(no commit message)

diff --git a/posts/2021-11-14-home-vpn-downloader.mdwn b/posts/2021-11-14-home-vpn-downloader.mdwn
index a06300ad702dfc63dcb5b4b2de291ddc4b82e385..0c770d784a3af2b993887478b27c32c269e77a38 100644 (file)
--- a/posts/2021-11-14-home-vpn-downloader.mdwn
+++ b/posts/2021-11-14-home-vpn-downloader.mdwn
@@ -460,6 +460,17 @@ $ chmod +x /etc/openvpn/protonvpn/ch-test
 
 $ ln -s /etc/openvpn/protonvpn/ch/ch.ovpn /etc/openvpn/protonvpn-ch.conf
 
+$ vim /etc/systemd/system/openvpn\@protonvpn-ch.service.d/override.conf
+[Unit]
+BindsTo = netns@protonvpn-ch.service
+JoinsNamespaceOf = netns@protonvpn-ch.service
+After = netns-ctl@protonvpn-ch.service
+
+[Service]
+PrivateNetwork = true
+BindPaths=/etc/netns/protonvpn-ch/resolv.conf:/etc/resolv.conf
+BindPaths=/etc/netns/protonvpn-ch/resolv.conf.vpn:/etc/resolv.conf.vpn
+
 TODO: Upstream "foreign" mode for netns-ctl
 
 $  systemctl enable --now netns@main netns-ctl@main
@@ -544,4 +555,19 @@ journalctl --follow -u openvpn@protonvpn-ch
 
 $ chmod +x /root/newpvpnch.sh
 
+$ systemctl enable --now dnsmasq-netns@vm-down.service
+$ systemctl enable --now dnsmasq-netns@protonvpn-ch.service
+
+TODO: persist firewall masquerade for outgoing traffic for the vpn connection
+
+$ iptables -t nat -I POSTROUTING -s 10.33.0.2 -o br0 -j MASQUERADE
+
+TODO: create firewall rules on all NS to limit traffic between main and protonvpn-ch/vm-down
+
+
 $ /root/new/pvpnch.sh
+
+Wait until VPN is connected(if it does not connect, debug) and then this should work:
+
+ip netns exec vm-down ping google.de
+ip netns exec vm-down curl ipinfo.io