Using PMTU for WireGuard in case it is needed

[sedlund]

I'm running this on a RPi as a WiFi AP/router. As WG is configured with this software, mtu is not set and I cannot connect to https://duckduckgo.com for example from my wifi clients routing through the Pi. Also other connection issues uploading files will timeout midway through and other fun things.

In /etc/wireguard/pia.conf

I've had to add in the Interface generation section in connect_to_wireguard_with_token.sh

MTU = 1420
PostUp = iptables -t mangle -A FORWARD -p tcp -o pia -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
PostDown = iptables -t mangle -D FORWARD -p tcp -o pia -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 

I'm not sure if the FORWARD chain is the right spot for this, but it solves my connection problem.

[g00nix]

These scripts use wg-quick, which takes MTU from the interface, not from the path. The code can be found here. If any changes are required to the algorithm that determines the best MTU for each connections, those changes should reported and handled as part of the to the official WireGuard repository. This is because the WireGuard scripts were optimized to satisfy the requirements of most users and changing the default behavior of wg-quick can cause a lot of bugs, which are better analyzed and handled by a wider community (in this case, all the WireGuard users, and not only users of this specific repo).

What we can do is improve the README with advice for users that are experiencing issues with MTU. Any PR in this direction would be really appreciated.