#!/bin/bash

#
# Get an OpenVPN client configuration file
#

set -ex

if [ -s "$OPENVPN/server_url" ]; then
    server_url=$(cat "$OPENVPN/server_url" 2> /dev/null)
else
    # TODO Backwards compatible, need to throw away eventually
    server_url=$(cat "$OPENVPN/servername" 2> /dev/null)
fi

if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
    proto=${BASH_REMATCH[2]};
    servername=${BASH_REMATCH[3]};
    port=${BASH_REMATCH[5]};
else
    echo "Common name not specified"
    exit 1
fi

# Apply defaults
[ -z "$proto" ] && proto=1194
[ -z "$port" ] && port=udp

if [ ! -f "$EASYRSA_PKI/private/$cn.key" ]; then
    easyrsa build-server-full $cn nopass
fi

cat <<EOF
client
nobind
dev tun
redirect-gateway def1
remote-cert-tls server

<key>
$(cat $EASYRSA_PKI/private/$cn.key)
</key>
<cert>
$(cat $EASYRSA_PKI/issued/$cn.crt)
</cert>
<ca>
$(cat $EASYRSA_PKI/ca.crt)
</ca>
<dh>
$(cat $EASYRSA_PKI/dh.pem)
</dh>
<tls-auth>
$(cat $EASYRSA_PKI/ta.key)
</tls-auth>
key-direction 1

<connection>
remote $servername $port $proto
</connection>
EOF