diff --git a/README.md b/README.md
index 533d44b81..a8d524434 100644
--- a/README.md
+++ b/README.md
@@ -1068,10 +1068,10 @@ SOFTWARE.
 [vscode-armhf-shield]: https://img.shields.io/badge/armhf-no-red.svg
 [vscode-armv7-shield]: https://img.shields.io/badge/armv7-no-red.svg
 [vscode-i386-shield]: https://img.shields.io/badge/i386-no-red.svg
-[addon-tailscale]: https://github.com/hassio-addons/addon-tailscale/tree/96f3def
-[addon-doc-tailscale]: https://github.com/hassio-addons/addon-tailscale/blob/96f3def/README.md
+[addon-tailscale]: https://github.com/hassio-addons/addon-tailscale/tree/e588380
+[addon-doc-tailscale]: https://github.com/hassio-addons/addon-tailscale/blob/e588380/README.md
 [tailscale-issue]: https://github.com/hassio-addons/addon-tailscale/issues
-[tailscale-version-shield]: https://img.shields.io/badge/version-96f3def-blue.svg
+[tailscale-version-shield]: https://img.shields.io/badge/version-e588380-blue.svg
 [tailscale-aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
 [tailscale-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
 [tailscale-armhf-shield]: https://img.shields.io/badge/armhf-no-red.svg
diff --git a/tailscale/CHANGELOG.md b/tailscale/CHANGELOG.md
index d097eb1eb..7f6fe0f3e 100644
--- a/tailscale/CHANGELOG.md
+++ b/tailscale/CHANGELOG.md
@@ -1,4 +1,20 @@
 # Changelog since v0.24.0
+- Update site-to-site networking related documentation (#457)
+
+* s2s docs in separate PR"
+
+* fine tune s2s related docs
+
+* bunny is right on s2s 
+- Fix MSS clamping for site-to-site networking (#453)
+
+* refactor mss clamping
+
+* fix mss clamping
+
+* remove s2s docs, will be in separate PR
+
+* bunny is right on mss 
 - 🎆 Updates maintenance/license year to 2025 (#473) 
 - ⬆️ Update Add-on base image to v17.2.1 (#472)
 
diff --git a/tailscale/DOCS.md b/tailscale/DOCS.md
index 1ab251e77..f3340976e 100644
--- a/tailscale/DOCS.md
+++ b/tailscale/DOCS.md
@@ -280,10 +280,15 @@ router, and this simplifies routing configuration.
 
 When not set, this option is enabled by default.
 
-To support advanced [Site-to-site networking][tailscale_info_site_to_site] (eg.
+To support advanced [Site-to-site networking][tailscale_info_site_to_site] (e.g.
 to traverse multiple networks), you can disable this functionality, and follow
-steps from step 3 on [Site-to-site networking][tailscale_info_site_to_site]. But
-do it only when you really understand why you need this.
+steps in the [Site-to-site networking][tailscale_info_site_to_site] guide (Note:
+The add-on already handles "IP address forwarding" and "Clamp the MSS to the
+MTU" for you).
+
+**Note:** Only disable this option if you fully understand the implications.
+Keep it enabled if preserving the real source IP address is not critical for
+your use case.
 
 ### Option: `stateful_filtering`
 
@@ -326,14 +331,25 @@ with their tailnet IP, but with their tailnet name, you have to configure Home
 Assistant's DNS options also.
 
 If you want to access other clients on your tailnet even from your local subnet,
-follow steps from step 3 on [Site-to-site
-networking][tailscale_info_site_to_site].
+follow steps in the [Site-to-site networking][tailscale_info_site_to_site] guide
+(Note: The add-on already handles "IP address forwarding" and "Clamp the MSS to
+the MTU" for you).
 
-In case your local subnets collide with subnet routes within your tailnet, your
-local network access has priority, and these addresses won't be routed toward
-your tailnet. This will prevent your Home Assistant instance from losing network
-connection. This also means that using the same subnet on multiple nodes for load
-balancing and failover is impossible with the current add-on behavior.
+**Note:** In case your local subnets collide with subnet routes within your
+tailnet, your local network access has priority, and these addresses won't be
+routed toward your tailnet. This will prevent your Home Assistant instance from
+losing network connection. This also means that using the same subnet on
+multiple nodes for load balancing and failover is impossible with the current
+add-on behavior.
+
+**Note:** The `userspace_networking` option can remain enabled if you only need
+one-way access from tailnet clients to your local subnet, without requiring
+access from your local subnet to other tailnet clients.
+
+**Note:** If you implement Site-to-site networking, but you are not interested
+in the real source IP address, i.e. subnet devices can see the traffic
+originating from the subnet router, you don't need to disable the
+`snat_subnet_routes` option, this can simplify routing configuration.
 
 ## Network
 
diff --git a/tailscale/README.md b/tailscale/README.md
index 6ed6aea1f..bb6885a3e 100644
--- a/tailscale/README.md
+++ b/tailscale/README.md
@@ -48,5 +48,5 @@ If you are more interested in stable releases of our add-ons:
 [patreon-shield]: https://frenck.dev/wp-content/uploads/2019/12/patreon.png
 [patreon]: https://www.patreon.com/frenck
 [project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg
-[release-shield]: https://img.shields.io/badge/version-96f3def-blue.svg
-[release]: https://github.com/hassio-addons/addon-tailscale/tree/96f3def
\ No newline at end of file
+[release-shield]: https://img.shields.io/badge/version-e588380-blue.svg
+[release]: https://github.com/hassio-addons/addon-tailscale/tree/e588380
\ No newline at end of file
diff --git a/tailscale/config.yaml b/tailscale/config.yaml
index d2e96272a..b7f8c3116 100644
--- a/tailscale/config.yaml
+++ b/tailscale/config.yaml
@@ -1,5 +1,5 @@
 name: Tailscale
-version: 96f3def
+version: e588380
 slug: tailscale
 description: Zero config VPN for building secure networks
 url: https://github.com/hassio-addons/addon-tailscale