From 02eff1a9eff0db1161b83ae6924d8e0892de7477 Mon Sep 17 00:00:00 2001
From: Mel <mel@rnrd.eu>
Date: Fri, 24 Apr 2026 03:24:14 +0200
Subject: Set MTU on all tunnel interfaces on ingress node

Signed-off-by: Mel <mel@rnrd.eu>
---
 modules/tunnel/ingress.nix | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/modules/tunnel/ingress.nix b/modules/tunnel/ingress.nix
index a1260c8..8a6ae3b 100644
--- a/modules/tunnel/ingress.nix
+++ b/modules/tunnel/ingress.nix
@@ -26,9 +26,10 @@ let
   ingressName = index: "tunnel-ingress${toString index}";
   egressName = "tunnel-egress0";
   egressAddress = "10.123.255.1/16"; # /16 encompasses all possible subnet addresses
-  egressMTU = 1400;
 
   egressHost = name: "${name}.rnrd.eu";
+
+  mtu = 1400;
 in
 {
   boot.kernel.sysctl = {
@@ -69,6 +70,10 @@ in
         "10-${ingressName index}" = {
           name = ingressName index;
           address = [ (addressFromTemplate index ownAddress 24) ];
+          linkConfig = {
+            RequiredForOnline = "no";
+            MTUBytes = toString mtu;
+          };
           routingPolicyRules = [
             {
               IncomingInterface = ingressName index;
@@ -91,8 +96,8 @@ in
             };
             linkConfig = {
               ActivationPolicy = "up";
-              RequiredForOnline = "no"; # does not count as online
-              MTUBytes = toString egressMTU;
+              RequiredForOnline = "no";
+              MTUBytes = toString mtu;
             };
             routes = [
               {
@@ -143,11 +148,11 @@ in
       settings = {
         inbounds = [
           {
+            inherit mtu;
             type = "tun";
             tag = inboundName;
             interface_name = egressName;
             address = [ egressAddress ];
-            mtu = egressMTU;
             stack = "gvisor";
             auto_route = false; # we route manually
             strict_route = false;
-- 
cgit 1.4.1