From 292ddbb7e75e35215dd94b542295073cfd49284d Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Mon, 11 Aug 2025 12:26:55 +0200
Subject: [PATCH] ocserv: fix firewall config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Oops, let’s not drop everything but VPN packets in postrouting.
---
 roles/ocserv/files/ocserv.nft | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/ocserv/files/ocserv.nft b/roles/ocserv/files/ocserv.nft
index 5879f16..2c0ed18 100644
--- a/roles/ocserv/files/ocserv.nft
+++ b/roles/ocserv/files/ocserv.nft
@@ -8,7 +8,7 @@ table inet ocserv {
 
 table ip ocserv {
     chain postrouting {
-        type nat hook postrouting priority srcnat; policy drop;
+        type nat hook postrouting priority srcnat; policy accept;
         meta mark 0x100 masquerade
     }
 }