#!/bin/sh

scriptname=$0
scriptname=${scriptname##*/}
prefix=${scriptname%%_conf}

CHROOT=/var/tmp/openvpn
CCD_REL=clients_$prefix
CCD=$CHROOT/$CCD_REL

. /mod/etc/conf/openvpn.cfg

uebergabe=""

wert (){
IFS=$2
local number=$3
local c=0
uebergabe=""
for inhalt in $1; do
	if [ "$c" -eq "$number" ]; then uebergabe=$inhalt; fi
	let c++
done
unset IFS
}

delimiter="#"
vars="DEBUG DEBUG_TIME LOCAL MODE REMOTE PORT PROTO IPV6 TYPE BOX_IP BOX_MASK REMOTE_IP DHCP_RANGE LOCAL_NET REMOTE_NET DHCP_CLIENT MTU AUTH_TYPE CIPHER TLS_AUTH FLOAT KEEPALIVE KEEPALIVE_PING KEEPALIVE_TIMEOUT COMPLZO MAXCLIENTS CLIENT2CLIENT PUSH_DOMAIN PUSH_DNS PUSH_WINS REDIRECT VERBOSE SHAPER PULL LOGFILE MGMNT CLIENTS_DEFINED CLIENT_INFO CLIENT_IPS CLIENT_NAMES CLIENT_NETS CLIENT_MASKS CONFIG_NAMES UDP_FRAGMENT ADDITIONAL OWN_KEYS NO_CERTTYPE TAP2LAN PARAM_1 PARAM_2 PARAM_3"
count=1

while [ $count -le $OPENVPN_CONFIG_COUNT ]; do

for var in $vars; do
	tmp=$var
	configvar='OPENVPN_'
	eval configvar=\$$configvar$var
	IFS=''
	wert "$configvar" "$delimiter" "$count"
	eval $tmp=\$uebergabe
done

if [ "$TAP2LAN" = uselanip ]; then
	LANIPANDMASK="$(ifconfig lan | sed -n '/inet addr/ s/.*inet addr:\([0-9\.]*\) .*Mask:\([0-9\.]*\)/\1 \2/ p')"
	if [ "${LANIPANDMASK//[0-9]/}" != "... ..." ]; then 
		echo "No valid LAN-IP found. EXIT" >&2
		return
	fi
	BOX_IP=${LANIPANDMASK% *}
	BOX_MASK=${LANIPANDMASK#* }
fi

if [ "openvpn_$CONFIG_NAMES" = "$prefix" ] || [ "$prefix" = "openvpn" -a  $count -eq 1 ]; then

[ "${TYPE}_${CLIENT_INFO}_${AUTH_TYPE}" = "tun_yes_certs" ] && TUNSUBNET=true || TUNSUBNET=""

openvpn --version | head -n 2 | sed "s/\(.\{240\}\).*/\1... /g ; s/^/# /"
echo "#  Config date: $(date)"

[ "$IPV6" = yes ] && V6=6 || V6=""
if [ "$PROTO" = "tcp" ]; then
	echo "proto tcp${V6}-$MODE"
else
	echo "proto udp${V6}"
fi

if [ "$TYPE" = "tap" ]; then
	echo "dev tap$(( $count -1))"
	[ "$TAP2LAN" = yes ] && echo "#Helperline for rc.openvpn to add tap$(( $count -1)) to lan bridge"
	[ "$TAP2LAN" = uselanip ] && echo "#Helperline for rc.openvpn to add tap$(( $count -1)) to lan bridge and use LAN IP"
else
	echo "dev tun"
fi
DEV=$(find /dev -type c -name tun 2>/dev/null)
if [ "$DEV" ]; then
	[ "$DEV" = "/dev/net/tun" ] || echo "dev-node $DEV"
else
	echo -e "\n\tWarning: No tunnel device found." >&2
fi

