From 5845ba125d20b3ef02e14e78f4831d9ee4e407cd Mon Sep 17 00:00:00 2001
From: Matt Birkholz <matt@birchwood-abbey.net>
Date: Thu, 18 Sep 2025 14:19:01 -0600
Subject: [PATCH] Front, Core /and/ Gate need to forward packets.

Punted OpenVPN and deleted too much.
---
 README.org                   | 21 +++++++++++++++++++++
 roles_t/core/tasks/main.yml  |  7 +++++++
 roles_t/front/tasks/main.yml |  7 +++++++
 roles_t/gate/tasks/main.yml  |  6 ++++++
 4 files changed, 41 insertions(+)

diff --git a/README.org b/README.org
index f74d242..0ceb818 100644
--- a/README.org
+++ b/README.org
@@ -2108,6 +2108,13 @@ The following tasks install WireGuardâ¢, configure it with
 #+CAPTION: [[file:roles_t/front/tasks/main.yml][=roles_t/front/tasks/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/front/tasks/main.yml
 
+- name: Enable IP forwarding.
+  become: yes
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+
 - name: Install WireGuardâ¢.
   become: yes
   apt: pkg=wireguard
@@ -3572,6 +3579,13 @@ The following tasks install WireGuardâ¢, configure it with
 #+CAPTION: [[file:roles_t/core/tasks/main.yml][=roles_t/core/tasks/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/core/tasks/main.yml
 
+- name: Enable IP forwarding.
+  become: yes
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+
 - name: Install WireGuardâ¢.
   become: yes
   apt: pkg=wireguard
@@ -5044,6 +5058,13 @@ The following tasks install WireGuardâ¢, configure it with
 #+CAPTION: [[file:roles_t/gate/tasks/main.yml][=roles_t/gate/tasks/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/gate/tasks/main.yml
 
+- name: Enable IP forwarding.
+  become: yes
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+
 - name: Install WireGuardâ¢.
   become: yes
   apt: pkg=wireguard
diff --git a/roles_t/core/tasks/main.yml b/roles_t/core/tasks/main.yml
index 74c4819..0251231 100644
--- a/roles_t/core/tasks/main.yml
+++ b/roles_t/core/tasks/main.yml
@@ -626,6 +626,13 @@
     name: webupdate
     user: monkey
 
+- name: Enable IP forwarding.
+  become: yes
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+
 - name: Install WireGuardâ¢.
   become: yes
   apt: pkg=wireguard
diff --git a/roles_t/front/tasks/main.yml b/roles_t/front/tasks/main.yml
index 58a52c8..61a3152 100644
--- a/roles_t/front/tasks/main.yml
+++ b/roles_t/front/tasks/main.yml
@@ -375,6 +375,13 @@
   when: members[item].status != 'current'
   tags: accounts
 
+- name: Enable IP forwarding.
+  become: yes
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+
 - name: Install WireGuardâ¢.
   become: yes
   apt: pkg=wireguard
diff --git a/roles_t/gate/tasks/main.yml b/roles_t/gate/tasks/main.yml
index d6510b8..31b3c0b 100644
--- a/roles_t/gate/tasks/main.yml
+++ b/roles_t/gate/tasks/main.yml
@@ -146,6 +146,12 @@
     service: isc-dhcp-server
     enabled: yes
 
+- name: Enable IP forwarding.
+  become: yes
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
 
 - name: Install WireGuardâ¢.
   become: yes
-- 
2.25.1