diff --git a/nixos/cloudflared.nix b/nixos/cloudflared.nix
index db03d599..7171518c 100644
--- a/nixos/cloudflared.nix
+++ b/nixos/cloudflared.nix
@@ -3,7 +3,15 @@
   lib,
   ...
 }: let
-  inherit (lib.modules) mkDefault;
+  inherit (lib.modules) mkIf mkDefault;
+  cfg = config.services.cloudflared;
 in {
-  config.services.cloudflared.enable = mkDefault true;
+  config = {
+    services.cloudflared.enable = mkDefault true;
+    boot.kernel.sysctl = mkIf (!config.boot.isContainer && cfg.enable) {
+      # https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
+      "net.core.rmem_max" = mkDefault 2500000;
+      "net.core.wmem_max" = mkDefault 2500000;
+    };
+  };
 }
diff --git a/systems/reisen/sysctl.50-net.conf b/systems/reisen/sysctl.50-net.conf
index 78a323ef..aba630be 100644
--- a/systems/reisen/sysctl.50-net.conf
+++ b/systems/reisen/sysctl.50-net.conf
@@ -2,3 +2,6 @@ net.ipv6.conf.vmbr0.disable_ipv6=0
 net.ipv6.conf.vmbr0.use_tempaddr=1
 net.ipv6.conf.vmbr0.accept_ra_rt_info_max_plen=128
 net.ipv4.ping_group_range=0 2147483647
+# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
+net.core.rmem_max=2500000
+net.core.wmem_max=2500000