modprobe etun
-###
-### Avoid IP address collisions between NAT and virtual links.
-### Virtual links have addresses 10.A.B.[23], where A < B always.
-### So make sure that A > B for NAT.
-###
-if [ $KEY > $NODEID ]; then
- BASE="10.$KEY.$NODEID"
-else
- BASE="10.$NODEID.$KEY"
-fi
+#
+# OpenVPN uses addresses in 10.<nodeid>/16 block. Avoid collisions with
+# this block. NAT interface is not advertised and so does not require
+# unique address throughout the topology. But the address of each slice's
+# NAT interface must be unique on a single node.
+#
+BASE="10.0.$KEY"
### Setup etun
ETUN0=nat$KEY
ETUN1=natx$KEY
echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif
-ifconfig $ETUN1 $BASE.1 up
+ifconfig $ETUN1 $BASE.1/24 up
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT