diff --git a/roles/ocserv/files/ocserv.nft b/roles/ocserv/files/ocserv.nft
index 5879f16..2c0ed18 100644
--- a/roles/ocserv/files/ocserv.nft
+++ b/roles/ocserv/files/ocserv.nft
@@ -8,7 +8,7 @@ table inet ocserv {
 
 table ip ocserv {
     chain postrouting {
-        type nat hook postrouting priority srcnat; policy drop;
+        type nat hook postrouting priority srcnat; policy accept;
         meta mark 0x100 masquerade
     }
 }