#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org

START=60

log() {
	logger -t "OpenVPN : " "$@"
}

check_config () {
	log "Check Client Interfaces"
	CHANGE="0"
	WW=$(uci get network.VPN)
	if [ -z $WW ]; then
		uci set network.VPN=interface
		uci set network.VPN.proto="none"
		uci set network.VPN.ifname="tun0"
		uci set network.VPN.auto="0"
		CHANGE="1"
	fi
	WW=$(uci get network.VPNS)
	if [ -z $WW ]; then
		uci set network.VPNS=interface
		uci set network.VPNS.proto="none"
		uci set network.VPNS.ifname="tun-server"
		uci set network.VPNS.auto="0"
		CHANGE="1"
	fi
	WW=$(uci get network.TAP)
	if [ -z $WW ]; then
		uci set network.TAP=interface
		uci set network.TAP.proto="none"
		uci set network.TAP.ifname="tap0"
		uci set network.TAP.auto="1"
		LANIF=$(uci get network.lan.ifname)
		TAP0=$(echo $LANIF | grep "tap0")
		if [ -z "$TAP0" ]; then
			uci set network.lan.ifname="$(uci get network.lan.ifname) tap0"
		fi
		CHANGE="1"
	fi
	WW=$(uci get network.TAPS)
	if [ -z $WW ]; then
		uci set network.TAPS=interface
		uci set network.TAPS.proto="none"
		uci set network.TAPS.ifname="tap-server"
		uci set network.TAPS.auto="0"
		LANIF=$(uci get network.lan.ifname)
		TAP1=$(echo $LANIF | grep "tap-server")
		if [ -z "$TAP1" ]; then
			uci set network.lan.ifname="$(uci get network.lan.ifname) tap-server"
		fi
		CHANGE="1"
	fi
	if [ $CHANGE = "1" ]; then
		uci commit network
		/etc/init.d/network restart
	fi
	
	CHANGE="0"
	WW=$(uci get firewall.vpnzone)
	if [ -z $WW ]; then
		uci set firewall.vpnzone=zone
		uci set firewall.vpnzone.name="VPN"
		uci set firewall.vpnzone.forward="REJECT"
		uci set firewall.vpnzone.output="ACCEPT"
		uci set firewall.vpnzone.network="VPN"
		uci set firewall.vpnzone.input="REJECT"
		uci set firewall.vpnzone.masq="1"
		uci set firewall.vpnzone.mtu_fix="1"
		uci set firewall.vpnforward=forwarding
		uci set firewall.vpnforward.dest="VPN"
		uci set firewall.vpnforward.src="lan"
		CHANGE="1"
	fi	
	WW=$(uci get firewall.vpnzones)
	if [ -z $WW ]; then
		uci set firewall.vpnzones=zone
		uci set firewall.vpnzones.name="VPNS"
		uci set firewall.vpnzones.forward="REJECT"
		uci set firewall.vpnzones.output="ACCEPT"
		uci set firewall.vpnzones.network="VPNS"
		uci set firewall.vpnzones.input="ACCEPT"
		uci set firewall.vpnzones.masq="1"
		uci set firewall.vpnzones.mtu_fix="1"
		uci set firewall.vpnforwards=forwarding
		uci set firewall.vpnforwards.dest="VPNS"
		uci set firewall.vpnforwards.src="lan"
		CHANGE="1"
	fi
	if [ $CHANGE = "1" ]; then	
		uci commit firewall
		/etc/init.d/firewall restart
	fi
	WW=$(uci get openvpn.settings)
	if [ -z $WW ]; then
		uci set openvpn.settings=settings
		uci set openvpn.settings.vpn2lan="0"
		uci set openvpn.settings.vpns2lan="0"
		uci set openvpn.settings.vpn2wan="0"
		uci set openvpn.settings.country="CA"
		uci set openvpn.settings.city="Abbotsford"
		uci set openvpn.settings.organ="ROOter"
		uci set openvpn.settings.days="3650"
		uci set openvpn.settings.nclient='1'
		uci commit openvpn
	fi
}

checkserver() {
	log "Check Server Interfaces"
	local s=$1
	if [ -z $s ]; then
		return
	fi
	local SERVER="0"
	local config=$(uci get openvpn.$s.config)
	if [ ! -z $config ]; then
		return
	fi
	local client=$(uci get openvpn.$s.client)
	if [ -z $client ]; then
		SERVER="1"
	else
		if [ $client = "0" ]; then
			SERVER="1"
		fi
	fi
	
	if [ $SERVER = "1" ]; then
		port=$(uci get openvpn.$s.port)
		if [ -z $port ]; then
			PORT="1194"
		else
			PORT=$port
		fi
		# look for rule for this port
		INB="inbound"$PORT
		RULE=$(uci get firewall.$INB)
		if [ -z $RULE ]; then
			uci set firewall.$INB=rule
			uci set firewall.$INB.name=$INB
			uci set firewall.$INB.target=ACCEPT
			uci set firewall.$INB.src=*
			uci set firewall.$INB.proto=udp
			uci set firewall.$INB.dest_port=$PORT
			uci commit firewall
			/etc/init.d/firewall reload
		fi
		DEV=$(uci get openvpn.$s.dev)
		if [ $DEV = "tun0" ]; then
			uci set openvpn.$s.dev="tun1"
			uci commit openvpn
		else
			
			if [ $DEV = "tap0" ]; then
				uci set openvpn.$s.dev="tap1"
				uci commit openvpn
			fi
		fi
	else
		DEV=$(uci get openvpn.$s.dev)
		if [ $DEV = "tun1" ]; then
			uci set openvpn.$s.dev="tun0"
			uci commit openvpn
		else
			if [ $DEV = "tap1" ]; then
				uci set openvpn.$s.dev="tap0"
				uci commit openvpn
			fi
		fi
	fi
}

start() {
	check_config
	checkserver

	if [ -d /etc/luci-uploads ]; then
		rm -rfv /etc/luci-uploads
	fi
	ln -s /etc/openvpn /etc/luci-uploads 
}