So, I have a VPS running on Amazon Lightsail and I installed wireguard on it; I setup an interface this way:
[Interface]
Address = 10.255.128.1/24
MTU = 1420
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = ********************************************
Then something very weird happened: I bring the iface UP and run sudo ip addr, then I get this output
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8921 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.255.128.1/24 scope global wg0
valid_lft forever preferred_lft forever
The weird thing? Look at the mtu 8921
Then I go to the conf file, and for my surprise, the value I set for mtu is being overwritten with 8921.
sudo systemctl status [email protected] gives this output:
Nov 18 16:04:08 ip-172-26-0-77 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Nov 18 16:04:08 ip-172-26-0-77 wg-quick[583]: [#] ip link add wg0 type wireguard
Nov 18 16:04:09 ip-172-26-0-77 wg-quick[583]: [#] wg setconf wg0 /dev/fd/63
Nov 18 16:04:09 ip-172-26-0-77 wg-quick[583]: [#] ip -4 address add 10.255.128.1/24 dev wg0
Nov 18 16:04:09 ip-172-26-0-77 wg-quick[583]: [#] ip link set mtu 8921 up dev wg0
Nov 18 16:04:09 ip-172-26-0-77 wg-quick[583]: [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING >
Nov 18 16:04:09 ip-172-26-0-77 systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
What's going on here?