diff --git a/machines/orbi/configuration.nix b/machines/orbi/configuration.nix
index 0b2db15..3bb56b6 100644
--- a/machines/orbi/configuration.nix
+++ b/machines/orbi/configuration.nix
@@ -56,8 +56,11 @@
   components.network.enable = true;
   components.network.nginx.landingpage.enable = false;
   components.network.wifi.enable = false;
+
   components.virtualisation.enable = true; # we only enable this stuff where we need it explicitly
   components.virtualisation.podman.enable = false;
+  components.virtualisation.virtualbox.enable = false;
+
   virtualisation.oci-containers.backend = "docker";
 
   features.network.fail2ban.enable = true;
diff --git a/machines/orbi/network-wireguard.nix b/machines/orbi/network-wireguard.nix
index f48b84f..2b01481 100644
--- a/machines/orbi/network-wireguard.nix
+++ b/machines/orbi/network-wireguard.nix
@@ -31,7 +31,7 @@ in
     ping -c 1 -W 5 ${config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.ip".value}
   '';
 
-  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
+  boot.kernel.sysctl."net.ipv4.conf.wg0.forwarding" = true;
 
   # Enable WireGuard
   networking.wg-quick.interfaces = {