#!/bin/sh

scriptname=$0;
scriptname=${scriptname##*/}
prefix=${scriptname%%_conf} 

CCD=/var/tmp/clients_$prefix;

. /mod/etc/conf/openvpn.cfg

uebergabe="";

wert (){
IFS=$2;
local number=$3;
local c=0;
uebergabe="";
for inhalt in $1; do
	if [ "$c" -eq "$number" ] ; then uebergabe=$inhalt; fi
	c=$((c+1));
done
unset IFS;
}

delimiter="#"
vars="DEBUG DEBUG_TIME LOCAL MODE REMOTE PORT PROTO TYPE BOX_IP BOX_MASK REMOTE_IP DHCP_RANGE LOCAL_NET REMOTE_NET DHCP_CLIENT MTU AUTH_TYPE CIPHER TLS_AUTH FLOAT KEEPALIVE KEEPALIVE_PING KEEPALIVE_TIMEOUT COMPLZO MAXCLIENTS CLIENT2CLIENT PUSH_DNS PUSH_WINS REDIRECT VERBOSE SHAPER PULL LOGFILE MGMNT CLIENTS_DEFINED CLIENT_INFO CLIENT_IPS CLIENT_NAMES CLIENT_NETS CLIENT_MASKS CONFIG_NAMES UDP_FRAGMENT ADDITIONAL OWN_KEYS NO_CERTTYPE TAP2LAN PARAM_1 PARAM_2 PARAM_3" ;
count=1;

while [ $count -le $OPENVPN_CONFIG_COUNT ]; do

for var in $vars; do
	tmp="$var";
	configvar='OPENVPN_';
	eval configvar=\$$configvar$var;
	IFS='';
	wert "$configvar" "$delimiter" "$count";
	eval $tmp=\$uebergabe;
done

if [ "openvpn_$CONFIG_NAMES" == "$prefix" ] || [ "$prefix" == "openvpn" -a  $count -eq 1 ] ; then

if [ $1 ]; then
	CONFFILE=$1
else
	CONFFILE=/mod/etc/${prefix}.conf
fi

echo "#  OpenVPN 2.1 Config, $(date)" > $CONFFILE

if [ "$LOCAL" ];then
	echo "local $LOCAL"  >> $CONFFILE
fi

if [ "$PROTO" == "tcp" ]; then
		echo "proto tcp-$MODE" >> $CONFFILE
	else
		echo "proto udp" >> $CONFFILE
fi

if [ "$TYPE" == "tap" ]; then
		echo "dev tap$(( $count -1))" >> $CONFFILE
		[ "$TAP2LAN" == yes ] && echo "#Helperline for rc.openvpn to add tap$(( $count -1)) to lan bridge" >> $CONFFILE
	else
		echo "dev tun" >> $CONFFILE
fi

if [ "$OWN_KEYS" != "" -a $count -gt 1 ]; then
	keypath="/tmp/flash/${prefix}/"
else
	keypath="/tmp/flash/"
fi

if [ "$AUTH_TYPE" == "certs" ]; then
	echo "ca ${keypath}ca.crt" >> $CONFFILE
	echo "cert ${keypath}box.crt" >> $CONFFILE
	echo "key ${keypath}box.key" >> $CONFFILE
	if [ "$MODE" == "server" ]; then
		echo "dh ${keypath}dh.pem" >> $CONFFILE
		if [ -r "${keypath}crl.pem" ]; then
			echo "crl-verify ${keypath}crl.pem" >> $CONFFILE
		fi
		echo "tls-server" >> $CONFFILE
		if [ "$TLS_AUTH" == "yes" ]; then
			echo "tls-auth ${keypath}static.key 0" >> $CONFFILE
		fi
	else
		echo "tls-client" >> $CONFFILE
		[ "yes" != "$NO_CERTTYPE" ] && echo "ns-cert-type server" >> $CONFFILE
		if [ "$TLS_AUTH" == "yes" ]; then
			echo "tls-auth ${keypath}static.key 1" >> $CONFFILE
		fi

