Wireguard MTU was not auto detect when server or client is using PPPoE connection, in this guide, we going to learn how much MTU need to set for PPPoE users.
By default, Ethernet MTU is 1500 bytes,
Wireguard add another 40 bytes + 20 bytes (IPv4) or 40 bytes (IPv6):
Connect via IPv4:
1440 = 1500 - 40 - 20
Connect via IPv6:
1420 = 1500 - 40 - 40So, Wireguard use 1420 bytes MTU size (dual-stack IPv6), problem when Wireguard over PPPoE cause more problem and slow down due to fragmentation.
PPPoE Overhead
PPPoE add another 8 bytes or 20 bytes depending on ISP setup, plus most PPPoE user have IPv4 and IPv6 native (Dual-Stack) and using 1480 as PPPoE MTU , if your peer using mix of IPv4 and IPv6, this mean, you need recount Wireguard MTU to achieve maximum performance:
WG MTU = Ethernet MTU - PPPoE overhead - IPv4 or IPv6 header - WG overheadMTU: 1492
1412 = 1500 - 8 - 40 - 40MTU: 1480
1400 = 1500 - 20 - 40 - 40Example Math
| WG MTU | Eth MTU | PPPoE | IPv4 Overhead | WG Overhead |
|---|---|---|---|---|
| 1440 | 1500 | 0 (IPoE/DHCP) | 20 | 40 |
| 1432 | 1500 | 8 (1492) | 20 | 40 |
| 1428 | 1500 | 12 (1488) | 20 | 40 |
| 1420 | 1500 | 20 (1480) | 20 | 40 |
Example above, connect to your Wireguard via IPv4 over PPPoE with MTU of 1480, thus set your Mikrotik Wireguard MTU to 1420
Conclusion
If your peer or server using PPPoE, adjust your Wireguard MTU accordingly,
When your PPPoE using 1492 MTU, you need set Wireguard MTU value to 1412
When your PPPoE using 1480 MTU, you need set Wireguard MTU value to 1400
Add MTU value at your Wireguard interface config:
[Interface]
PrivateKey = <priv key>
Address = 10.0.2.2/24
MTU = 1400Also in your Mikrotik
If your Wiregurad is routable between subnet (No NAT) you need do some Firewall Mangle
