diff --git a/systemd/tailgate-allow@.service b/systemd/tailgate-allow@.service
index 000216f..71703aa 100644
--- a/systemd/tailgate-allow@.service
+++ b/systemd/tailgate-allow@.service
@@ -17,6 +17,17 @@ ExecStartPre=/bin/sh -c 'INTERFACE=%i; PORT=$(cat /run/tailgate-%i.port); \
                          iptables -C tailgate -o $INTERFACE -p udp --sport $PORT -j ACCEPT > /dev/null 2>&1 || \
                          iptables -I tailgate -o $INTERFACE -p udp --sport $PORT -j ACCEPT'
 
+# Allow Essential ICMP Traffic for PMTUD
+ExecStartPre=/bin/sh -c 'iptables -I OUTPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT'
+ExecStartPre=/bin/sh -c 'iptables -I OUTPUT -p icmp --icmp-type echo-request -j ACCEPT'
+ExecStartPre=/bin/sh -c 'iptables -I OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT'
+ExecStartPre=/bin/sh -c 'iptables -I INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT'
+ExecStartPre=/bin/sh -c 'iptables -I INPUT -p icmp --icmp-type echo-request -j ACCEPT'
+ExecStartPre=/bin/sh -c 'iptables -I INPUT -p icmp --icmp-type echo-reply -j ACCEPT'
+
+# Implement MSS Clamping
+ExecStartPre=/bin/sh -c 'iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu'
+
 ExecStart=/bin/sh -c 'REAL_PORT=$(cat /run/tailgate-%i.port); rm /run/tailgate-%i.port; \
                       if [ "$REAL_PORT" -eq 41641 ]; then exit 0; fi; \
                       while true; do PORT=$(ss -lunp4 | awk "/tailscale/ {split(\\$4, arr, \\":\\"); print arr[2]}"); \
@@ -34,6 +45,16 @@ ExecStopPost=-/bin/sh -c '{ [ $(iptables -L tailgate 2>/dev/null | wc -l) -le 2
                           iptables -D OUTPUT -j tailgate && \
                           iptables -X tailgate; } || true'
 
+# Cleanup ICMP and MSS Clamping Rules on Service Stop
+ExecStopPost=-/bin/sh -c 'iptables -D OUTPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT || true'
+ExecStopPost=-/bin/sh -c 'iptables -D OUTPUT -p icmp --icmp-type echo-request -j ACCEPT || true'
+ExecStopPost=-/bin/sh -c 'iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT || true'
+ExecStopPost=-/bin/sh -c 'iptables -D INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT || true'
+ExecStopPost=-/bin/sh -c 'iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT || true'
+ExecStopPost=-/bin/sh -c 'iptables -D INPUT -p icmp --icmp-type echo-reply -j ACCEPT || true'
+
+ExecStopPost=-/bin/sh -c 'iptables -t mangle -D FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu || true'
+
 Type=oneshot
 Restart=on-failure
 RemainAfterExit=yes