#!/bin/bash # VPN Path MTU Discovery Script # Tests various packet sizes to find the maximum working MTU # Usage: ./scripts/test-mtu.sh [WG_INTERFACE] set -e VPN_SERVER_IP="${1:-}" WG_INTERFACE="${2:-wg0}" if [ -z "$VPN_SERVER_IP" ]; then echo "Usage: $0 [WG_INTERFACE]" echo "Example: $0 203.0.113.5 wg0" exit 1 fi echo "==============================================" echo "VPN Path MTU Discovery" echo "Target: $VPN_SERVER_IP" echo "WG Interface: $WG_INTERFACE" echo "==============================================" echo "" # Test from largest to smallest SIZES=(1472 1450 1400 1350 1300 1250 1200 1150 1100 1050 1000 900 800) WORKING_MTU=0 FAILED_MTU=1500 echo "Testing packet sizes (ICMP header = 28 bytes):" echo "" for size in "${SIZES[@]}"; do echo -n "Testing ${size} bytes (MTU $((size + 28)))... " if ping -c 2 -M do -s "$size" "$VPN_SERVER_IP" >/dev/null 2>&1; then echo "✓ OK" WORKING_MTU=$((size + 28)) else echo "✗ FAIL" if [ $FAILED_MTU -eq 1500 ]; then FAILED_MTU=$((size + 28)) fi fi done echo "" echo "==============================================" echo "Results:" echo "==============================================" if [ $WORKING_MTU -gt 0 ]; then echo "✓ Maximum working MTU: $WORKING_MTU" echo "" echo "Recommended WireGuard MTU:" echo " Conservative: 1280" echo " Recommended: 1300" echo " Aggressive: $((WORKING_MTU - 80))" echo "" echo "PostUp command:" echo " PostUp = ip link set dev $WG_INTERFACE mtu 1300" else echo "✗ No working MTU found!" echo "Check:" echo " 1. VPN server is reachable" echo " 2. ICMP is not blocked" echo " 3. Firewall allows ping" fi echo "=============================================="