On 2025-12-17, Stéphane Guedon <[email protected]> wrote: > This is a multi-part message in MIME format. > --------------T09rgncy60gERzj3vsDVRYGQ > Content-Type: text/plain; charset=UTF-8; format=flowed > Content-Transfer-Encoding: 7bit > > I have setup a wg tunnel between a cloud server VM (dina) and my home > network (mirror is my main router). Both run the last release of OpenBSD. > > Globally, it works fine. I have notably syslog messages in that tunnel. > > But trying to ssh into the vm is holding, I have no clue why :
mtu blackhole. the endpoints are at default (1500), but the tunnel is 1420. that's ok when the tunnel is directly on the endpoints as then they know not to use larger packets over it, but if it's done via a router then you often need to fiddle with packets to get this to work nicely. try this: match on wg0 inet proto tcp scrub (max-mss 1380) match on wg0 inet6 proto tcp scrub (max-mss 1360) -- Please keep replies on the mailing list.
