From 1a14c9ac8283c51ee6ba507930c09dbc8643d899 Mon Sep 17 00:00:00 2001
From: Jendrik Weise <jewe37@gmail.com>
Date: Fri, 2 Sep 2022 23:00:50 +0200
Subject: [PATCH] Only add ipv6 route if available and set MTU directly

---
 README.md                              | 2 ++
 bin/namespaced-wireguard-vpn-interface | 7 +++++--
 conf/namespaced-wireguard-vpn.conf     | 6 ++++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 05d7f8f..f3ffb3b 100644
--- a/README.md
+++ b/README.md
@@ -78,6 +78,8 @@ expected values are set by default, most with dummy default values.
   WireGuard interface. For a namespaced VPN, where the goal is to force all
   traffic through the VPN, the catch-all value `0.0.0.0/0,::0/0` is probably
   correct.
+- `WIREGUARD_INITIAL_MTU`:
+  MTU of the wireguard interface. Choosing too large a value risks packet loss.
 - `WIREGUARD_IP_ADDRESSES`:
   Comma-separated list of static IP addresses to assign to the WireGuard
   interface. As far as I know, WireGuard does not currently support DHCP or any
diff --git a/bin/namespaced-wireguard-vpn-interface b/bin/namespaced-wireguard-vpn-interface
index d4d310d..69a04c9 100755
--- a/bin/namespaced-wireguard-vpn-interface
+++ b/bin/namespaced-wireguard-vpn-interface
@@ -7,7 +7,7 @@ die() {
 
 case "$1" in
     up)
-        ip link add "$WIREGUARD_NAME" type wireguard || die
+        ip link add "$WIREGUARD_NAME" mtu $WIREGUARD_INITIAL_MTU type wireguard || die
 
         wg set "$WIREGUARD_NAME" \
             private-key <(echo "$WIREGUARD_PRIVATE_KEY") \
@@ -26,7 +26,10 @@ case "$1" in
 
         # Add default routes for IPv4 and IPv6
         ip -n "$NETNS_NAME" -4 route add default dev "$WIREGUARD_NAME" || die
-        ip -n "$NETNS_NAME" -6 route add default dev "$WIREGUARD_NAME" || die
+        if ip -o -6 -a | grep -q "$WIREGUARD_NAME"
+        then 
+            ip -n "$NETNS_NAME" -6 route add default dev "$WIREGUARD_NAME" || die
+        fi
         ;;
 
     down)
diff --git a/conf/namespaced-wireguard-vpn.conf b/conf/namespaced-wireguard-vpn.conf
index 367f557..f22362f 100644
--- a/conf/namespaced-wireguard-vpn.conf
+++ b/conf/namespaced-wireguard-vpn.conf
@@ -20,6 +20,12 @@ WIREGUARD_ALLOWED_IPS=0.0.0.0/0,::0/0
 # interface
 WIREGUARD_IP_ADDRESSES=10.0.0.1/32,fd12:3456:789a:1::1/128
 
+# Assuming a sane VPN provider:
+# IPv4: 1440
+# IPv6: 1420
+# If using PPPoE(typically DSL) -=8
+WIREGUARD_INITIAL_MTU=1420
+
 # Name of the init-facing tunnel interface
 TUNNEL_INIT_NAME=veth-vpn0