+vc() {
+ [[ $1 ]] || { e "$0: error, expected cmd to run"; return 1; }
+ # manually run vpn so it stays within a network namespace,
+ # until I get it all wired up with systemd.
+ newns vpn start
+ pid=$(< /run/openvpn/client.pid)
+ if [[ ! $pid ]]; then
+ s ip netns exec vpn /usr/sbin/openvpn --daemon ovpn --config /etc/openvpn/client.conf --cd /etc/openvpn --writepid /run/openvpn/client.pid
+ elif [[ ! -e /proc/$pid ]]; then
+ echo "$0: ERROR: pidfile pid $pid is not a process!!!"
+ return 1
+ fi
+ gksudo -- ip netns exec vpn gksudo -u ${SUDO_USER:-$USER} "$@"
+}
+
+transmission() {
+ vc transmission-gtk&
+ i=0
+ while ((i < 10)); do
+ tun_ip=$(s ip netns exec vpn ip a show dev tun0 | sed -rn 's/^ *inet (10\.8\.\S+).*/\1/p')
+ [[ ! $tun_ip ]] || break
+ sleep 1
+ done
+ echo "$0: tun_ip=$tun_ip"
+ [[ $tun_ip ]] || { e "$0: error: no tun0 addr found"; return 1; }
+ ssh dopub bash <<EOF
+rule="-A PREROUTING -i eth0 -p tcp -m tcp --dport 63324 -j DNAT --to-destination $tun_ip:63324"
+found=false
+while read -r line; do
+ if [[ \$line == \$rule ]] && ! \$found; then
+ found=true
+ else
+ iptables -t nat -D \${line#-A}
+ fi
+done < <(iptables -t nat -S | grep -E -- '--dport\s+63324')
+\$found || iptables -t nat \$rule
+EOF
+}
+