diff --git i/config.cfg w/config.cfg
index bee023f..c23c723 100644
--- i/config.cfg
+++ w/config.cfg
@@ -6,9 +6,12 @@
 # User names with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123".
 # Email addresses are not allowed.
 users:
+  - hush
+  - partofme
   - phone
-  - laptop
-  - desktop
+  - tozt
+  - mail
+  - hornet
 
 ### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deployed.
 
@@ -17,7 +20,7 @@ users:
 ssh_port: 4160
 
 # Deploy StrongSwan to enable IPsec support
-ipsec_enabled: true
+ipsec_enabled: false
 
 # Deploy WireGuard
 # WireGuard will listen on 51820/UDP. You might need to change to another port
@@ -40,7 +43,7 @@ alternative_ingress_ip: false
 # automatically based on your server, but if connections hang you might need to
 # adjust this yourself.
 # See: https://github.com/trailofbits/algo/blob/master/docs/troubleshooting.md#various-websites-appear-to-be-offline-through-the-vpn
-reduce_mtu: 0
+reduce_mtu: 184
 
 # Algo will use the following lists to block ads. You can add new block lists
 # after deployment by modifying the line starting "BLOCKLIST_URLS=" at:
@@ -59,7 +62,7 @@ dns_encryption: true
 # connected clients to reach each other, as well as other computers on the
 # same LAN as your Algo server (i.e. the "road warrior" setup). In this
 # case, you may also want to enable SMB/CIFS and NETBIOS traffic below.
-BetweenClients_DROP: true
+BetweenClients_DROP: false
 
 # Block SMB/CIFS traffic
 block_smb: true
@@ -73,7 +76,7 @@ block_netbios: true
 # which case a reboot will take place if necessary at the time specified (as
 # HH:MM) in the time zone of your Algo server. The default time zone is UTC.
 unattended_reboot:
-  enabled: false
+  enabled: true
   time: 06:00
 
 ### Advanced users only below this line ###
@@ -122,7 +125,7 @@ strongswan_network_ipv6: '2001:db8:4160::/48'
 # If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
 # This option will keep the "connection" open in the eyes of NAT.
 # See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
-wireguard_PersistentKeepalive: 0
+wireguard_PersistentKeepalive: 25
 
 # WireGuard network configuration
 wireguard_network_ipv4: 10.49.0.0/16