#!/bin/sh

# covpn - Wrapper to run OpenVPN with server push filtering, tcp/udp/defgw modes
# 2013 Laurent Ghigonis <laurent@gouloum.fr>

# Works together with correct openvpn-up.sh
# Uses same config file for UDP and TCP, passing --proto and --remote in command line
# Change of default gateway and DNS is done in openvpn-up.sh
# Passes env var 'openvpn_gateway' to openvpn-up.sh in case default gw is set to VPN
# Passes env var 'covpn_conf' to openvpn-up.sh to load it's configuration

usage_exit() {
	echo "`basename $0` [-g] [-t] <conf_path>"
	exit 1
}

restore() {
	restore_gateway
	restore_dns
}

restore_gateway() {
	echo "INFO: check_gateway"
	gw_cur=`ip route show 0/0 |cut -d' ' -f3`
	echo "INFO: gw_cur=$gw_cur"
	if [ "$gw_before" != "$gw_cur" ]; then
		echo "INFO: Gateway changed (before=$gw_before, cur=$gw_cur)"
		echo "INFO: Restoring previous default gw"
		/usr/sbin/ip route delete default
		/usr/sbin/ip route add default via $gw_before
	fi
}

restore_dns() {
	echo "INFO: check_dns"
	if [ -f /etc/resolv.conf.bak-covpn ]; then
		echo "INFO: restoring previous DNS"
		mv /etc/resolv.conf.bak-covpn /etc/resolv.conf
	fi
}

if [ `id -u` -ne 0 ]; then
	echo "must be root"
	exit 1
fi

gw_before=`ip route show 0/0 |cut -d' ' -f3`

opts="$(getopt -o gth -l gateway,tcp,help -n "$program" -- "$@")"
openvpn_proto="udp"
gateway=0
err=$?
echo "INFO: gw_before=$gw_before"
eval set -- "$opts"
while true; do case $1 in
	-g|--gateway) gateway=1; shift;;
	-t|--tcp) openvpn_proto="tcp"; shift ;;
	-h|--help) usage_exit ;;
	--) shift; break ;;
esac done
test $err -ne 0 && usage_exit
test $# -lt 1 && usage_exit
conf_path=`readlink -f $1`
shift

covpn_conf="$conf_path/covpn.conf"
if [ ! -f $covpn_conf ]; then
	echo "ERROR: missing covpn.conf in $conf_path !"
	exit 1
fi
. $covpn_conf

if [ $openvpn_proto = "udp" ]; then
	openvpn_remote="$CONF_UDP_REMOTE"
else
	openvpn_remote="$CONF_TCP_REMOTE"
fi

trap restore INT TERM EXIT

/usr/sbin/openvpn --setenv openvpn_gateway $gateway \
	 --setenv covpn_conf $covpn_conf \
	--cd $conf_path --config openvpn.conf --chroot $conf_path \
	--proto $openvpn_proto --remote $openvpn_remote $@