

alexcupertme commented 2 months ago

Is there any updates on this problem? We also have troubles with inability to change MTU while connecting hosts with SSH

ThHirsch commented 1 week ago

As this is still bugging me in our environments, I am keen to see this pcked up and solved. Especially, as OpenDUT seemed to have contributed some proposals and even code for a solution? Is there any progres? Is it on any roadmap? Sorry - as I am not a developer, I just can't help in making it happen other than by beeing sitcky... ;-)