Forcing MTU value on specific Docker (WireGuard) network interface


roqvist

Recommended Posts

I'm having TLS issues in some containers and found MTU diff to be the problem. In my case a Wireguard interface `wg0` is configured, and containers using it always gets 1500 MTU (even though I set MTU to 1420 in settings).

 

Is there a way to force a specific Docker network interface MTU?

 

Creating a `/etc/docker/daemon.json` and adding MTU there seems to affect the default bridge connection. It would be nice to target only `wg0`, if possible.

 

(As a workaround I'm currently running these containers as privileged, doing `ifconfig eth0 mtu 1420` after startup, which I'd like to avoid)

 

Thanks,

Link to comment
  • 2 weeks later...

Wondering the same thing. Currently have speed issues and my router sometimes drops the connection maxing out the port speed via VPN. Their support recommends to set my whole network to MTU 1420 which I ofc doesn't want.

 

Less knowledge about this than the OP. What different ways could you set a custom MTU to a docker container?

Is it possible to do it without without running it as privileged?

Link to comment

I'm no expert on this, but I believe the Unraid Wireguard settings translate to a `docker network create wg0 ...` somewhere. When a custom docker network is created I believe the MTU option must be passed as an option, like: `docker network create wg0 ... -o com.docker.network.driver.mtu=1420` (or whatever you have set in the Wireguard settings page)

 

I'm guessing the existing MTU field currently only sets the `--mtu` option, and this only affects the default bridge network - not custom networks.

 

This can be verified by checking what options the bridge gets, by running this command: `docker network inspect bridge`. This has `com.docker.network.driver.mtu` to the value you input in the Unraid settings.

 

Now compare with the custom network (`wg0` in my case), which doesn't have any options at all: `docker network inspect wg0`

 

I have not found a way to modify the MTU value after the network has been created, so I think the only work around right now is to adjust MTU from within the containers. This is not ideal since the `ifconfig` command (or similar) must exist in the container, and it must also run as privileged.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.