diff --git a/inventories/chaosknoten/host_vars/router.yaml b/inventories/chaosknoten/host_vars/router.yaml
index 5e9c832..adbc8d9 100644
--- a/inventories/chaosknoten/host_vars/router.yaml
+++ b/inventories/chaosknoten/host_vars/router.yaml
@@ -1,4 +1,5 @@
 systemd_networkd__config_dir: 'resources/chaosknoten/router/systemd_networkd/'
+systemd_networkd__global_config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/systemd_networkd_global_config.conf') }}"
 nftables__config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/nftables/nftables.conf') }}"
 ansible_pull__timer_on_calendar: "*-*-* 04:00:00 Europe/Berlin"
 ansible_pull__timer_randomized_delay_sec: 0min
diff --git a/resources/chaosknoten/router/systemd_networkd/20-net1.network b/resources/chaosknoten/router/systemd_networkd/20-net1.network
index c8bffc1..5c14d8d 100644
--- a/resources/chaosknoten/router/systemd_networkd/20-net1.network
+++ b/resources/chaosknoten/router/systemd_networkd/20-net1.network
@@ -3,7 +3,6 @@ Name=net1
 
 [Network]
 DNS=212.12.50.158
-IPForward=ipv4
 IPv6AcceptRA=no
 
 [Address]
@@ -11,4 +10,3 @@ Address=212.12.48.123/24
 
 [Route]
 Gateway=212.12.48.55
-
diff --git a/resources/chaosknoten/router/systemd_networkd/20-net2.network b/resources/chaosknoten/router/systemd_networkd/20-net2.network
index b3f497d..39d1f03 100644
--- a/resources/chaosknoten/router/systemd_networkd/20-net2.network
+++ b/resources/chaosknoten/router/systemd_networkd/20-net2.network
@@ -3,7 +3,6 @@ Name=net2
 
 [Network]
 #DNS=212.12.50.158
-IPForward=ipv6
 IPv6AcceptRA=no
 
 [Address]
@@ -11,4 +10,3 @@ Address=2a00:14b0:4200:3500::130:2/112
 
 [Route]
 Gateway=2a00:14b0:4200:3500::130:1
-
diff --git a/resources/chaosknoten/router/systemd_networkd_global_config.conf b/resources/chaosknoten/router/systemd_networkd_global_config.conf
new file mode 100644
index 0000000..2d3d8a3
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd_global_config.conf
@@ -0,0 +1,3 @@
+[Network]
+IPv4Forwarding=true
+IPv6Forwarding=true
diff --git a/roles/systemd_networkd/README.md b/roles/systemd_networkd/README.md
index 3297c47..ac7f115 100644
--- a/roles/systemd_networkd/README.md
+++ b/roles/systemd_networkd/README.md
@@ -9,3 +9,8 @@ Should work on Debian-based distributions.
 ## Required Arguments
 
 - `systemd_networkd__config_dir`: Directory with systemd-networkd configs to deploy.
+
+## Optional Arguments
+
+- `systemd_networkd__global_config`: systemd-networkd global configuration to deploy (see `man 5 networkd.conf`).  
+  Defaults to `` (the empty string);
diff --git a/roles/systemd_networkd/defaults/main.yaml b/roles/systemd_networkd/defaults/main.yaml
new file mode 100644
index 0000000..e84ed28
--- /dev/null
+++ b/roles/systemd_networkd/defaults/main.yaml
@@ -0,0 +1 @@
+systemd_networkd__global_config: ""
diff --git a/roles/systemd_networkd/tasks/main.yaml b/roles/systemd_networkd/tasks/main.yaml
index f88ed14..cc8f4d9 100644
--- a/roles/systemd_networkd/tasks/main.yaml
+++ b/roles/systemd_networkd/tasks/main.yaml
@@ -12,3 +12,21 @@
     recursive: true
     delete: true
   become: true
+
+- name: ensure global systemd-networkd config directory exists
+  ansible.builtin.file:
+    path: "/etc/systemd/networkd.conf.d"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+  become: true
+
+- name: ensure global systemd-networkd config is deployed
+  ansible.builtin.copy:
+    content: "{{ systemd_networkd__global_config }}"
+    dest: "/etc/systemd/networkd.conf.d/20-ansible.conf"
+    mode: "0644"
+    owner: root
+    group: root
+  become: true