https://github.com/a4649/wireguard-site-to-site

https://docs.github.com/en/actions/using-github-hosted-runners/connecting-to-a-private-network/using-wireguard-to-create-a-network-overlay

sudo systemctl enable wg-quick@wg0.service
sudo systemctl daemon-reload
sudo systemctl start wg-quick@wg0
systemctl status wg-quick@wg0

sudo systemctl stop wg-quick@wg0
sudo systemctl disable wg-quick@wg0.service
sudo rm -i /etc/systemd/system/wg-quick@wg0*
sudo systemctl daemon-reload
sudo systemctl reset-failed

https://forum.openwrt.org/t/appropriate-manual-iptables-configuration-for-mss-under-wireguard/57103

https://keremerkan.net/posts/wireguard-mtu-fixes/

https://www.wireguard.com/

https://sudonull.com/post/261-Point-by-round-PKH-locks-on-an-OpenWrt-router-using-WireGuard-and-DNSCrypt

MTU Fix

testing

interface: wg0
  public key: ****
  private key: (hidden)
  listening port: 55090

peer: ***
  preshared key: (hidden)
  endpoint: 84.119.210.198:51978
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 37.72 KiB sent
  persistent keepalive: every 25 seconds
root@zllrt2:~# wg show wg0

Many people ask about the packet breakdown of WireGuard, and though this is explained in [1] and [2], many find this ancient mailing list thread, which now contains out of date information. So this email is to bring the thread up to date, for folks who stumble upon it.

• The overhead of WireGuard breaks down as follows:

1. 20-byte IPv4 header or 40 byte IPv6 header
2. 8-byte UDP header
3. 4-byte type
4. 4-byte key index
5. 8-byte nonce
6. N-byte encrypted data
7. 16-byte authentication tag

So, if you assume 1500 byte ethernet frames, the worst case (IPv6) winds up being 1500-(40+8+4+4+8+16), leaving N=1420 bytes. However, if you know ahead of time that you're going to be using IPv4 exclusively, then you could get away with N=1440 bytes.

IPV4 only -> 1440
IPV4+IPV6 -> 1420