#!/bin/sh

# OpenVPN up.sh script, part of covpn
# Filters input from OpenVPN, usefull for checking IPs/ranges/DNS pushed by an
# OpenVPN server
# 2013 Laurent Ghigonis <laurent@gouloum.fr>

# Reads its configuration (EXPECTED_* vars) from $covpn_conf

# Some env vars also available:
# script_context=init
# script_type=up

if [ ! -f $covpn_conf ]; then
	echo "covpn openvpn-up.sh: ERROR: $covpn_conf not found !"
	exit 99
fi
. $covpn_conf

dns=`echo $foreign_option_1 |cut -d' ' -f3`
if [ X"$dns" != X"" -a X"$EXPECTED_DNS" != X"disable" ]; then
	echo $dns |egrep -q "^$EXPECTED_DNS$" ||exit 10
else
	dns="none"
fi
echo $dev |egrep -q "^tun[0-9]$" ||exit 11
test $tun_mtu -gt 200 -a $tun_mtu -lt 2000 ||exit 12
echo $ifconfig_local |egrep -q "^$EXPECTED_IP_RANGE$" ||exit 13
echo $ifconfig_remote |egrep -q "^$EXPECTED_IP_RANGE$" ||exit 14
echo $route_network_1 |egrep -q "^$EXPECTED_ROUTE_RANGE$" ||exit 15
echo $route_netmask_1 |egrep -q "^$EXPECTED_ROUTE_MASK$" ||exit 16
echo $route_network_2 |egrep -q "^$EXPECTED_GATEWAY$" ||exit 17

/usr/sbin/ip addr add $ifconfig_local peer $ifconfig_remote dev $dev ||exit 20
/usr/sbin/ip link set $dev mtu $tun_mtu ||exit 21
/usr/sbin/ip link set $dev up ||exit 22
/usr/sbin/ip route add ${route_network_1}/${route_netmask_1} dev $dev ||exit 23
if [ X"$openvpn_gateway" = X"1" ]; then
	/usr/sbin/ip route add $remote_1 via $route_net_gateway
	/usr/sbin/ip route delete default
	/usr/sbin/ip route add 0/1 via $route_network_2
	/usr/sbin/ip route add 128/1 via $route_network_2
fi
if [ $dns != "none" ]; then
	cp /etc/resolv.conf /etc/resolv.conf.bak-covpn
	echo "nameserver $dns" > /etc/resolv.conf ||exit 24
fi