	fi 
else
	echo "secret ${keypath}static.key" >> $CONFFILE
fi

if [ "$MODE" == "server" ]; then
	echo "port $PORT" >> $CONFFILE

	if [ "$PUSH_DNS" ]; then
		echo "push \"dhcp-option DNS $PUSH_DNS\"" >> $CONFFILE
	fi
	if [ "$PUSH_WINS" ]; then
		echo "push \"dhcp-option DNS $PUSH_WINS\"" >> $CONFFILE
	fi
	if [ "$REDIRECT" ]; then
		echo "push \"redirect-gateway\"" >> $CONFFILE
	fi
	if [ "$DHCP_RANGE" -a "$AUTH_TYPE" == "certs" ]; then
		echo "mode server" >> $CONFFILE
		echo "ifconfig-pool $DHCP_RANGE" >> $CONFFILE
		if [ "$CLIENT2CLIENT" == "yes" ]; then
		    echo "push \"route ${DHCP_RANGE%.* *}.0 255.255.255.0\"" >> $CONFFILE		
		else
		    echo "push \"route $BOX_IP \"" >> $CONFFILE
		fi
	fi

	if [ "$CLIENT_INFO" == "yes" ] && [ "$AUTH_TYPE" == "certs" ]; then 
			if [ ! -d $CCD ]; then
				mkdir $CCD
			else
				rm $CCD/*	
			fi
			echo "ifconfig $BOX_IP $BOX_MASK" >> $CONFFILE
			if [ ! "$DHCP_RANGE" ]; then 
				echo "mode server" >> $CONFFILE
			fi 
			echo "client-config-dir $CCD" >> $CONFFILE
			echo "topology subnet" >> $CONFFILE
			echo "max-clients  $MAXCLIENTS" >> $CONFFILE
			if [ "$LOCAL_NET" ]; then
				tmp="`echo $LOCAL_NET | sed 's/[[:space:]]*;[[:space:]]*/;/g'`"
				IFS=";"
				for i in $tmp; do
					echo "push \"route $i $BOX_IP\"" >> $CONFFILE
				done
				unset IFS
			fi			
			client=1
			actcip=${CLIENT_IPS%%:*}
			restip=${CLIENT_IPS#*:}
			actcname=${CLIENT_NAMES%%:*}
			restname=${CLIENT_NAMES#*:}
			actcnet="${CLIENT_NETS%%:*}"
			restnet="${CLIENT_NETS#*:}"
			
			while [ $client -le "$CLIENTS_DEFINED" ]
			do	
				eval C_IP$client=$actcip;
				eval C_NAME$client=$actcname;
				eval C_NET$client=\"$actcnet\";
				actcip=${restip%%:*}
				restip=${restip#*:}
				actcname=${restname%%:*}
				restname=${restname#*:}
				actcnet="${restnet%%:*}"
				restnet="${restnet#*:}"
				client=$((client+1))
			done
			
			client=1
			
			while [ $client -le "$CLIENTS_DEFINED" ]
			do
				eval net=\$C_NET$client
				eval name=\$C_NAME$client
				eval ip=\$C_IP$client
				echo "ifconfig-push $ip $BOX_MASK"  > $CCD/$name
				echo "push \"topology subnet\"" >> $CCD/$name
				if [ "$net" != "-" ] ; then
					#echo "route $net $mask $ip" >> $CONFFILE
					echo -e "route $net $ip" | sed "s/[[:space:]]*;[[:space:]]*/ ${ip}\nroute /g" >> $CONFFILE
					#echo "iroute  $net $mask" >> $CCD/$name
					echo -e "iroute $net" | sed "s/[[:space:]]*;[[:space:]]*/\niroute /g" >> $CCD/$name
				fi
				if [ "$CLIENT2CLIENT" == "yes" ]; then
					i=1
					while [ $i -le $CLIENTS_DEFINED ]; do
						if [ $i -ne $client ]; then
							eval cnet=\$C_NET$i 
							eval cip=\$C_IP$i
							if [ "$cnet" != "-"  ]  ; then
								#echo "push \"route $cnet $cip \"" >> $CCD/$name
								echo -e "push \"route $cnet $cip\"" | sed "s/[[:space:]]*;[[:space:]]*/ ${cip}\"\npush \"route /g" >> $CCD/$name
							fi
						fi
					i=$((1+$i))
					done
				fi
				client=$(($client+1))
			done
	fi
	[ "$CLIENT2CLIENT" == "yes" ] && echo "client-to-client" >> $CONFFILE

