From 59045bc4000a2c166b2f01f6872696f06acfa693 Mon Sep 17 00:00:00 2001 From: Julian Labus Date: Mon, 25 Mar 2019 10:13:01 +0100 Subject: [PATCH] Roles network-*: enable forwarding With newer versions of ifupdown2 it is necessary to enable IPv4/6 forwarding explicitly on required interfaces. --- roles/network-ffrl/templates/ffrl.j2 | 2 ++ roles/network-meshbridge/templates/bridge.j2 | 4 ++++ roles/wireguard/templates/wireguard.j2 | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/roles/network-ffrl/templates/ffrl.j2 b/roles/network-ffrl/templates/ffrl.j2 index f8323c3..ba8d4e7 100644 --- a/roles/network-ffrl/templates/ffrl.j2 +++ b/roles/network-ffrl/templates/ffrl.j2 @@ -10,6 +10,8 @@ iface {{ item.key }} inet tunnel ttl 64 mtu 1400 tunnel-physdev {{ ansible_default_ipv4.interface }} + ip-forward on + ip6-forward on address {{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('ip/prefix') }} address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('ip/prefix') }} diff --git a/roles/network-meshbridge/templates/bridge.j2 b/roles/network-meshbridge/templates/bridge.j2 index 2fd6f30..3ac23eb 100644 --- a/roles/network-meshbridge/templates/bridge.j2 +++ b/roles/network-meshbridge/templates/bridge.j2 @@ -17,3 +17,7 @@ iface {{ item.id }}br {% endfor %} {% endif %} bridge-ports {{ item.id }}bat +{% if server_type == 'gateway' %} + ip-forward on + ip6-forward on +{% endif %} diff --git a/roles/wireguard/templates/wireguard.j2 b/roles/wireguard/templates/wireguard.j2 index b978d66..c92e48e 100644 --- a/roles/wireguard/templates/wireguard.j2 +++ b/roles/wireguard/templates/wireguard.j2 @@ -5,6 +5,10 @@ auto wg-{{ network.remote[:11] }} iface wg-{{ network.remote[:11] }} mtu 1420 +{% if server_type == 'gateway' %} + ip-forward on + ip6-forward on +{% endif %} ipv6-addrgen off {% if magic < network.remote_magic %} address {{ network.ipv4 | ipaddr('ip/prefix') }}