harmonize vpn, lan, and transmission ips

[distro-setup] / machine_specific / kd / filesystem / etc / systemd / system / openvpn-client-tr@.service

diff --git a/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/kd/filesystem/etc/systemd/system/openvpn-client-tr@.service
similarity index 81%
rename from filesystem/etc/systemd/system/openvpn-client-tr@.service
rename to machine_specific/kd/filesystem/etc/systemd/system/openvpn-client-tr@.service
index db6e7eb5c9bb03154ea0630fa30638da1b2c1456..4e488e22286e850c1edcb8f30b49b831447e570c 100644 (file)
--- a/filesystem/etc/systemd/system/openvpn-client-tr@.service
+++ b/machine_specific/kd/filesystem/etc/systemd/system/openvpn-client-tr@.service
@@ -1,7 +1,6 @@
 [Unit]
 Description=OpenVPN tunnel for %I
-After=syslog.target network-online.target vpn-static-ip@%i.service
-Requires=vpn-static-ip@%i.service
+After=syslog.target network-online.target
 Wants=network-online.target
 Documentation=man:openvpn(8)
 Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
@@ -22,10 +21,13 @@ LimitNPROC=10
 # DeviceAllow=/dev/null rw
 # DeviceAllow=/dev/net/tun rw
 
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.173.0 start %i
+# we use .1 to make this be on a different network than kd, so that we can
+# talk to transmission on kd from remote host, and still use this
+# vpn.
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.2 start %i
 ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
 # allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.173.0.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.2.1 dev veth1-client
 ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
 PrivateNetwork=true
 BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind