diff --git a/etc/startup-config.default b/etc/startup-config.default
index 3b3f223..82bb1c8 100644
--- a/etc/startup-config.default
+++ b/etc/startup-config.default
@@ -149,3 +149,12 @@ set ppp_keepalive yes
 
 # Kernel acceleration, enable on no more than one instance!
 #set kernel_accel yes
+#
+# You will probably want to also enable MSS clamping, which l2tpns won't be able to do any more:
+# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+# ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+# or
+# nft add rule inet filter forward tcp flags syn tcp option maxseg size set rt mtu
+#
+# and allow dhcpv6 traffic:
+# iptables -A INPUT -i ppp+ -p udp --sport 546 --dport 547 -j ACCEPT