#!/bin/sh
#set -e
export RNG=PROGRAM
if [ ${mode} == "server" ]
then
  mv /etc/openvpn/server.conf /etc/openvpn/ovpn.conf
  echo -e "LegacySigningMDs md2 md5\nMinimumDHBits 512\n" >> /etc/pki/tls/legacy-settings
  if [[ ${net} ]]
  then
    echo "push \"route ${net} 255.255.255.0\"" >> /etc/openvpn/ovpn.conf
  fi
  if [[ ${dev} && ${ip} ]]
  then
    if [ -z ${client_net} ]
    then
      client_net="10.10.20.0/24"
    fi
    trap cleanup SIGTERM EXIT
    cleanup()
    {
      ip addr del ${ip}/24 dev ${dev}:ovpn
      iptables -D FORWARD -m state --state NEW -s ${client_net} -i external -j DROP
      iptables -D FORWARD -s ${client_net} -d ${client_net} -i external -j DROP
    }
    ip addr add ${ip}/24 brd + dev ${dev} label ${dev}:ovpn
    iptables -I FORWARD 1 -m state --state NEW -s ${client_net} -i external -j DROP
    iptables -I FORWARD 1 -s ${client_net} -d ${client_net} -i external -j DROP
    exec "/usr/sbin/openvpn" "--config" "/etc/openvpn/ovpn.conf" "$@" &
    wait
  else
    exec "/usr/sbin/openvpn" "--config" "/etc/openvpn/ovpn.conf" "$@"
  fi
fi

if [ ${mode} == "client" ]
then
  mv /etc/openvpn/client.conf /etc/openvpn/ovpn.conf
  echo "remote ${server}" >> /etc/openvpn/ovpn.conf
  echo -e "LegacySigningMDs md2 md5\nMinimumDHBits 512\n" >> /etc/pki/tls/legacy-settings
  exec "/usr/sbin/openvpn" "--config" "/etc/openvpn/ovpn.conf" "$@"
fi

if [ ${mode} == "keygen" ]
then
  echo "$SSHKEY" > /tmp/keyfile
  chmod 0400 /tmp/keyfile
  exec "$@"
fi