diff --git a/roles/common/tasks/ubuntu.yml b/roles/common/tasks/ubuntu.yml
index 9f59e33e..c2a73f3e 100644
--- a/roles/common/tasks/ubuntu.yml
+++ b/roles/common/tasks/ubuntu.yml
@@ -136,6 +136,8 @@
         value: 1
       - item: "{{ 'net.ipv6.conf.all.forwarding' if ipv6_support else none }}"
         value: 1
+      - item: net.ipv4.conf.all.route_localnet
+        value: 1
 
 - name: Install packages (batch optimization)
   include_tasks: packages.yml
diff --git a/roles/strongswan/tasks/ubuntu.yml b/roles/strongswan/tasks/ubuntu.yml
index e23d138b..92601905 100644
--- a/roles/strongswan/tasks/ubuntu.yml
+++ b/roles/strongswan/tasks/ubuntu.yml
@@ -9,16 +9,6 @@
     state: present
     persistent: present
 
-- name: Ubuntu | Enable route_localnet for IPsec traffic on main interface
-  sysctl:
-    name: "net.ipv4.conf.{{ ansible_default_ipv4['interface'] }}.route_localnet"
-    value: 1
-    sysctl_set: true
-    state: present
-    reload: true
-  when: ipsec_enabled
-  tags: always
-
 - name: Ubuntu | Install strongSwan (individual)
   apt:
     name: strongswan
diff --git a/roles/wireguard/tasks/ubuntu.yml b/roles/wireguard/tasks/ubuntu.yml
index 06829042..4051d1e9 100644
--- a/roles/wireguard/tasks/ubuntu.yml
+++ b/roles/wireguard/tasks/ubuntu.yml
@@ -52,12 +52,3 @@
   notify:
     - daemon-reload
     - restart wireguard
-
-- name: Ubuntu | Enable route_localnet for WireGuard interface
-  sysctl:
-    name: "net.ipv4.conf.{{ wireguard_interface }}.route_localnet"
-    value: 1
-    sysctl_set: true
-    state: present
-    reload: true
-  tags: always