feat(ns-plug): add MTU test and configurable MTU field #1310
Description
Brief description
Currently, users experience connectivity issues due to incorrect MTU settings between NethSecurity firewalls and controllers, especially in low-quality network environments. Workarounds like manually setting MTU on the tunnel or using ifconfig are not persistent after VPN reconnections, and troubleshooting is difficult without clear visibility into MTU-related problems.
Proposed solution
- Integrate an MTU test into the ns-plug client so logs immediately highlight MTU issues, allowing easier diagnosis with a simple grep.
- Add a configurable MTU field to ns-plug's configuration, making MTU adjustments persistent and manageable by users directly from configuration—no manual intervention needed after VPN reconnects.
Alternative solutions
- Only expose MTU setting on either the controller or firewall (less flexible, may not resolve all scenarios).
- Use OpenVPN options (
--tun-mtu,--fragment,--mssfix) for more dynamic adaptation, but requires additional patching and environment variable support in the VPN container/module.
Additional context
- Reference implementation ideas from
nethsecurity/packages/ns-plug/files/ns-plug
Lines 98 to 127 in b30a429
References
- Helpdesk ticket: https://helpdesk.nethesis.it/a/tickets/191784
- Mattermost Discussion: https://mattermost.nethesis.it/nethesis/pl/qpm7auwxtfn8jeh1i875mmm46o
Metadata
Metadata
Assignees
Labels
No labels
Type
Projects
Status