Recently, on a ASL3 simplex node that I setup for a friend in Idaho, the behavior became erratic. SSH would drop and the cockpit stopped working over VPN. This was on running through a T-Mobile home router on a RPi 4 with ZeroTier VPN for my SSH access and allstarlink dedicated connection to my hub server.
The T-Mobile network was not allowing maximum packet sizes much above MTU=1200. The solution was to set both the ethernet and VPN network devices to MTU 1200. This was done by creating a systemd service to run at bootup. The fix allowed solid operation and restored cockpit access over the VPN.
'Thought this info would be helpful to others using mobile network routers (especially T-Mobile).
If you search zerotier and MTU, it’s a relatively known issue as there’s not great info on whether the ZT clients respect the modified MTU values. I would recommend moving to raw WireGuard, or if you aren’t super comfortable with networking, run headscale yourself. Headscale
Any VPN solution that is generating keys for you is probably not one you want to be using, as a general rule.
Tom, I don’t know what ZeroTier is costing you, I roll my own wireguard vpn using a KVM server from racknerd. Shopping Cart - RackNerd LLC that link has some promos they have right now. I’m using a 1gb machine that would run you $10.96 per year, and I roll my own. http://texomarepeatergroup.com/wireguard/wireguardvpn%20setup I documented my setup so that someone else could come along and it would be easy for them.
oh interesting, running 2800 MTU over the internet will definitely cause some issues. I would check client bugs to make sure they respect changes to the MTU.
As W5MGM rolling your own wireguard on a VPS is a good option to avoid dealing with NAT traversal, but if you aren’t super comfortable with routing and IP forwarding, I really like Headscale/Tailscale combo. You can still self host like running regular wireguard, but you can also just leverage their infrastructure at first just like Zero Tier.