diff --git a/roles/01-vpn-router-config/templates/edgerouter.conf.j2 b/roles/01-vpn-router-config/templates/edgerouter.conf.j2 index cc0f367..4e3f882 100644 --- a/roles/01-vpn-router-config/templates/edgerouter.conf.j2 +++ b/roles/01-vpn-router-config/templates/edgerouter.conf.j2 @@ -35,9 +35,9 @@ set firewall name WAN_LOCAL rule 20 description WireGuard set firewall name WAN_LOCAL rule 20 destination port 51821 set firewall name WAN_LOCAL rule 20 protocol udp set firewall options mss-clamp interface-type all -set firewall options mss-clamp mss 1350 +set firewall options mss-clamp mss 1328 set firewall options mss-clamp6 interface-type all -set firewall options mss-clamp6 mss 1350 +set firewall options mss-clamp6 mss 1328 set firewall receive-redirects disable set firewall send-redirects enable set firewall source-validation disable @@ -67,7 +67,7 @@ set interfaces switch switch0 firewall in ipv6-modify LAN_to_VPN_V6 set interfaces switch switch0 firewall in modify LAN_to_VPN set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1 set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64 -set interfaces switch switch0 ipv6 router-advert link-mtu 0 +set interfaces switch switch0 ipv6 router-advert link-mtu 1328 set interfaces switch switch0 ipv6 router-advert managed-flag true set interfaces switch switch0 ipv6 router-advert max-interval 600 set interfaces switch switch0 ipv6 router-advert name-server '2606:4700:4700::1111' @@ -86,7 +86,7 @@ set interfaces switch switch0 switch-port interface eth4 set interfaces switch switch0 switch-port vlan-aware disable set interfaces wireguard wg0 address {{ wireguard_address }} set interfaces wireguard wg0 listen-port 51822 -set interfaces wireguard wg0 mtu 1355 +set interfaces wireguard wg0 mtu 1328 set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips 0.0.0.0/0 set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips '::0/0' set interfaces wireguard wg0 peer {{ wireguard_public }} endpoint 'vpn01.fftdf.de:42001'