infra

History

Viktor Barzin 75255d22a2 fix(phpipam): fix London SSH via WG MTU reduction (1420→1200) Root cause: PMTU black hole on WireGuard tunnel. The tunnel runs over the HE IPv6 6in4 tunnel (gif0 MTU 1280). With WG overhead (~80 bytes), effective inner MTU is 1200 — but both sides were configured at 1420. SSH kex packets >1200 bytes were silently dropped. Fix: Set tun_wg0 MTU to 1200 on pfSense + peer_855 MTU to 1200 on London GL-iNet. Re-enabled London DHCP/ARP import in remote CronJob. All 3 sites now fully automated: - Sofia: Kea leases + ARP every 5min - London: DHCP + ARP via pfSense→London SSH hop, hourly - Valchedrym: DHCP + ARP via pfSense→OpenWRT SSH hop, hourly [ci skip] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 08:18:42 +00:00
..
main.tf	fix(phpipam): fix London SSH via WG MTU reduction (1420→1200)	2026-04-11 08:18:42 +00:00
terragrunt.hcl	feat(phpipam): deploy phpIPAM for live IP address management	2026-04-10 14:19:25 +00:00

Viktor Barzin 75255d22a2 fix(phpipam): fix London SSH via WG MTU reduction (1420→1200)

Root cause: PMTU black hole on WireGuard tunnel. The tunnel runs over
the HE IPv6 6in4 tunnel (gif0 MTU 1280). With WG overhead (~80 bytes),
effective inner MTU is 1200 — but both sides were configured at 1420.
SSH kex packets >1200 bytes were silently dropped.

Fix: Set tun_wg0 MTU to 1200 on pfSense + peer_855 MTU to 1200 on
London GL-iNet. Re-enabled London DHCP/ARP import in remote CronJob.

All 3 sites now fully automated:
- Sofia: Kea leases + ARP every 5min
- London: DHCP + ARP via pfSense→London SSH hop, hourly
- Valchedrym: DHCP + ARP via pfSense→OpenWRT SSH hop, hourly

[ci skip]

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-11 08:18:42 +00:00

main.tf

fix(phpipam): fix London SSH via WG MTU reduction (1420→1200)

2026-04-11 08:18:42 +00:00

terragrunt.hcl

feat(phpipam): deploy phpIPAM for live IP address management

2026-04-10 14:19:25 +00:00