From 6d80d7257e3c2bde37dbaac88b9fe689d01f31ab Mon Sep 17 00:00:00 2001 From: Nis Wechselberg Date: Sat, 21 Jun 2025 23:49:37 +0200 Subject: [PATCH] Added masquerading iptables rule Signed-off-by: Nis Wechselberg --- roles/server/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index 528928e..2b6eb99 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -100,3 +100,13 @@ value: '{{ item.value }}' loop: '{{ server_openvpn_sysctl_settings | dict2items }}' notify: 'Restart openvpn server' + +- name: 'Configure masquerading on firewall for the vpn traffic to the internet' + become: true + ansible.builtin.iptables: + chain: 'POSTROUTING' + comment: 'Enable masquerading from the vpn network' + out_interface: '{{ server_openvpn_nat_interface }}' + source: '{{ server_openvpn_ipv4_pool }}/24' + table: 'nat' + jump: 'MASQUERADE'