diff --git a/tasks/config.yml b/tasks/config.yml
index 5d0c92a..627dbde 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -1,6 +1,22 @@
 ---
 # config-specific task file for strongswan
 
+- name: Disable icmp redirects in all interfaces
+  sysctl:
+    name: net.ipv4.conf.all.send_redirects
+    value: 0
+    sysctl_set: yes
+    state: present
+    reload: yes
+
+- name: Disable icmp redirects as a default configration
+  sysctl:
+    name: net.ipv4.conf.default.send_redirects
+    value: 0
+    sysctl_set: yes
+    state: present
+    reload: yes
+
 - name: Copy script available for nat connections
   copy: src=_updown_nat dest=/usr/lib/ipsec/ mode=0755
   notify: