diff --git a/apps/fz_http/test/fz_http/sites_test.exs b/apps/fz_http/test/fz_http/sites_test.exs
index b466a7c15..e5a35ea51 100644
--- a/apps/fz_http/test/fz_http/sites_test.exs
+++ b/apps/fz_http/test/fz_http/sites_test.exs
@@ -21,7 +21,7 @@ defmodule FzHttp.SitesTest do
"allowed_ips" => "::/0",
"endpoint" => "foobar.example.com",
"persistent_keepalive" => "15",
- "mtu" => "1420"
+ "mtu" => "1280"
}
]
@invalid_site %{
diff --git a/apps/fz_http/test/fz_http_web/live/setting_live/site_test.exs b/apps/fz_http/test/fz_http_web/live/setting_live/site_test.exs
index 7c94304d8..19d704a63 100644
--- a/apps/fz_http/test/fz_http_web/live/setting_live/site_test.exs
+++ b/apps/fz_http/test/fz_http_web/live/setting_live/site_test.exs
@@ -122,7 +122,7 @@ defmodule FzHttpWeb.SettingLive.SiteTest do
refute test_view =~ "is invalid"
assert test_view =~ """
- \
+ \
"""
end
@@ -188,7 +188,7 @@ defmodule FzHttpWeb.SettingLive.SiteTest do
assert test_view =~ "must be greater than or equal to 576"
assert test_view =~ """
- \
+ \
"""
end
end
diff --git a/config/config.exs b/config/config.exs
index 04a9898d6..2b3b40ede 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -63,7 +63,7 @@ config :fz_http,
wireguard_ipv6_enabled: true,
wireguard_ipv6_network: "fd00::3:2:0/120",
wireguard_ipv6_address: "fd00::3:2:1",
- wireguard_mtu: "1420",
+ wireguard_mtu: "1280",
max_devices_per_user: 10,
telemetry_module: FzCommon.Telemetry,
supervision_tree_mode: :full,
diff --git a/docs/docs/reference/configuration-file.md b/docs/docs/reference/configuration-file.md
index 79d74e935..44819fe32 100644
--- a/docs/docs/reference/configuration-file.md
+++ b/docs/docs/reference/configuration-file.md
@@ -139,7 +139,7 @@ Shown below is a complete listing of the configuration options available in
| `default['firezone']['wireguard']['log_rotation']['num_to_keep']` | Number of WireGuard log files to keep. | `10` |
| `default['firezone']['wireguard']['interface_name']` | WireGuard interface name. | `'wg-firezone'` |
| `default['firezone']['wireguard']['port']` | WireGuard listen port. | `51820` |
-| `default['firezone']['wireguard']['mtu']` | WireGuard interface MTU for this server and for device configurations. | `1420` |
+| `default['firezone']['wireguard']['mtu']` | WireGuard interface MTU for this server and for device configurations. | `1280` |
| `default['firezone']['wireguard']['endpoint']` | WireGuard `Endpoint` to use for generating device configurations. If `nil`, defaults to the server's public IP address. | `nil` |
| `default['firezone']['wireguard']['dns']` | WireGuard `DNS` to use for generated device configurations. | `'1.1.1.1, 1.0.0.1'` |
| `default['firezone']['wireguard']['allowed_ips']` | WireGuard `AllowedIPs` to use for generated device configurations. | `'0.0.0.0/0, ::/0'` |
diff --git a/omnibus/cookbooks/firezone/attributes/default.rb b/omnibus/cookbooks/firezone/attributes/default.rb
index 24fc34faf..eb347107e 100644
--- a/omnibus/cookbooks/firezone/attributes/default.rb
+++ b/omnibus/cookbooks/firezone/attributes/default.rb
@@ -327,7 +327,7 @@ default['firezone']['wireguard']['interface_name'] = 'wg-firezone'
default['firezone']['wireguard']['port'] = 51_820
# WireGuard interface MTU
-default['firezone']['wireguard']['mtu'] = 1420
+default['firezone']['wireguard']['mtu'] = 1280
# WireGuard endpoint
# By default, the public IP address of this server is used as the Endpoint