What's the feature 🧐

Implement in Go an MTU testing using ICMP packets, starting from a large packet and lowering it until it's no longer fragmented/unreachable.

• Add a new option VPN_MTU_START=1450 to indicate the starting MTU to test
• Add a new option VPN_MTU_STEP=30 to indicate the step to add or subtract for the next MTU to test
• if MTU testing it fast enough, deprecate WIREGUARD_MTU, OPENVPN_MSSFIX and remove default MTU values in Openvpn configurations
• do we need a large link MTU to send large ICMP packets to test the MTU? If yes, we should hold all traffic (firewall?) until the MTU is found. This would make the implementation complicated.

Extra information and references

• Created from issue Bug: dns over tls timing out on latest image (TLS handshake) #2533 (comment)
• High MTU gives a higher bandwidth (less header overhead)
• Low MTU is more reliable
• All network links from the VPN client to the VPN server must support the MTU (AFAIK)
• OpenVPN has the mtu-test option which takes about 3 minutes
• Wireguard would need its own implementation, so we might as well have the same implementation for both wireguard and openvpn