diff --git a/config/roles/openvpn/tasks/openvpn.yml b/config/roles/openvpn/tasks/openvpn.yml
index 72856979c4b24af78f2b309d96e97d7a0a610f50..41e70aa3412ff87388a00732eef27cbc8bc5df1e 100644
--- a/config/roles/openvpn/tasks/openvpn.yml
+++ b/config/roles/openvpn/tasks/openvpn.yml
@@ -19,7 +19,7 @@
 
 # Set ip forwarding necessary for openvpn ipv6
 - sysctl:
-    name: net.ipv6.ip_forward
+    name: net.ipv6.conf.all.forwarding
     value: '1'
     sysctl_set: yes
 
diff --git a/config/roles/openvpn/templates/tcp.conf.j2 b/config/roles/openvpn/templates/tcp.conf.j2
index c63d23720463d3d6dd3988151efe781889f83348..363bd3e9a1b16f6a09a892252273815e513018a4 100644
--- a/config/roles/openvpn/templates/tcp.conf.j2
+++ b/config/roles/openvpn/templates/tcp.conf.j2
@@ -13,19 +13,19 @@ keepalive 10 30
 mute-replay-warnings
 mute 5
 push "redirect-gateway def1 ipv6"
-push "dhcp-option DNS {{ openvpn_network | ipaddr('1') | ipaddr('address') }}"
+push "dhcp-option DNS {{ openvpn_network | ipv4('1') | ipv4('address') }}"
 {% if openvpn_network6 is defined and openvpn_network6|length %}
 proto tcp6
 server-ipv6 {{ openvpn_network6 }}
 push "route-ipv6 2000::/3"
-push "dhcp-option DNS {{ openvpn_network6 }}"
+push "dhcp-option DNS {{ openvpn_network6 | ipv6('1') | ipv6('address') }}"
 {% else %}
 proto tcp
 push "ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1"
 block-ipv6
 {% endif %}
 push "block-outside-dns"
-server {{ openvpn_network | ipaddr('network') }} {{ openvpn_network | ipaddr('netmask') }}
+server {{ openvpn_network | ipv4('network') }} {{ openvpn_network | ipv4('netmask') }}
 status /tmp/openvpn-status-tcp 10
 status-version 3
 tcp-nodelay
diff --git a/group_vars/all/openvpn_config.yml b/group_vars/all/openvpn_config.yml
index 34e0b56a753321059cca0e53a6cd0b11ecae4d23..fce85c1be12cf70390e0707c4b8a8c4bab42428e 100644
--- a/group_vars/all/openvpn_config.yml
+++ b/group_vars/all/openvpn_config.yml
@@ -14,6 +14,13 @@ openvpn_config:
   'key-direction': '1'
   'verb': '3'
 
+# You can leave this rfc1918 ip block as it is
 openvpn_network: "10.41.0.0/21"
-openvpn_network6: "2001:db8:123::/64"
+
+# If you have ipv6, then uncomment the following and change the value to a valid
+# ipv6 netblock. ipv6 NAT is *not* supported because NAT is a work-around for
+# not having enough IPs to be used in a LAN, in ipv6 this is not needed. It is
+# also much more simple, less trouble and less things to take care of including
+# not having to waste resources/performance on NAT
+# openvpn_network6: "2001:db8:123::/64"