fix: make IPv4/IPv6 forwarding persistent in Mesh install commands

nikitacano · nikitacano · commit c4825873f7b7 · 2026-04-21T12:19:33.000+01:00
- Replace lsb_release with /etc/os-release for broader distro support
- Add quiet flags to apt-get for cleaner output
- Replace non-persistent sysctl -w with /etc/sysctl.d conf file
- Enable net.ipv4.ip_forward, net.ipv6.conf.all.forwarding, accept_ra=2
- Add migration section in tips for existing nodes set up before this change
diff --git a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-mesh/tips.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-mesh/tips.mdx
@@ -14,6 +14,22 @@ import { Tabs, TabItem } from "~/components";
 
 Operational guidance for managing Cloudflare Mesh deployments — updating the client, configuring cloud providers, running alongside Cloudflare Tunnel, and common troubleshooting.
 
+## Make IP forwarding persistent
+
+If your Mesh node was set up before April 2026, it may be using `sysctl -w` for IP forwarding, which does not persist across reboots. If your node loses route connectivity after a server restart, run the following to make forwarding permanent:
+
+```sh
+printf 'net.ipv4.ip_forward = 1\nnet.ipv6.conf.all.forwarding = 1\nnet.ipv6.conf.all.accept_ra = 2\n' | sudo tee /etc/sysctl.d/99-zzz-cloudflare-warp-connector.conf && sudo sysctl --system
+```
+
+You can verify the settings are active with:
+
+```sh
+sysctl net.ipv4.ip_forward net.ipv6.conf.all.forwarding net.ipv6.conf.all.accept_ra
+```
+
+New installations include this step automatically.
+
 ## Update a Mesh node
 
 Updating a Mesh node means updating the `cloudflare-warp` package on the Linux host. The node briefly disconnects during the update, which interrupts traffic routed through it. If you have [high availability](/cloudflare-one/networks/connectors/cloudflare-mesh/high-availability/) enabled, traffic fails over to a standby replica automatically.
diff --git a/src/content/partials/cloudflare-one/mesh/install-node.mdx b/src/content/partials/cloudflare-one/mesh/install-node.mdx
@@ -9,9 +9,10 @@ import { Tabs, TabItem } from "~/components";
 
 ```sh
 curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor -o /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg &&
-echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list &&
-sudo apt-get update && sudo apt-get install -y cloudflare-warp &&
-sudo sysctl -w net.ipv4.ip_forward=1
+echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(. /etc/os-release && echo $VERSION_CODENAME) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list &&
+sudo apt-get update -qq && sudo apt-get install -y -qq cloudflare-warp &&
+printf 'net.ipv4.ip_forward = 1\nnet.ipv6.conf.all.forwarding = 1\nnet.ipv6.conf.all.accept_ra = 2\n' | sudo tee /etc/sysctl.d/99-zzz-cloudflare-warp-connector.conf &&
+sudo sysctl --system
 ```
 
 ```sh
@@ -24,7 +25,8 @@ sudo warp-cli connector new <TOKEN> && sudo warp-cli connect
 ```sh
 sudo rpm -ivh https://pkg.cloudflareclient.com/cloudflare-release-el8.rpm &&
 sudo yum install -y cloudflare-warp &&
-sudo sysctl -w net.ipv4.ip_forward=1
+printf 'net.ipv4.ip_forward = 1\nnet.ipv6.conf.all.forwarding = 1\nnet.ipv6.conf.all.accept_ra = 2\n' | sudo tee /etc/sysctl.d/99-zzz-cloudflare-warp-connector.conf &&
+sudo sysctl --system
 ```
 
 ```sh
