#!/bin/sh +x

IP=/sbin/ip

SLICE=$1
SLICEID=`id -u $SLICE`
NODEID=$2
KEY=$3

modprobe etun

#
# OpenVPN uses addresses in 10.<nodeid>/16 block.  Avoid collisions with
# this block.  NAT interface is not advertised and so does not require
# unique address throughout the topology.  But the address of each slice's
# NAT interface must be unique on a single node.
#
BASE="10.0.$KEY"
EXTIP=$BASE.1
EXTNET=$EXTIP/24
INTIP=$BASE.2
INTNET=$INTIP/24
BASENET=$BASE.0/24

### Setup etun
ETUN0=nat$KEY
ETUN1=natx$KEY
ip link add name $ETUN0 type veth peer name $ETUN1
ifconfig $ETUN1 $EXTNET up

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT

### Put a process in the vserver so we can move the interface there
su $SLICE -c "sleep 30 &"
PID=`su $SLICE -c "pgrep -n sleep"`
$IP link set $ETUN0 netns $PID
naddress --add --nid $SLICEID --ip $INTNET
sleep 1

su $SLICE -c "sudo /sbin/ifconfig $ETUN0 $INTNET up; \
 sudo /sbin/route add -net $BASENET $ETUN0; \
 sudo /sbin/route add default gw $EXTIP; \
 sudo /sbin/ifconfig lo 127.0.0.1/8 up"