sysctl need net.ipv4.ip_forward=1 for wireguard masquerade? to work

author: Xiao Pan <gky44px1999@gmail.com> 2023-12-01 02:54:38 +0000
committer: Xiao Pan <gky44px1999@gmail.com> 2023-12-01 02:54:38 +0000
commit: 0f0f6e4c142ef4ca7243d864da2097040236213b (patch)
tree: c6d9dfbf427ea6b9362a39a038df2522a496f88e /etc/sysctl.d
parent: b5a5ecea6d03d3d651375ec8f4f7c0a69aa6ea0d (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/sysctl.d/99-sysctl.conf b/etc/sysctl.d/99-sysctl.conf
index 4234b543..0f8abbfd 100644
--- a/etc/sysctl.d/99-sysctl.conf
+++ b/etc/sysctl.d/99-sysctl.conf
@@ -1 +1,6 @@
+# at least `net.ipv4.ip_forward = 1` is needed for wireguard masquerade? to work
+# ka seems has this as default, maybe arch linux cloud-init image has this as default?
+# https://forums.rockylinux.org/t/wireguard-masquerade-wont-work/7752
+# https://wiki.archlinux.org/title/Nftables#NAT_with_port_forwarding
 net.ipv4.ip_forward = 1
+net.ipv6.conf.all.forwarding = 1
author	Xiao Pan <gky44px1999@gmail.com>	2023-12-01 02:54:38 +0000
committer	Xiao Pan <gky44px1999@gmail.com>	2023-12-01 02:54:38 +0000
commit	0f0f6e4c142ef4ca7243d864da2097040236213b (patch)
tree	c6d9dfbf427ea6b9362a39a038df2522a496f88e /etc/sysctl.d
parent	b5a5ecea6d03d3d651375ec8f4f7c0a69aa6ea0d (diff)