[BUG] MTU issues with FritzBox acting as wireguard server #391
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
Hi,
- I create several wireguard confs in my FritzBox 7590, FW version 8.03
- I can use created confs from linux laptop and android phones
- I can't use created conf from a docker container on a linux host somewhere in the internet
On starting the container (and wg) with it, I get
[#] ip -4 address add 192.168.178.203/24 dev wg_nuthome
RTNETLINK answers: Network is unreachable
If I manually add MTU 1420 to the wg conf, the error message is gone and wg interface and route are added to the containers network configuration. I would not consider this as a bug of this docker-wireguard project, but I feel it could help others, if it was documented here.
However, my problem (no connection) is not solved with this. It seems that the connection to the FritzBox's wireguard VPN is not established. The container does not show an error, and/but
- I can ping the Internet, e.g. 8.8.8.8 or github.com
- I can't ping a host's IP on FritzBox's network nor the FritzBox itself (no reaction/output)
- FritzBox shows a last connection timestamp per wireguard "client", it is still empty for this client/configuration used and the connection state is still not showing "green".
Maybe this issue is also related to #361 (closed due to inactivity), which also involves a FritzBox. Can someone report a working connection with FritzBox VPN from a docker container?
Expected Behavior
The wireguard tunnel should allow me to reach and ping hosts at the other side of the tunnel.
Steps To Reproduce
- start container and check the tunnel is "set up" (no error is shown)
- exec in the container: ping 8.8.8.8 (suceeds)
- exec in the container: ping github.com (succeeds)
- exec in the container: ping 192.168.178.1 (fails in my case)
Environment
- docker host OS: Debian 12.11 on a Proxmox VM (proxmox host also on debian 12.11)
- Docker container was configured as described (but I also created manually an ubuntu derived container, and tried wg-quick, same behavior)CPU architecture
x86-64
Docker creation
docker compose up --force-recreateContainer logs
[migrations] started
[migrations] no migrations found
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
WireGuard: https://www.wireguard.com/donations/
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 1000
───────────────────────────────────────
Linuxserver.io version: 1.0.20250521-r0-ls81
Build-date: 2025-07-29T17:05:49+00:00
───────────────────────────────────────
Uname info: Linux a8e182305a85 6.1.0-37-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.140-1 (2025-05-22) x86_64 GNU/Linux
**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****
**** If your host does not automatically load the iptables module, you may still need the SYS_MODULE capability. ****
**** Client mode selected. ****
[custom-init] No custom files found, skipping...
**** Disabling CoreDNS ****
**** Found WG conf /config/wg_confs/wg_nuthome.conf, adding to list ****
**** Activating tunnel /config/wg_confs/wg_nuthome.conf ****
[#] ip link add dev wg_nuthome type wireguard
[#] wg setconf wg_nuthome /dev/fd/63
[#] ip -4 address add 192.168.178.203/24 dev wg_nuthome
[#] ip link set mtu 1420 up dev wg_nuthome
**** All tunnels are now active ****
[ls.io-init] done.
**** Disabling tunnel /config/wg_confs/wg_nuthome.conf ****
[#] ip link delete dev wg_nuthome