Added role native-wireguard-behind-firewall

2025-08-29 15:06:26 +02:00 · 2021-01-11 18:51:44 +01:00
parent e865e54777
commit a273f6752f
6 changed files with 22 additions and 3 deletions
--- a/roles/native-wireguard/README.md
+++ b/roles/native-wireguard/README.md
@@ -6,5 +6,5 @@ Manages wireguard natively on host. More information are available in the [Arch
 wg genkey | tee peer_A.key | wg pubkey > peer_A.pub
 ``

-# chown root:systemd-network /etc/systemd/network/99-*.netdev
-# chmod 0640 /etc/systemd/network/99-*.netdev
+chown root:systemd-network /etc/systemd/network/99-*.netdev
+chmod 0640 /etc/systemd/network/99-*.netdev
--- a/roles/native-wireguard/tasks/main.yml
+++ b/roles/native-wireguard/tasks/main.yml
@@ -8,3 +8,9 @@
    owner: root
    group: root
  notify: restart wireguard
+
+- name: enable ipv4-forwarding
+  shell: sysctl net.ipv4.ip_forward=1
+
+- name: enable ipv6-forwarding
+  shell: sysctl net.ipv6.conf.all.forwarding=1