2 files changed, 13 insertions, 6 deletions

diff --git a/roles/network/wireguard/gateway/tasks/main.yml b/roles/network/wireguard/gateway/tasks/main.yml
index 0234fc6c..9386dfd2 100644
--- a/roles/network/wireguard/gateway/tasks/main.yml
+++ b/roles/network/wireguard/gateway/tasks/main.yml
@@ -37,20 +37,27 @@
   notify: reload nftables
 
 
+- name: get original default route
+  check_mode: no
+  command: "ip route show exact 0.0.0.0/0"
+  register: wireguard_gateway_original_defaultgw
+  changed_when: no
+
+- set_fact:
+    wireguard_gateway_original_defaultgw: "{{ wireguard_gateway_original_defaultgw.stdout | regex_replace('.* via ([^ ]*).*$', '\\1') }}"
+
 - name: install workaround for default-gateway handling
-  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
+  loop: "{{ wireguard_gateway_tunnels | dict2items | selectattr('value.default_gateway', 'defined') }}"
   loop_control:
     label: "{{ item.key }}"
-  when: "'default_gateway' in item.value"
   template:
     src: systemd-fix-default-gw.service.j2
     dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-fix-default-gw.service"
 
 - name: enable/start workaround for default-gateway handling
-  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
+  loop: "{{ wireguard_gateway_tunnels | dict2items | selectattr('value.default_gateway', 'defined') }}"
   loop_control:
     label: "{{ item.key }}"
-  when: "'default_gateway' in item.value"
   systemd:
     daemon_reload: yes
     name: "wireguard-gateway-{{ item.key }}-fix-default-gw.service"
diff --git a/roles/network/wireguard/gateway/templates/systemd-fix-default-gw.service.j2 b/roles/network/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
index d2d8a470..8228da3e 100644
--- a/roles/network/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
+++ b/roles/network/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
@@ -4,8 +4,8 @@ After=network-online.target
 
 [Service]
 Type=oneshot
-ExecStart=/sbin/ip route add {{ item.value.default_gateway.outer }} via {{ ansible_default_ipv4.gateway }}
-ExecStop=/sbin/ip route del {{ item.value.default_gateway.outer }} via {{ ansible_default_ipv4.gateway }}
+ExecStart=/sbin/ip route add {{ item.value.default_gateway.outer }} via {{ wireguard_gateway_original_defaultgw }}
+ExecStop=/sbin/ip route del {{ item.value.default_gateway.outer }} via {{ wireguard_gateway_original_defaultgw }}
 RemainAfterExit=yes
 
 [Install]