#!/bin/bash

#
# Variables
#
# Adjust these to match your BuyVM VPS & Backend IP's!
#

BUYVM_UNPROTECTED_IP="1.2.3.4"
BUYVM_PROTECTED_IP="5.6.7.8"

BACKEND_IP="2.3.4.5"

#
# DO NOT CHANGE ANYTHING PAST THIS POINT
#

GATEWAY_IP=$(ip route show default 0.0.0.0/0 | awk '{print $3}')

# bring up our GRE to our BuyVM VPS

iptunnel add gre1 mode gre local $BACKEND_IP remote $BUYVM_UNPROTECTED_IP ttl 255
ip link set gre1 up

# add our IP addresses
# NOTE: the 192.168.168.2 IP is only used for transporting packets to/from BuyVM, nothing more

ip addr add 192.168.168.2/30 dev gre1
ip addr add $BUYVM_PROTECTED_IP/32 dev gre1

ip rule add from $BUYVM_PROTECTED_IP lookup BUYVM
ip route add default via 192.168.168.1 table BUYVM

# this is needed since we have multiple IP's on the GRE interface

iptables -o gre1 -t nat -I POSTROUTING -j SNAT --to-source $BUYVM_PROTECTED_IP

# handle our resolvers
# NOTE: this is sloppy and makes Poettering spin in his grave

echo 'nameserver 4.2.2.1' > /etc/resolv.conf
echo 'nameserver 4.2.2.2' >> /etc/resolv.conf

# finally cut over our routing
# NOTE: this will cut all access to your BACKEND IP!

ip route add $BUYVM_UNPROTECTED_IP via $GATEWAY_IP
ip route replace default via 192.168.168.1