From d97b0f5712918d8584cd2d2d6e99f8605711ec2e Mon Sep 17 00:00:00 2001
From: Massaki Archambault <marchambault@badjware.dev>
Date: Thu, 11 Jul 2024 19:46:02 -0400
Subject: [PATCH] fix wireguard nat interface

---
 roles/wireguard/templates/wg0.conf | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/roles/wireguard/templates/wg0.conf b/roles/wireguard/templates/wg0.conf
index 999d2eb..b5c1709 100644
--- a/roles/wireguard/templates/wg0.conf
+++ b/roles/wireguard/templates/wg0.conf
@@ -2,10 +2,8 @@
 # This is the virtual IP address, with the subnet mask we will use for the VPN. Note that this must not be on our LAN subnet and should be an uncommon subnet to avoid address conflicts
 Address = {{ wireguard.address }}
 ListenPort = {{ wireguard.port }}
-PostUp = iptables -w -t nat -A POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
-PostDown = iptables -w -t nat -D POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE; ip6tables -w -t nat -D POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
-#PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
-#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
+PostUp = iptables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
+PostDown = iptables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
 PrivateKey = {{ private_key.stdout }}
 
 {% for peer in wireguard.peers %}