My office network nodes access internet via NAT (iptables masquerading) and the gateway server access internet using a Wireguard VPN connection. Everything works OK, but I can't access websites that are using Fastly CDN. Is there any additional configuration to avoid the problem?
There is a forward only DNS server on my gateway, that forwards all DNS request to my Wireguard server's DNS server.
I found your question while looking into this issue myself.
I realize that you might have found the answer already but for others that might stumble upon this question -- here is the answer.
This is related to MTU/MSS issues.
Further discussion is available here :
TLDR, the fix is to set the MTU in your wireguard configuration to :
MTU = 1420
And also the following addition to your iptables FORWARD chain
iptables -A FORWARD -i wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Hope this helps someone!
