wireguard mtu 1420 vxlan mtu 1350 (overhead 50)
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o br-lan -j TCPMSS --set-mss 1200 iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o br-overlay02 -j TCPMSS --set-mss 1200
You will need to add the iptables support for geolocation. To do so, you'll have to follow these steps:
apt-get install xtables-addons-common mkdir /usr/share/xt_geoip apt-get install libtext-csv-xs-perl unzip /usr/lib/xtables-addons/xt_geoip_dl /usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv
iptables -A FORWARD -m geoip --src-cc XK -p tcp -m tcp --dport 443 -j ACCEPT