if [ "$OWN_KEYS" != "" -a $count -gt 1 ]; then
	keypath="/tmp/flash/openvpn/${CONFIG_NAMES}_"
else
	keypath="/tmp/flash/openvpn/"
fi

if [ "$AUTH_TYPE" = "certs" ]; then
	echo "ca ${keypath}ca.crt"
	echo "cert ${keypath}box.crt"
	echo "key ${keypath}box.key"
	if [ "$MODE" = "server" ]; then
		echo "dh ${keypath}dh.pem"
		if [ -r "${keypath}crl.pem" ] && [ "$(sed 's/[ \t]*//g' ${keypath}crl.pem)" ]; then
			cp -f "${keypath}crl.pem" $CHROOT/etc
			echo "crl-verify /etc/${keypath##*openvpn/}crl.pem"
		else
			rm -f "$CHROOT/etc/${keypath##*openvpn/}crl.pem"
		fi
		echo "tls-server"
		[ "$TLS_AUTH" = "yes" ] && echo "tls-auth ${keypath}static.key 0"
	else
		echo "tls-client"
		[ "yes" != "$NO_CERTTYPE" ] && echo "ns-cert-type server"
		[ "$TLS_AUTH" = "yes" ] && echo "tls-auth ${keypath}static.key 1"
	fi
else
	echo "secret ${keypath}static.key"
fi


if [ "$MODE" = "server" ]; then
	[ "$LOCAL" ] && echo "local $LOCAL"
	echo "port $PORT"

	if [ "$TYPE" = "tap" ] || [ $TUNSUBNET ]; then
		[ "$TAP2LAN" != uselanip ] && echo "ifconfig $BOX_IP $BOX_MASK"
		echo "push \"route-gateway $BOX_IP\""
		[ $TUNSUBNET ] && echo -e 'topology subnet\npush "topology subnet"'
		[ "$LOCAL_NET" ] && echo "push \"route $LOCAL_NET\"" | sed 's/[[:space:]]*;[[:space:]]*/\"\npush \"route /g'
		[ "$REMOTE_NET" ] && echo  "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g'
		[ "$MAXCLIENTS" ] && echo "max-clients $MAXCLIENTS"
	else  # TUN and Point2Point
		echo "ifconfig $BOX_IP $REMOTE_IP"
		[ "$REMOTE_NET" ] && echo  "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g'
		[ "$LOCAL_NET" -a "$AUTH_TYPE" = "certs" ] && echo "push \"route $LOCAL_NET\"" | sed 's/[[:space:]]*;[[:space:]]*/\"\npush \"route /g'
	fi


	if [ "$AUTH_TYPE" = "certs" ]; then
		if [ "$DHCP_RANGE" ]; then
			echo "mode server"
			echo "ifconfig-pool $DHCP_RANGE"
			if [ "$CLIENT2CLIENT" = "yes" ]; then
				echo "push \"route ${DHCP_RANGE%.* *}.0 255.255.255.0\""
			else
				echo "push \"route $BOX_IP\""
			fi
			[ "$TYPE" = "tun" ] && [ ! $TUNSUBNET ] && echo "route ${DHCP_RANGE%.* *}.0 255.255.255.0"
		fi

		if [ "$CLIENT_INFO" = "yes" ]; then
			mkdir -p $CCD
			rm -f $CCD/*
			[ ! "$DHCP_RANGE" ] && echo "mode server"
			echo "client-config-dir $CCD_REL"
			client=1
			actcip=${CLIENT_IPS%%:*}
			restip=${CLIENT_IPS#*:}
			actcname=${CLIENT_NAMES%%:*}
			restname=${CLIENT_NAMES#*:}
			actcnet=${CLIENT_NETS%%:*}
			restnet=${CLIENT_NETS#*:}

			while [ $client -le "$CLIENTS_DEFINED" ]
			do
				eval C_IP$client=\$actcip
				eval C_NAME$client=\$actcname
				eval C_NET$client=\$actcnet
				actcip=${restip%%:*}
				restip=${restip#*:}
				actcname=${restname%%:*}
				restname=${restname#*:}
				actcnet=${restnet%%:*}
				restnet=${restnet#*:}
				let client++
			done

