From b80c0b12fe42af660e564b08fb6246818b142036 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Tue, 8 Dec 2020 17:45:30 +0100
Subject: [PATCH] home.router: add c3voc vpn

---
 bundles/openvpn-client/items.py | 1 +
 nodes/home/router.py            | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/bundles/openvpn-client/items.py b/bundles/openvpn-client/items.py
index ebb3cac..686632e 100644
--- a/bundles/openvpn-client/items.py
+++ b/bundles/openvpn-client/items.py
@@ -17,5 +17,6 @@ for config in node.metadata.get('openvpn-client', {}).get('configs', set()):
     svc_systemd[f'openvpn-client@{config}'] = {
         'needs': {
             f'file:/etc/openvpn/client/{config}.conf',
+            'pkg_apt:openvpn',
         },
     }
diff --git a/nodes/home/router.py b/nodes/home/router.py
index 564050e..e2706f1 100644
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@@ -7,6 +7,7 @@ nodes['home.router'] = {
         'iptables',
         'netdata',
         'nginx',
+        'openvpn-client',
         'pppd',
         'radvd',
         'vnstat',
@@ -71,6 +72,9 @@ nodes['home.router'] = {
                 # External port 2022 should be home.nas
                 'iptables -t nat -A PREROUTING -p tcp --dport 2022 -j DNAT --to 172.19.138.20:22',
                 'iptables -A FORWARD -p tcp -d 172.19.138.20 --dport 22 -j ACCEPT',
+
+                # use MASQUERADE for tun0 (c3voc)
+                'iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE',
             ],
         },
         'nameservers': atomic({
@@ -87,6 +91,11 @@ nodes['home.router'] = {
                 'enp1s0.42',
             },
         },
+        'openvpn-client': {
+            'configs': {
+                'c3voc',
+            },
+        },
         'radvd': {
             'integrate-with-pppd': True,
             'interfaces': {