#!/bin/sh
#set -e
export RNG=PROGRAM
if [ ${mode} == "server" ]
then
  mv /etc/openvpn/server.conf /etc/openvpn/ovpn.conf
  echo -e "LegacySigningMDs md2 md5\nMinimumDHBits 512\n" >> /etc/pki/tls/legacy-settings
  if [[ ${dev} && ${net} && ${ip} ]]
    then
      trap cleanup SIGTERM EXIT
      cleanup()
      {
        ip addr del ${ip}/24 dev ${dev}:ovpn
        iptables -D FORWARD -m state --state NEW -s 10.10.20.0/24 -d ${net}/24 -j DROP
      }
      ip addr add ${ip}/24 brd + dev ${dev} label ${dev}:ovpn
      iptables -I FORWARD 1 -m state --state NEW -s 10.10.20.0/24 -d ${net}/24 -j DROP
      echo "push \"route ${net} 255.255.255.0\"" >> /etc/openvpn/ovpn.conf
      exec "/usr/sbin/openvpn" "--config" "/etc/openvpn/ovpn.conf" "$@" &
      wait
    else
      exec "/usr/sbin/openvpn" "--config" "/etc/openvpn/ovpn.conf" "$@" 
      
  fi
    
fi

if [ ${mode} == "client" ]
then
    mv /etc/openvpn/client.conf /etc/openvpn/ovpn.conf
    echo "remote ${server}" >> /etc/openvpn/ovpn.conf
    echo -e "LegacySigningMDs md2 md5\nMinimumDHBits 512\n" >> /etc/pki/tls/legacy-settings
    exec "/usr/sbin/openvpn" "--config" "/etc/openvpn/ovpn.conf" "$@" 
fi

if [ ${mode} == "keygen" ]
then
    echo "$SSHKEY" > /tmp/keyfile
    chmod 0400 /tmp/keyfile
    exec "$@"
fi 
#exec "$@"