			client=1

			while [ $client -le "$CLIENTS_DEFINED" ]
			do
				eval net=\$C_NET$client
				eval name=\$C_NAME$client
				eval ip=\$C_IP$client
				echo "ifconfig-push $ip $BOX_MASK"  > "$CCD/$name"
				if [ "$net" != "-" ]; then
					echo -e "route $net $ip" | sed "s/[[:space:]]*;[[:space:]]*/ ${ip}\nroute /g"
					[ "$TYPE" = "tun" ] && echo -e "iroute $net" | sed "s/[[:space:]]*;[[:space:]]*/\niroute /g" >> "$CCD/$name"
				fi
				if [ "$CLIENT2CLIENT" = "yes" ]; then
					i=1
					while [ $i -le $CLIENTS_DEFINED ]; do
						if [ $i -ne $client ]; then
							eval cnet=\$C_NET$i
							eval cip=\$C_IP$i
							[ "$cnet" != "-"  ] && echo -e "push \"route $cnet $cip\"" | sed "s/[[:space:]]*;[[:space:]]*/ ${cip}\"\npush \"route /g" >> "$CCD/$name"
						fi
						i=$((1+$i))
					done
				fi
				let client++
			done
		fi
	fi # of CERTS

	[ "$CLIENT2CLIENT" = "yes" ] && echo "client-to-client"
	[ "$PUSH_DOMAIN" ] && echo "push \"dhcp-option DOMAIN $PUSH_DOMAIN\""
	[ "$PUSH_DNS" ] && echo "push \"dhcp-option DNS $PUSH_DNS\""
	[ "$PUSH_WINS" ] && echo "push \"dhcp-option WINS $PUSH_WINS\""
	[ "$REDIRECT" ] && echo "push \"redirect-gateway\""

else # Client
	echo "remote $REMOTE"
	echo "nobind"
	[ "$PULL" = "yes" ] && echo "pull"
	[ "$REMOTE_NET" ] && echo "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g'
	[ "$REDIRECT" ] && echo "redirect-gateway"
	if [ "$DHCP_CLIENT" != "yes" ]; then
		if [ "$TYPE" = "tun" ]; then
			echo "ifconfig $BOX_IP $REMOTE_IP"
		else
			echo "ifconfig $BOX_IP $BOX_MASK"
		fi
	fi

fi

[ "$MTU" ] && echo "tun-mtu $MTU"
echo "mssfix"
[ "$UDP_FRAGMENT" != ""  -a "$UDP_FRAGMENT" != "0" ] && echo "fragment $UDP_FRAGMENT"
df=/var/tmp/debug_${prefix}.out
if [ "$DEBUG" = "yes" ]; then
	echo "log $df"
else
	rm -f $df
fi
echo "verb $VERBOSE"

echo "cipher $CIPHER"

[ "$SHAPER" ] && echo "shaper $SHAPER"
[ "$COMPLZO" = "yes" ] && echo "comp-lzo"
[ "$FLOAT" = "yes" ] && echo "float"
if [ "$KEEPALIVE" = "yes" ]; then
	echo "keepalive $KEEPALIVE_PING $KEEPALIVE_TIMEOUT"
	[ "$MODE" = "client" ] && echo "resolv-retry infinite"
fi
[ "$OPENVPN_MGMNT" = "yes" ] && echo "management $OPENVPN_MGMNT"
[ "$LOGFILE" = "yes" ] && echo "status /var/log/$prefix.log"

echo "cd $CHROOT"
echo "chroot $CHROOT"
echo "user openvpn"
echo "group openvpn"
echo "persist-tun"
echo "persist-key"

[ "$ADDITIONAL" != "" ] && echo  "$ADDITIONAL" | sed 's/[[:space:]]*;[[:space:]]*/\n/g'


fi
let count++

done