#!/bin/sh

. /lib/functions/guard.sh

# always set correct masquerading, regardless of guard
uci set firewall.zone_ffuplink.masq=0
uci commit firewall

if [[ $(uci get ffberlin-uplink.preset.current) != "vpn03_openvpn" ]]; then
  # do not track preset when it was 'undefined', aka never configured
  if [[ $(uci get ffberlin-uplink.preset.current) != 'undefined' ]]; then
    logger -t "ffuplink" "uplink-preset has been changed."
    uci set ffberlin-uplink.preset.previous=$(uci get ffberlin-uplink.preset.current)
  fi
  uci set ffberlin-uplink.preset.current="vpn03_openvpn"
  # call uci-default of package freifunk-berlin-openvpn-files again to recreate initial config
  sh /rom/etc/uci-defaults/freifunk-berlin-z90_openvpn
fi
uci commit ffberlin-uplink

guard "vpn03_openvpn"

uci set openvpn.ffuplink.proto=udp4
uci set openvpn.ffuplink.dev_type=tun
uci set openvpn.ffuplink.persist_key=1
uci set openvpn.ffuplink.keepalive="10 60"
uci set openvpn.ffuplink.ns_cert_type=server
uci set openvpn.ffuplink.comp_lzo="no"
uci set openvpn.ffuplink.script_security=2
uci set openvpn.ffuplink.cipher="none"
uci set openvpn.ffuplink.mssfix=1300
uci add_list openvpn.ffuplink.remote="vpn03.berlin.freifunk.net 1194"
uci add_list openvpn.ffuplink.remote="vpn03-backup.berlin.freifunk.net 1194"
uci set openvpn.ffuplink.ca="/etc/openvpn/freifunk-ca.crt"
uci set openvpn.ffuplink.cert="/etc/openvpn/ffuplink.crt"
uci set openvpn.ffuplink.key="/etc/openvpn/ffuplink.key"
uci commit openvpn
