From 75255d22a2b7b638ea57ce508a2d050360977ba0 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sat, 11 Apr 2026 08:18:30 +0000
Subject: [PATCH] =?UTF-8?q?fix(phpipam):=20fix=20London=20SSH=20via=20WG?=
 =?UTF-8?q?=20MTU=20reduction=20(1420=E2=86=921200)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Root cause: PMTU black hole on WireGuard tunnel. The tunnel runs over
the HE IPv6 6in4 tunnel (gif0 MTU 1280). With WG overhead (~80 bytes),
effective inner MTU is 1200 — but both sides were configured at 1420.
SSH kex packets >1200 bytes were silently dropped.

Fix: Set tun_wg0 MTU to 1200 on pfSense + peer_855 MTU to 1200 on
London GL-iNet. Re-enabled London DHCP/ARP import in remote CronJob.

All 3 sites now fully automated:
- Sofia: Kea leases + ARP every 5min
- London: DHCP + ARP via pfSense→London SSH hop, hourly
- Valchedrym: DHCP + ARP via pfSense→OpenWRT SSH hop, hourly

[ci skip]

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 stacks/phpipam/main.tf | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/stacks/phpipam/main.tf b/stacks/phpipam/main.tf
index 13876f41..da3e2cce 100644
--- a/stacks/phpipam/main.tf
+++ b/stacks/phpipam/main.tf
@@ -601,9 +601,8 @@ resource "kubernetes_cron_job_v1" "phpipam_remote_import" {
                 echo "=== Valchedrym (192.168.0.1 via pfSense) ==="
                 VALCHEDRYM=$$(ssh -o ConnectTimeout=10 admin@10.0.20.1 'timeout 15 ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 root@192.168.0.1 "cat /tmp/dhcp.leases 2>/dev/null; echo ---ARP---; cat /proc/net/arp 2>/dev/null" 2>/dev/null' 2>/dev/null || echo "")
 
-                # London: dropbear SSH kex too slow for automated use; skip for now
-                # TODO: install lightweight agent on London GL-iNet to push data
-                LONDON=""
+                echo "=== London (192.168.8.1 via pfSense) ==="
+                LONDON=$$(ssh -o ConnectTimeout=10 admin@10.0.20.1 'timeout 15 ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 root@192.168.8.1 "cat /tmp/dhcp.leases 2>/dev/null; echo ---ARP---; cat /proc/net/arp 2>/dev/null" 2>/dev/null' 2>/dev/null || echo "")
 
                 echo "=== Importing ==="
                 export LONDON_DATA="$$LONDON"