I have an apple tv abroad. I have a mikrotik rb5009 router that works as wireguard server. I have another rb5009 router as wireguard client. I did a speed-test on apple tv. I can consistently see 50mbit/sec.
Everything works but the app store. The search results and downloads randomly fail, or it works very slowly.
I can not figure out why. Sometimes when it is not working, I disable the vpn. Download one app, enable the vpn, and it starts working again.
Does anyone have any idea why?
Try adding this rule and try again
/ip firewall mangle
add chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=yes tcp-flags=syn protocol=tcp
Hello
Which side am I suppose to add this? Server or client wireguard? or both?
Can you also explain the reasoning a little please?
It won’t hurt on both. This rule is used to control the TCP maximum segment size (MSS) as traffic passes through the router.
Does it make sense to make it only be valid for wireguard interface? Or does it have no impact at all in terms of performance
The mangle rule indicated above needs only to be on the client side. If that rule doesnt work an alternative is
add action=change-mss chain=forward new-mss=1380 out-interface=wireguard1 protocol=tcp tcp-flags=syn tcp-mss=1381-65535
This rule has no effect on the rest of the routers performance