diff --git a/contrib/ci/minimal-site/site.conf b/contrib/ci/minimal-site/site.conf
index 3f7373f6..62a5bc3a 100644
--- a/contrib/ci/minimal-site/site.conf
+++ b/contrib/ci/minimal-site/site.conf
@@ -93,7 +93,6 @@
 
   mesh_vpn = {
     -- enabled = true,
-    mtu = 1312,
 
     fastd = {
       -- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
@@ -101,6 +100,7 @@
 
       -- List of crypto-methods to use.
       methods = {'salsa2012+umac'},
+      mtu = 1312,
       -- configurable = true,
       -- syslog_level = 'warn',
 
diff --git a/docs/multidomain-site-example/site.conf b/docs/multidomain-site-example/site.conf
index 25eaeb69..fc5298f7 100644
--- a/docs/multidomain-site-example/site.conf
+++ b/docs/multidomain-site-example/site.conf
@@ -20,10 +20,10 @@
   },
 
   mesh_vpn = {
-    mtu = 1312,
 
     fastd = {
       methods = {'salsa2012+umac'},
+      mtu = 1312,
     },
 
     bandwidth_limit = {
diff --git a/docs/site-example/site.conf b/docs/site-example/site.conf
index bd7a9a15..538a8c3e 100644
--- a/docs/site-example/site.conf
+++ b/docs/site-example/site.conf
@@ -105,7 +105,6 @@
 
   mesh_vpn = {
     -- enabled = true,
-    mtu = 1312,
 
     fastd = {
       -- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
@@ -113,6 +112,7 @@
 
       -- List of crypto-methods to use.
       methods = {'salsa2012+umac'},
+      mtu = 1312,
       -- configurable = true,
       -- syslog_level = 'warn',
 
diff --git a/docs/user/site.rst b/docs/user/site.rst
index 5b2e0eeb..1784e0ff 100644
--- a/docs/user/site.rst
+++ b/docs/user/site.rst
@@ -331,10 +331,10 @@ mesh_vpn
 
     mesh_vpn = {
       -- enabled = true,
-      mtu = 1312,
       -- pubkey_privacy = true,
 
       fastd = {
+        mtu = 1312,
         methods = {'salsa2012+umac'},
         -- configurable = true,
         -- syslog_level = 'warn',
@@ -384,6 +384,7 @@ mesh_vpn
       },
 
       tunneldigger = {
+        mtu = 1312,
         brokers = {'vpn1.alpha-centauri.freifunk.net'}
       },
 
diff --git a/package/gluon-mesh-vpn-core/check_site.lua b/package/gluon-mesh-vpn-core/check_site.lua
index 04ff3c84..cff076e1 100644
--- a/package/gluon-mesh-vpn-core/check_site.lua
+++ b/package/gluon-mesh-vpn-core/check_site.lua
@@ -1,5 +1,4 @@
 need_boolean(in_site({'mesh_vpn', 'enabled'}), false)
-need_number({'mesh_vpn', 'mtu'})
 need_boolean(in_site({'mesh_vpn', 'pubkey_privacy'}), false)
 
 need_boolean(in_site({'mesh_vpn', 'bandwidth_limit', 'enabled'}), false)
diff --git a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
index a476afdb..b1495255 100755
--- a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
+++ b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
@@ -7,6 +7,7 @@ local util = require 'gluon.util'
 local uci = require('simple-uci').cursor()
 
 local vpn_core = require 'gluon.mesh-vpn'
+local _, active_vpn = vpn_core.get_active_provider()
 
 uci:section('network', 'interface', 'mesh_vpn', {
 	ifname = vpn_core.get_interface(),
@@ -14,7 +15,7 @@ uci:section('network', 'interface', 'mesh_vpn', {
 	transitive = true,
 	fixed_mtu = true,
 	macaddr = util.generate_mac(7),
-	mtu = site.mesh_vpn.mtu(),
+	mtu = active_vpn.mtu(),
 })
 
