Add bidirectional forward permissions and allow ipv4 forwards in the kernel
This commit is contained in:
parent
b92cd5294b
commit
0cd36bf935
|
@ -11,3 +11,10 @@
|
||||||
- config
|
- config
|
||||||
- wireguard
|
- wireguard
|
||||||
- vault
|
- vault
|
||||||
|
- name: Enable forwarding in sysctl
|
||||||
|
loop:
|
||||||
|
- { name: "net.ipv4.ip_forward", value: "1" }
|
||||||
|
sysctl:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
sysctl_set: yes
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
[Interface]
|
[Interface]
|
||||||
Address = {{ wireguard.net.v4.addr }}.1/{{ wireguard.net.v4.range.serv }}, {{ wireguard.net.v6.addr }}:1/{{ wireguard.net.v6.range.serv }}
|
Address = {{ wireguard.net.v4.addr }}.1/{{ wireguard.net.v4.range.serv }}, {{ wireguard.net.v6.addr }}:1/{{ wireguard.net.v6.range.serv }}
|
||||||
PostUp = iptables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
PostUp = iptables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -A FORWARD -o {{ wireguard.interface }} -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -o {{ wireguard.interface }} -j ACCEPT; ip6tables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||||
PostDown = iptables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
PostDown = iptables -D FORWARD -o {{ wireguard.interface }} -j ACCEPT; iptables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -o {{ wireguard.interface }} -j ACCEPT; ip6tables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||||
ListenPort = {{ wireguard.port }}
|
ListenPort = {{ wireguard.port }}
|
||||||
PrivateKey = {{ vault_wireguard.privkey }}
|
PrivateKey = {{ vault_wireguard.privkey }}
|
||||||
|
|
||||||
|
|
Reference in New Issue