	if [ "$TYPE" == "tap" ]; then
		echo "ifconfig $BOX_IP $BOX_MASK" >> $CONFFILE
		echo "push \"route-gateway $BOX_IP\"" >> $CONFFILE
		if [ "$LOCAL_NET" ]; then
			#echo "push \"route $LOCAL_NET\"" >> $CONFFILE
			echo "push \"route $LOCAL_NET\"" | sed 's/[[:space:]]*;[[:space:]]*/\"\npush \"route /g' >> $CONFFILE
		fi
		if [ "$REMOTE_NET" ]; then
			#echo "route $REMOTE_NET" >> $CONFFILE
			echo  "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g' >> $CONFFILE
		fi
		if [ "$MAXCLIENTS" ]; then
			echo "max-clients $MAXCLIENTS" >> $CONFFILE
		fi
	else 
	if [ "$CLIENT_INFO" != "yes" ] || [ "$AUTH_TYPE" == "static" ] ; then 
			echo "ifconfig $BOX_IP $REMOTE_IP" >> $CONFFILE
			if [ "$REMOTE_NET" ]; then
				#echo "route $REMOTE_NET" >> $CONFFILE
				echo  "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g' >> $CONFFILE
			fi
			if [ "$LOCAL_NET" -a "$AUTH_TYPE" == "certs" ]; then
				#echo "push \"route $LOCAL_NET\"" >> $CONFFILE
				echo "push \"route $LOCAL_NET\"" | sed 's/[[:space:]]*;[[:space:]]*/\"\npush \"route /g' >> $CONFFILE
			fi
		fi
	fi
	[ "$CLIENT2CLIENT" == "yes" ] && echo "client-to-client" >> $CONFFILE

else
	echo "remote $REMOTE" >> $CONFFILE
	echo "nobind" >> $CONFFILE
	if [ "$PULL" == "yes" ]; then
		echo "pull" >> $CONFFILE
	fi
	if [ "$REMOTE_NET" ]; then
		#echo "route $REMOTE_NET" >> $CONFFILE
		echo "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g' >> $CONFFILE
	fi
	if [ "$REDIRECT" ]; then
		echo "redirect-gateway" >> $CONFFILE
	fi
	if [ "$DHCP_CLIENT" != "yes" ]; then
		if [ "$TYPE" == "tun" ]; then 
			echo "ifconfig $BOX_IP $REMOTE_IP" >> $CONFFILE
		else
			echo "ifconfig $BOX_IP $BOX_MASK" >> $CONFFILE
		fi
	fi
	
fi

echo "tun-mtu $MTU" >> $CONFFILE
echo "mssfix" >> $CONFFILE
if [ "$UDP_FRAGMENT" != "" ] && [ "$UDP_FRAGMENT" != "0" ]; then
	echo "fragment $UDP_FRAGMENT" >> $CONFFILE
fi
df=/var/tmp/debug_${prefix}.out
if [ "$DEBUG" == "yes" ]; then
	echo "log $df" >> $CONFFILE
else
	rm -f $df
fi
echo "verb $VERBOSE" >> $CONFFILE
echo "daemon" >> $CONFFILE

echo "cipher $CIPHER" >> $CONFFILE

if [ "$SHAPER" ]; then
	echo "shaper $SHAPER" >> $CONFFILE
fi
if [ "$COMPLZO" == "yes" ]; then
	echo "comp-lzo" >> $CONFFILE
fi
if [ "$FLOAT" == "yes" ]; then
	echo "float" >> $CONFFILE
fi
if [ "$KEEPALIVE" == "yes" ]; then
	echo "keepalive $KEEPALIVE_PING $KEEPALIVE_TIMEOUT" >> $CONFFILE
	if [ "$MODE" == "client" ]; then
		echo "resolv-retry infinite" >> $CONFFILE
	fi
fi
if [ "$OPENVPN_MGMNT" == "yes" ]; then
	echo "management $OPENVPN_MGMNT" >> $CONFFILE
fi
if [ "$LOGFILE" == "yes" ]; then
	echo "status /var/log/$prefix.log" >> $CONFFILE
fi

if [ "$ADDITIONAL" != "" ]; then
	echo  "$ADDITIONAL" | sed 's/[[:space:]]*;[[:space:]]*/\n/g' >> $CONFFILE
fi


fi
count=$((count+1));

done

