Add WIREGUARD_MTU configuration option for customizable MTU settings

2026-04-04 06:26:20 +00:00 · 2026-03-24 14:52:24 -03:00
parent 9f563b4891
commit 018cf1380e
7 changed files with 26 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -25,6 +25,13 @@ TIMEZONE=America/Sao_Paulo
 # Example: EXTRA_ALLOWED_HOSTS=app1.example.com,app2.example.com:8443,app3.example.com
 #EXTRA_ALLOWED_HOSTS=app1.example.com,app2.example.com:8443,app3.example.com

+# Set a custom MTU for WireGuard interfaces (server and client configs).
+# Only change this if you know what you are doing. The default WireGuard MTU (1420) works for most setups.
+# Must be an integer between 1280 and 9000.
+# After changing this value, re-export and re-distribute all client configuration files,
+# as mismatched MTU between server and clients can cause connectivity and performance issues.
+# WIREGUARD_MTU=1420
+
 # Allow VPN clients to access Django directly through the internal interface.
 # When enabled, users connected to the VPN can open the web interface using:
 # http://ip_or_hostname:8000
--- a/docker-compose-caddy.yml
+++ b/docker-compose-caddy.yml
@@ -14,6 +14,7 @@ services:
      - WIREGUARD_STATUS_CACHE_WEB_LOAD_PREVIOUS_COUNT=${WIREGUARD_STATUS_CACHE_WEB_LOAD_PREVIOUS_COUNT}
      - WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL}
      - VPN_CLIENTS_CAN_ACCESS_DJANGO=${VPN_CLIENTS_CAN_ACCESS_DJANGO}
+      - WIREGUARD_MTU=${WIREGUARD_MTU}
      - CADDY_ENABLED=true
    volumes:
      - wireguard:/etc/wireguard
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -16,6 +16,7 @@ services:
      - WIREGUARD_STATUS_CACHE_WEB_LOAD_PREVIOUS_COUNT=${WIREGUARD_STATUS_CACHE_WEB_LOAD_PREVIOUS_COUNT}
      - WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL}
      - VPN_CLIENTS_CAN_ACCESS_DJANGO=${VPN_CLIENTS_CAN_ACCESS_DJANGO}
+      - WIREGUARD_MTU=${WIREGUARD_MTU}
      - CADDY_ENABLED=true
    volumes:
      - wireguard:/etc/wireguard
--- a/docker-compose-no-caddy.yml
+++ b/docker-compose-no-caddy.yml
@@ -14,6 +14,7 @@ services:
      - WIREGUARD_STATUS_CACHE_WEB_LOAD_PREVIOUS_COUNT=${WIREGUARD_STATUS_CACHE_WEB_LOAD_PREVIOUS_COUNT}
      - WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL}
      - VPN_CLIENTS_CAN_ACCESS_DJANGO=${VPN_CLIENTS_CAN_ACCESS_DJANGO}
+      - WIREGUARD_MTU=${WIREGUARD_MTU}
    volumes:
      - wireguard:/etc/wireguard
      - static_volume:/app_static_files/
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -73,6 +73,15 @@ if [ -n "${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL:-}" ]; then
    esac
 fi

+if [ -n "${WIREGUARD_MTU:-}" ]; then
+    if [[ "${WIREGUARD_MTU}" =~ ^[0-9]+$ ]] && [ "${WIREGUARD_MTU}" -ge 1280 ] && [ "${WIREGUARD_MTU}" -le 9000 ]; then
+        echo "WIREGUARD_MTU = ${WIREGUARD_MTU}" >> /app/wireguard_webadmin/production_settings.py
+    else
+        echo "Error: Invalid WIREGUARD_MTU value: ${WIREGUARD_MTU}. Must be an integer between 1280 and 9000."
+        exit 1
+    fi
+fi
+
 if [[ "${DEV_MODE,,}" != "true" ]]; then
    sed -i "/^    path('admin\/', admin.site.urls),/s/^    /    # /" /app/wireguard_webadmin/urls.py
 fi
--- a/wireguard_tools/views.py
+++ b/wireguard_tools/views.py
@@ -6,6 +6,7 @@ import subprocess
 from io import BytesIO

 import qrcode
+from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
 from django.db.models import Prefetch
@@ -53,6 +54,7 @@ def generate_peer_config(peer_uuid, server_address=None):
        f"PrivateKey = {peer.private_key}",
        f"Address = {client_address}",
        f"DNS = {dns_line}" if dns_line else "",
+        f"MTU = {settings.WIREGUARD_MTU}" if settings.WIREGUARD_MTU else "",
        "\n[Peer]",
        f"PublicKey = {wg_instance.public_key}",
        f"Endpoint = {endpoint}",
@@ -174,6 +176,9 @@ def export_wireguard_configuration(instance_only: WireGuardInstance = None):
            f"ListenPort = {instance.listen_port}",
        ]

+        if settings.WIREGUARD_MTU:
+            config_lines.append(f"MTU = {settings.WIREGUARD_MTU}")
+
        if post_up_processed:
            config_lines.append(f"PostUp = {post_up_processed}")
        if post_down_processed:
--- a/wireguard_webadmin/settings.py
+++ b/wireguard_webadmin/settings.py
@@ -181,4 +181,6 @@ CLUSTER_WORKER_MINIMUM_VERSION = 11

 CADDY_ENABLED = os.getenv("CADDY_ENABLED", "false").lower() == "true"

+WIREGUARD_MTU = None
+
 from wireguard_webadmin.production_settings import *