From 1d041652f152370282b82345f7cdd066b26c8332 Mon Sep 17 00:00:00 2001
From: DoTheEvo <dotheevo@gmail.com>
Date: Sat, 15 Jan 2022 17:59:14 +0100
Subject: [PATCH] update

---
 wireguard/readme.md | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/wireguard/readme.md b/wireguard/readme.md
index 6e03534..a66b855 100644
--- a/wireguard/readme.md
+++ b/wireguard/readme.md
@@ -116,14 +116,31 @@ This configuration when run creates a new `wg0` network interface on the machine
   Two peers can not have the same IP.<br>
   In this case we want to define only single IP of the client as being accessible, allowed through.
 
+
+### ipv4 packet forwarding
+
+Without this you will be be able to connect,
+but your access will be only to the wireguard host.
+To have access to the entire network you need to enable packet forwarding.
+
+You can check current value `cat /proc/sys/net/ipv4/ip_forward`
+
+To permanently enable it create a file
+
+`/etc/sysctl.d/99-sysctl.conf`
+```bash
+net.ipv4.ip_forward=1
+```
+
+### NAT forwarding on the router
+
+Forward port 51820 to the machine running the wireguard server.
+
+
 ### Start and enable the service
 
 `sudo systemctl enable --now wg-quick@wg0`
 
-### Port forwarding
-
-Forward port 51820 to the machine running the wireguard server.
-
 # Configuration on clients
 
 `TESTER-1.conf`