Skip to content

Commit 315898f

Browse files
dguidoclaude
dguido
and
claude
authored
Fix Ubuntu 22.04 compatibility issues (#14824)
This commit addresses two critical issues preventing Algo from working on Ubuntu 22.04: 1. Load af_key kernel module for StrongSwan - Ubuntu 22.04 minimal installs don't load af_key by default - Without this module, StrongSwan fails with namespace errors - Added modprobe task to ensure module is loaded persistently 2. Force iptables-legacy mode on Ubuntu 22.04+ - Ubuntu 22.04 uses iptables-nft backend by default - This causes firewall rules to be reordered incorrectly - VPN traffic gets blocked by misplaced DROP rules - Switching to iptables-legacy ensures correct rule ordering These changes restore full VPN functionality (both WireGuard and IPsec) on Ubuntu 22.04 installations. Closes #14820 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <[email protected]>
1 parent b821080 commit 315898f

File tree

2 files changed

+33
-0
lines changed

2 files changed

+33
-0
lines changed

roles/common/tasks/ubuntu.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,5 +161,31 @@
161161
include_tasks: aip/main.yml
162162
when: alternative_ingress_ip
163163

164+
- name: Ubuntu 22.04+ | Use iptables-legacy for compatibility
165+
block:
166+
- name: Install iptables packages
167+
apt:
168+
name:
169+
- iptables
170+
- iptables-persistent
171+
state: present
172+
update_cache: true
173+
174+
- name: Configure iptables-legacy as default
175+
alternatives:
176+
name: "{{ item }}"
177+
path: "/usr/sbin/{{ item }}-legacy"
178+
with_items:
179+
- iptables
180+
- ip6tables
181+
- iptables-save
182+
- iptables-restore
183+
- ip6tables-save
184+
- ip6tables-restore
185+
when:
186+
- ansible_distribution == "Ubuntu"
187+
- ansible_distribution_version is version('22.04', '>=')
188+
tags: iptables
189+
164190
- include_tasks: iptables.yml
165191
tags: iptables

roles/strongswan/tasks/ubuntu.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,13 @@
22
- name: Set OS specific facts
33
set_fact:
44
strongswan_additional_plugins: []
5+
6+
- name: Ubuntu | Ensure af_key kernel module is loaded
7+
modprobe:
8+
name: af_key
9+
state: present
10+
persistent: present
11+
512
- name: Ubuntu | Install strongSwan (individual)
613
apt:
714
name: strongswan

0 commit comments

Comments
 (0)