diff --git a/omnibus/cookbooks/firezone/metadata.rb b/omnibus/cookbooks/firezone/metadata.rb
index cb8baa210..700c18724 100644
--- a/omnibus/cookbooks/firezone/metadata.rb
+++ b/omnibus/cookbooks/firezone/metadata.rb
@@ -8,6 +8,7 @@ chef_version '>= 16.0'
 
 depends 'enterprise'
 depends 'runit'
+depends 'line'
 
 # The `issues_url` points to the location where issues for this cookbook are
 # tracked.  A `View Issues` link will be displayed on this cookbook's page when
diff --git a/omnibus/cookbooks/firezone/recipes/network.rb b/omnibus/cookbooks/firezone/recipes/network.rb
index 342dc77bc..ee21079bb 100644
--- a/omnibus/cookbooks/firezone/recipes/network.rb
+++ b/omnibus/cookbooks/firezone/recipes/network.rb
@@ -12,6 +12,7 @@
 # have a configuration file.
 
 include_recipe 'firezone::config'
+include_recipe 'line::default'
 
 require 'mixlib/shellout'
 
@@ -66,3 +67,17 @@ route '10.3.2.0/24' do
   # XXX: Make this configurable
   device wg_interface
 end
+
+replace_or_add "IPv4 packet forwarding" do
+  path "/etc/sysctl.conf"
+  pattern "^#net.ipv4.ip_forward=1"
+  line "net.ipv4.ip_forward=1"
+end
+
+replace_or_add "IPv6 packet forwarding" do
+  path "/etc/sysctl.conf"
+  pattern "^#net.ipv6.conf.all.forwarding=1"
+  line "net.ipv6.conf.all.forwarding=1"
+end
+
+execute "sysctl -p /etc/sysctl.conf"