#!/bin/sh
set -e

[ -d /dev/net ] ||
    mkdir -p /dev/net
[ -c /dev/net/tun ] ||
    mknod /dev/net/tun c 10 200

cd /etc/openvpn
[ -f dh.pem ] ||
    openssl dhparam -out dh.pem 512
[ -f key.pem ] ||
    openssl genrsa -out key.pem 2048
chmod 600 key.pem
[ -f csr.pem ] ||
    openssl req -new -key key.pem -out csr.pem -subj /CN=OpenVPN/
[ -f cert.pem ] ||
    openssl x509 -req -in csr.pem -out cert.pem -signkey key.pem -days 36525

[ -f tcp443.conf ] || cat >tcp443.conf <<EOF
server 192.168.255.0 255.255.255.128
verb 3
duplicate-cn
key key.pem
ca cert.pem
cert cert.pem
dh dh.pem
keepalive 10 60
persist-key
persist-tun

proto tcp-server
port 443
dev tun443
status openvpn-status-443.log
EOF

[ -f udp1194.conf ] || cat >udp1194.conf <<EOF
server 192.168.255.128 255.255.255.128
verb 3
duplicate-cn
key key.pem
ca cert.pem
cert cert.pem
dh dh.pem
keepalive 10 60
persist-key
persist-tun
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

proto udp
port 1194
dev tun1194
status openvpn-status-1194.log
EOF

MY_IP_ADDR=$(curl -s http://myip.enix.org/REMOTE_ADDR)
[ "$MY_IP_ADDR" ] || {
    echo "Sorry, I could not figure out my public IP address."
    echo "(I use http://myip.enix.org/REMOTE_ADDR/ for that purpose.)"
    exit 1
}

[ -f client.ovpn ] || cat >client.ovpn <<EOF
client
nobind
dev tun
redirect-gateway def1

<key>
`cat key.pem`
</key>
<cert>
`cat cert.pem`
</cert>
<ca>
`cat cert.pem`
</ca>
<dh>
`cat dh.pem`
</dh>

<connection>
remote $MY_IP_ADDR 1194 udp
</connection>

<connection>
remote $MY_IP_ADDR 443 tcp-client
</connection>
EOF

[ -f client.http ] || cat >client.http <<EOF
HTTP/1.0 200 OK
Content-Type: application/x-openvpn-profile
Content-Length: `wc -c client.ovpn`

`cat client.ovpn`
EOF

iptables -t nat -A POSTROUTING -s 192.168.255.0/24 -o eth0 -j MASQUERADE

touch tcp443.log udp1194.log http8080.log
while true ; do openvpn tcp443.conf ; done >> tcp443.log &
while true ; do openvpn udp1194.conf ; done >> udp1194.log &
tail -F *.log