can you post your test method please ?
I want to give it a try here.
Thanks in advanced.
- add iptable_nat to /etc/modules-load-d/iptable_nat.conf
- modprobe iptable_nat
- lsmod | grep iptable_nat
- install wg-easy module via software center
- add āMTU = 1420ā to /etc/wireguard/wg0.conf (default of wireguard)
ā testing commands
ip a show wg0 to show values of the wg0 adapter
ip link set dev wg0 mtu 1500 to set the various MTU values to test
ip -4 route show table all to look at all the routes (IPv4)
----> speedtest
With this I tried setting various MTU values with ip link set and the wg0 config file. Using Mac, Android WG clients and this device with build in WG client.
HTH
Maybe i misunderstood something hereā¦ 
Isnāt wg0 the wireguard device from Nethserver default installation ?
If i do wg show the output is:
interface: wg0
public key: xyz
private key: (hidden)
listening port: 55820
My downloaded config from wg-easy shows a peer port of 51820.
I thought the wg-easy āmoduleā is somewhat of a container (even if itās not shown with podman ps -a)?
If so, changing the MTU in /etc/wireguard/wg0.conf would do nothing, because this is not the interface for wg-easy connections.
My guess, changing the MTU for wg-easy has something to do with:
I might be wrong, iām still learningā¦
1 Like
You could be completely correctā¦
/home/wg-easy1/.local/share/containers/storage/volumes/wg-easy-app/_data/wg0.conf
But it says ādo not edit manuallyāā¦ All above my paygrade.
Iām going to provide a release to allow changing server MTU and client MTU from the UIā¦
The server MTU currently is set in ../systemd/user/wg-easy.service by
--network=slirp4netns:mtu=1420
The client MTU is set in WG_MTU env variable.
1 Like
Took a while for me, but it is explained here:
Rocky has no nano installed by default.
Either install nano or use vi.
1.runagent -m wg-easy1 vi environment
2. add WG_MTU=1420 (or your value) at the end and save the file.
3.exit
4.runagent -m wg-easy1 systemctl --user restart wg-easy
thatās it for the client MTU.
2 Likes
WG_MTU sets the client MTU, see also GitHub - wg-easy/wg-easy: The easiest way to run WireGuard VPN + Web-based Admin UI.
1 Like
Sorry, changed.
1 Like
A new release should be available in Software Center, now we have more options to test like Allowed IPs, DNS and MTU.
The server MTU sets the tap interface MTU which is used for traffic between container and host/network.
I donāt know if itās really needed but to set the wg0 MTU in the container:
runagent -m wg-easy1 podman exec wg-easy-app ip link set dev wg0 mtu 1300
Check wg0 MTU:
runagent -m wg-easy1 podman exec wg-easy-app ip a s wg0
2 Likes
I have an issue after filling in the advanced settings with both MTU settings set to 1420 or 1500
2024-05-16T00:02:29+02:00 [1:wg-easy1:agent@wg-easy1] dump_env() is deprecated and implemented as a no-op
2024-05-16T00:02:30+02:00 [1:wg-easy1:agent@wg-easy1] task/module/wg-easy1/1743f6df-cf51-47b4-974e-1681fb76a0db: configure-module/80start_services is starting
2024-05-16T00:02:30+02:00 [1:wg-easy1:systemd] Reloading.
2024-05-16T00:02:30+02:00 [1:wg-easy1:systemd] Stopping Podman wg-easy-app.serviceā¦
2024-05-16T00:02:31+02:00 [1:wg-easy1:wg-easy-app] SIGTERM signal received.
2024-05-16T00:02:31+02:00 [1:wg-easy1:wg-easy-app] $ wg-quick down wg0
2024-05-16T00:02:31+02:00 [1:wg-easy1:wg-easy1] 2d072413ec725e8486397a6b70e47306a0e29c956ac008b827bc85dcdbe545ab
2024-05-16T00:02:31+02:00 [1:wg-easy1:wg-easy1] 2d072413ec725e8486397a6b70e47306a0e29c956ac008b827bc85dcdbe545ab
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] Stopped Podman wg-easy-app.service.
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] wg-easy-app.service: Consumed 1.117s CPU time.
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] Stopping Podman wg-easy.serviceā¦
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] Removed slice cgroup user-libpod_pod_cc2e64fad24252a8d77cbc75aeb49bbb698f66eadccf522ed3a4b7e52839e52b.slice.
2024-05-16T00:02:31+02:00 [1:wg-easy1:podman] cc2e64fad24252a8d77cbc75aeb49bbb698f66eadccf522ed3a4b7e52839e52b
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] user-libpod_pod_cc2e64fad24252a8d77cbc75aeb49bbb698f66eadccf522ed3a4b7e52839e52b.slice: Failed to open /run/user/1048/systemd/transient/user-libpod_pod_cc2e64fad24252a8d77cbc75aeb49bbb698f66eadccf522ed3a4b7e52839e52b.slice: No such file or directory
2024-05-16T00:02:31+02:00 [1:wg-easy1:podman] Error: removing pod cc2e64fad24252a8d77cbc75aeb49bbb698f66eadccf522ed3a4b7e52839e52b cgroup: removing pod cc2e64fad24252a8d77cbc75aeb49bbb698f66eadccf522ed3a4b7e52839e52b cgroup: Unit user-libpod_pod_cc2e64fad24252a8d77cbc75aeb49bbb698f66eadccf522ed3a4b7e52839e52b.slice not loaded.
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] wg-easy.service: Control process exited, code=exited, status=125/n/a
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] wg-easy.service: Failed with result āexit-codeā.
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] Stopped Podman wg-easy.service.
