Skip to content

Instantly share code, notes, and snippets.

@ajin

ajin/1-set-wireguard-mss.sh

Last active June 3, 2024 09:04
Show Gist options
  • Save ajin/394dd05745d8cdef0cd75c356c3ab687 to your computer and use it in GitHub Desktop.
Save ajin/394dd05745d8cdef0cd75c356c3ab687 to your computer and use it in GitHub Desktop.
Download ZIP
Fix TCP MSS Issues on Unifi with Wireguard VPN Client Using an On-Boot Script
Raw
1-set-wireguard-mss.sh
#!/bin/bash
IF_MSS=$(sudo iptables -t mangle -L UBIOS_FORWARD_TCPMSS | grep PMTU | wc -l)
if [[ $IF_MSS == 0 ]]; then
sudo iptables -t mangle -A UBIOS_FORWARD_TCPMSS -o wgclt+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
sudo iptables -t mangle -A UBIOS_FORWARD_TCPMSS -i wgclt+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
sudo iptables -t mangle -A UBIOS_OUTPUT_TCPMSS -o wgclt+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
fi
Raw
README.md

Fix for TCP MSS Issues with Wireguard VPN Client on Unifi

When using the Wireguard VPN client on Unifi devices, users often encounter problems with TCP connections. These issues can include degraded performance, frequent connection drops, and packet loss. You will notice this issue when you are trying to load some website or streaming a videos. The root cause of these problems is typically related to the Maximum Segment Size (MSS) of TCP packets.

This issue has been discussed in detail on the Unifi community forum.

Steps to Fix TCP MSS Issues on Unifi with Wireguard VPN Client Using an On-Boot Script

These steps will ensure that iptables rules is applied to fix TCP MSS issues automatically at boot and periodically by the cron job (every minute). Kudos to @Arrange6704 and @sgoneil for detailing the steps on the Unifi forum.

  1. Connect to your Unifi device using SSH as root:

    • Open a terminal and connect to your Unifi device: 
      ssh root@<IP_ADDRESS>
    • Replace <IP_ADDRESS> with the IP address of your Unifi device.

  2. Install on-boot-script by following this guide unifios-utilities:

    • Easy install (not recommended): 
      curl -fsL "https://raw.githubusercontent.com/unifi-utilities/unifios-utilities/HEAD/on-boot-script/remote_install.sh" | /bin/bash

  3. Navigate to the on_boot.d directory:

    cd /data/on_boot.d

  4. Download the cron-jobs on-boot example script:

    wget https://raw.githubusercontent.com/unifi-utilities/unifios-utilities/main/on-boot-script/examples/udm-files/on_boot.d/25-add-cron-jobs.sh

  5. Make the script executable:

    chmod +x 25-add-cron-jobs.sh

  6. Create the cronjobs directory and navigate to directory:

    mkdir /data/cronjobs
cd /data/cronjobs

  7. Create and edit the cron job for Wireguard MSS:

    vi /data/cronjobs/wg_mss
    • Add the content of wg_mss to the file:

  8. Create the scripts directory and navigate to directory:

    mkdir /data/scripts
cd /data/scripts

  9. Create and edit the Wireguard MSS script:

    vi /data/scripts/1-set-wireguard-mss.sh
    • Add the content of 1-set-wireguard-mss.sh to the file

  10. Make the script executable:

    chmod +x /data/scripts/1-set-wireguard-mss.sh

  11. Copy cron jobs to the system cron directory:

    cp /data/cronjobs/* /etc/cron.d/

  12. Restart the cron service:

    /etc/init.d/cron restart
Raw
wg_mss
* * * * * root /bin/bash -c '/data/scripts/1-set-wireguard-mss.sh' >> /var/log/wireguard-mss.log 2>&1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment