cli: set MTU in wg-quick conf

cli/cmd/constants.go

@@ -1,13 +1,17 @@
 package cmd
 
-// wireguardKeyLength is the length of a WireGuard key in byte.
+const (
-const wireguardKeyLength = 32
+	// wireguardAdminMTU is the MTU designated for the admin's WireGuard interface.
+	//
+	// WireGuard doesn't support Path MTU Discovery. Thus, its default MTU can be too high on some networks.
+	wireguardAdminMTU = 1300
 
-// masterSecretLengthDefault is the default length in bytes for CLI generated master secrets.
+	// masterSecretLengthDefault is the default length in bytes for CLI generated master secrets.
-const masterSecretLengthDefault = 32
+	masterSecretLengthDefault = 32
 
-// masterSecretLengthMin is the minimal length in bytes for user provided master secrets.
+	// masterSecretLengthMin is the minimal length in bytes for user provided master secrets.
-const masterSecretLengthMin = 16
+	masterSecretLengthMin = 16
 
-// constellationNameLength is the maximum length of a Constellation's name.
+	// constellationNameLength is the maximum length of a Constellation's name.
-const constellationNameLength = 37
+	constellationNameLength = 37
+)

cli/cmd/init.go

@@ -217,7 +217,7 @@ func (r activationResult) writeWGQuickFile(fileHandler file.Handler, config *con
 	if err != nil {
 		return fmt.Errorf("create wg config: %w", err)
 	}
-	data, err := vpn.NewWGQuickConfig(wgConf, r.clientVpnIP)
+	data, err := vpn.NewWGQuickConfig(wgConf, r.clientVpnIP, wireguardAdminMTU)
 	if err != nil {
 		return fmt.Errorf("create wg-quick config: %w", err)
 	}

cli/cmd/init_test.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"encoding/base64"
 	"errors"
+	"fmt"
 	"strconv"
 	"strings"
 	"testing"
@@ -728,7 +729,7 @@ func TestWriteWGQuickFile(t *testing.T) {
 				assert.NoError(err)
 				file, err := tc.fileHandler.Read(*tc.config.WGQuickConfigPath)
 				assert.NoError(err)
-				assert.NotEmpty(file)
+				assert.Contains(string(file), fmt.Sprint("MTU = ", wireguardAdminMTU))
 			}
 		})
 	}

cli/vpn/vpn.go

@@ -148,7 +148,7 @@ func NewConfig(coordinatorPubKey, coordinatorPubIP, clientPrivKey string) (wgtyp
 }
 
 // NewWGQuickConfig create a new WireGuard wg-quick configuration file and mashals it to bytes.
-func NewWGQuickConfig(config wgtypes.Config, clientVPNIP string) ([]byte, error) {
+func NewWGQuickConfig(config wgtypes.Config, clientVPNIP string, mtu int) ([]byte, error) {
 	clientIP := net.ParseIP(clientVPNIP)
 	if clientIP == nil {
 		return nil, fmt.Errorf("invalid client vpn ip '%s'", clientVPNIP)
@@ -156,6 +156,7 @@ func NewWGQuickConfig(config wgtypes.Config, clientVPNIP string) ([]byte, error)
 	quickfile := wgquick.Config{
 		Config:  config,
 		Address: []net.IPNet{{IP: clientIP, Mask: []byte{255, 255, 0, 0}}},
+		MTU:     mtu,
 	}
 	data, err := quickfile.MarshalText()
 	if err != nil {

cli/vpn/vpn_test.go

@@ -192,7 +192,8 @@ func TestNewWGQuickConfig(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			assert := assert.New(t)
 
-			quickFile, err := NewWGQuickConfig(tc.config, tc.clientVPNIP)
+			const mtu = 2
+			quickFile, err := NewWGQuickConfig(tc.config, tc.clientVPNIP, mtu)
 
 			if tc.wantErr {
 				assert.Error(err)
@@ -202,6 +203,7 @@ func TestNewWGQuickConfig(t *testing.T) {
 				assert.NoError(quickConfig.UnmarshalText(quickFile))
 				assert.Equal(tc.config.PrivateKey, quickConfig.PrivateKey)
 				assert.Equal(tc.clientVPNIP, quickConfig.Address[0].IP.String())
+				assert.Equal(mtu, quickConfig.MTU)
 			}
 		})
 	}