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] Starting Podman wg-easy.serviceā¦
2024-05-16T00:02:31+02:00 [1:wg-easy1:systemd] Created slice cgroup user-libpod_pod_b6d72fa68fdfd18e2df7746b4410c97a9ae447acc97328d821b1d968f313fc29.slice.
2024-05-16T00:02:31+02:00 [1:wg-easy1:podman] b6d72fa68fdfd18e2df7746b4410c97a9ae447acc97328d821b1d968f313fc29
2024-05-16T00:02:32+02:00 [1:wg-easy1:systemd] Started libcrun container.
2024-05-16T00:02:32+02:00 [1:wg-easy1:podman] b6d72fa68fdfd18e2df7746b4410c97a9ae447acc97328d821b1d968f313fc29
2024-05-16T00:02:32+02:00 [1:wg-easy1:systemd] Started Podman wg-easy.service.
2024-05-16T00:02:32+02:00 [1:wg-easy1:agent@wg-easy1] task/module/wg-easy1/1743f6df-cf51-47b4-974e-1681fb76a0db: action āconfigure-moduleā status is ācompletedā (0) at step 80start_services
2024-05-16T00:02:32+02:00 [1:wg-easy1:systemd] Starting Podman wg-easy-app.serviceā¦
2024-05-16T00:02:32+02:00 [1:wg-easy1:agent@wg-easy1] task/module/wg-easy1/f29f8590-8043-45a5-9cd9-4c966134e28e: get-configuration/20read is starting
2024-05-16T00:02:32+02:00 [1:wg-easy1:systemd] Started libcrun container.
2024-05-16T00:02:32+02:00 [1:wg-easy1:wg-easy1] 00b665b37ce70223faf6a980a159fbe11cb0338f6bb727880de71e37eea9018a
2024-05-16T00:02:32+02:00 [1:wg-easy1:systemd] Started Podman wg-easy-app.service.
2024-05-16T00:02:33+02:00 [1:wg-easy1:agent@wg-easy1] task/module/wg-easy1/f29f8590-8043-45a5-9cd9-4c966134e28e: action āget-configurationā status is ācompletedā (0) at step validate-output.json
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] 2024-05-15T22:02:33.157Z Server Listening on http://0.0.0.0:51821
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] 2024-05-15T22:02:33.165Z WireGuard Loading configurationā¦
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] 2024-05-15T22:02:33.168Z WireGuard Configuration loaded.
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] 2024-05-15T22:02:33.168Z WireGuard Config savingā¦
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] 2024-05-15T22:02:33.172Z WireGuard Config saved.
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] $ wg-quick down wg0
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] $ wg-quick up wg0
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] $ wg syncconf wg0 <(wg-quick strip wg0)
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] 2024-05-15T22:02:33.251Z WireGuard Config syncingā¦
2024-05-16T00:02:33+02:00 [1:wg-easy1:wg-easy-app] 2024-05-15T22:02:33.273Z WireGuard Config synced.
-
The Admin password is in plain text in the config page
-
The VPN with advanced settings set does not come up.
Maybe my bad, letās see things by daylight. Thanks @mrmarkuz !
1 Like
Usually this means the server is ready.
Thanks, Iāll change it in the next release.
When client settings are changed, the client needs to get a new configuration manually (QR code or download).
1 Like
I did a fresh install of nethserver 8 on Rocky Linux 9.4.
Before installing wg-easy, i run modprobe iptable_nat at the shell.
Also at the shell, i created a file /etc/modules-load.d/iptable_nat.conf with content iptable_nat to survive a reboot.
Installed and configured wg-easy, did not change any advanced settings.
Connected a client.
Works like a charm, even after reboot 
.
Thank you very much @mrmarkuz 
Speedtest is using nearly full bandwidth here.
One question though:
Iām able to ping the nethserver āwg-easyā IP 10.8.0.1 from the client 10.8.0.2.
But iām not able to open the cluster-admin gui by using https://10.8.0.1/cluster-admin.
I can however, open the cluster-admin by using https://10.5.4.1/cluster-admin.
The ip 10.5.4.1 is the ādefaultā one installed with nethserver (wg0, /etc/wireguard/wg0.conf).
Do you have an idea why i canāt use 10.8.0.1 ?
Again, great job !!!
2 Likes
Are you using bare metal or a VM?
The nethserver is a VPS server.
Again thanks for testing, I really appreciate it.
Because itās the ip address of the wireguard interface inside the container. The 10.8.0.0/24 wg network is in our case of running wg in a rootless container just used to redirect traffic to the ns8 host.
Can I ask from which specific provider pls?
understood.
1 Like
JFYI I am using contabo Cloud VPS 2
Ethernet details:
None 00.0: 10701 Ethernet
[Created at net.126]
Unique ID: usDW.ndpeucax6V1
Parent ID: X6Gg.VIRhsc57kTD
SysFS ID: /class/net/eth0
SysFS Device Link: /devices/pci0000:00/0000:00:12.0/virtio2
Hardware Class: network interface
Model: āEthernet network interfaceā
Driver: āvirtio_netā
Driver Modules: āvirtio_netā
Device File: eth0
HW Address: 00:50:56:48:2b:e6
Permanent HW Address: 00:50:56:48:2b:e6
Link detected: yes
Config Status: cfg=new, avail=yes, need=no, active=unknown
Attached to: #26 (Ethernet controller)
@mrmarkuz JFYI:
Once the advanced settings have been used/filled out, one can no longer clear them (back to defaults). When you clear all values and save, it leads to an error. If I fill out the advanced settings manually with the default setting (except for DNS 1.1.1.1 I changed to 8.8.8.8, and I believe 8.8.8.8, 8.8.4.4 will work too)
HTH
HTH
1 Like