From eb49174f7b3e4222e69a21ee9a1cb59f84b73c8d Mon Sep 17 00:00:00 2001 From: digital Date: Wed, 31 Aug 2022 22:22:40 +0200 Subject: [PATCH] nixos/wireguard: add option to set mtu Some networks can only transfer packets with a lower than normal maximum transfer unit size. In these cases, it is necessary to set a MTU that works for the given upstream network. --- nixos/modules/services/networking/wireguard.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 8cc4fa9faf3612f..6a5d7c6b0410328 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -151,6 +151,19 @@ let differently. ''; }; + + mtu = mkOption { + default = null; + type = with types; nullOr int; + example = 1280; + description = lib.mdDoc '' + Set the maximum transmission unit in bytes for the wireguard + interface. Beware that the wireguard packets have a header that may + add up to 80 bytes to the mtu. By default, the MTU is (1500 - 80) = + 1420. However, if the MTU of the upstream network is lower, the MTU + of the wireguard network has to be adjusted as well. + ''; + }; }; }; @@ -412,6 +425,7 @@ let ${ipPreMove} link add dev "${name}" type wireguard ${optionalString (values.interfaceNamespace != null && values.interfaceNamespace != values.socketNamespace) ''${ipPreMove} link set "${name}" netns "${ns}"''} + ${optionalString (values.mtu != null) ''${ipPreMove} link set "${name}" mtu ${toString values.mtu}''} ${concatMapStringsSep "\n" (ip: ''${ipPostMove} address add "${ip}" dev "${name}"''