during the setup of wireguard tunnels on my pfSense, I stumbled over the topic of MSS and how to set it correctly. There are many values and recommendations, but as far as I understand the real question is what is the actual MTU of the WAN link which depends on the type of connection (cable, PPPoE, etc.). Starting from this MTU, I should be able to calculate the optimal MSS value to be set for my LAN interfaces, right?
What I do not understand is how I can really determine my correct MTU and MSS
My setup:: Internet <-> cable modem (bridged mode) <-> pfsense WAN interface (ix1, automatically set to MTU 1500)
When I ping from pfSense via the WAN interface the MTU is 1472. Reasonable as there are 8 Bytes for the ICMP header and 20 Bytes for the IP header. With 1473 I get fragmentation.
(ping -c 1 -S WANIP -s 1472 -D google.com)
Now, when I ping via the wireguard gateway, I get the same results which I don not understand as all the headers with wireguard should be 60 Bytes.
(ping -c 1 -S WIREGUARDIP -f -l 1472 -D google.com)
I found also a way to use tcpdump in order to investigate the handshake between the ISP and modem which should reveal the correct MSS.
Using tcpdump -ni ix1 'tcp[13] == 2 or tcp[13] == 16' -vv even leaves with more questions marks as I do not really understand why I get many results with the WAN IP as destination but with different MSS values: sometimes it's "mss 1380" and sometimes "1460"
Could you please advice how I can find out about the best MSS value to use in my setup? Thx in advance
Edit: why is my question closed? I am not asking about the concept of MTU/MSS (which was given as reason to mark it as duplicate). I am asking how to find out about the real MTU of my WAN connection!