 uci:save('network')
diff --git a/package/gluon-mesh-vpn-fastd/check_site.lua b/package/gluon-mesh-vpn-fastd/check_site.lua
index 6f3c0832..dadcc917 100644
--- a/package/gluon-mesh-vpn-fastd/check_site.lua
+++ b/package/gluon-mesh-vpn-fastd/check_site.lua
@@ -1,6 +1,7 @@
 local fastd_methods = {'salsa2012+umac', 'null+salsa2012+umac', 'null@l2tp', 'null'}
 need_array_of({'mesh_vpn', 'fastd', 'methods'}, fastd_methods)
 need_boolean(in_site({'mesh_vpn', 'fastd', 'configurable'}), false)
+need_number({'mesh_vpn', 'fastd', 'mtu'})
 
 need_one_of(in_site({'mesh_vpn', 'fastd', 'syslog_level'}),
 	{'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false)
diff --git a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
index c8898755..4c2dc046 100755
--- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
+++ b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
@@ -3,6 +3,7 @@
 local site = require 'gluon.site'
 local util = require 'gluon.util'
 local vpn_core = require 'gluon.mesh-vpn'
+local _, active_vpn = vpn_core.get_active_provider()
 
 local uci = require('simple-uci').cursor()
 local unistd = require 'posix.unistd'
@@ -49,7 +50,7 @@ uci:section('fastd', 'fastd', 'mesh_vpn', {
 	secret = secret,
 	interface = vpn_core.get_interface(),
 	mode = 'tap',
-	mtu = site.mesh_vpn.mtu(),
+	mtu = active_vpn.mtu(),
 	secure_handshakes = true,
 	method = methods,
 	packet_mark = 1,
diff --git a/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua b/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua
index bcc6b5e1..20ac4777 100644
--- a/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua
+++ b/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua
@@ -39,4 +39,8 @@ function M.set_limit(ingress_limit, egress_limit)
 	uci:save('simple-tc')
 end
 
+function M.mtu()
+	return site.mesh_vpn.fastd.mtu()
+end
+
 return M
diff --git a/package/gluon-mesh-vpn-tunneldigger/check_site.lua b/package/gluon-mesh-vpn-tunneldigger/check_site.lua
index 188433fd..77ea83c5 100644
--- a/package/gluon-mesh-vpn-tunneldigger/check_site.lua
+++ b/package/gluon-mesh-vpn-tunneldigger/check_site.lua
@@ -1 +1,2 @@
 need_string_array(in_domain({'mesh_vpn', 'tunneldigger', 'brokers'}))
+need_number({'mesh_vpn', 'tunneldigger', 'mtu'})
diff --git a/package/gluon-mesh-vpn-tunneldigger/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua b/package/gluon-mesh-vpn-tunneldigger/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua
index d324a3cc..9ae67539 100644
--- a/package/gluon-mesh-vpn-tunneldigger/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua
+++ b/package/gluon-mesh-vpn-tunneldigger/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua
@@ -39,4 +39,8 @@ function M.set_limit(ingress_limit, egress_limit)
 	uci:save('simple-tc')
 end
 
+function M.mtu()
+	return site.mesh_vpn.tunneldigger.mtu()
+end
+
 return M
diff --git a/package/gluon-mesh-vpn-wireguard/check_site.lua b/package/gluon-mesh-vpn-wireguard/check_site.lua
index f5a0d94e..5769e36e 100644
--- a/package/gluon-mesh-vpn-wireguard/check_site.lua
+++ b/package/gluon-mesh-vpn-wireguard/check_site.lua
@@ -7,3 +7,4 @@ local function check_peer(k)
 end
 
 need_table({'mesh_vpn', 'wireguard', 'peers'}, check_peer)
+need_number({'mesh_vpn', 'wireguard', 'mtu'})
diff --git a/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua b/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
index b531b80e..fb5041c5 100644
--- a/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
+++ b/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
@@ -40,4 +40,8 @@ function M.set_limit(ingress_limit, egress_limit)
 	uci:save('simple-tc')
 end
 
+function M.mtu()
+	return site.mesh_vpn.wireguard.mtu()
+end
+
 return M