#!/bin/bash

pickup_defaults
pickup_options

[ -x "${OVPN:=$DEFAULT_OVPN}" ] || {
	print_error "$OVPN does not exist or is not executable. Try installing openvpn RPM."
	exit 1
}

modprobe_tuntap || {
	print_error "tuntap control node does not exist"
	exit 1
}

is_yes "$RESTORE_DEFAULTROUTE" && { # Save default route(s)
	[ -d $OVPNRUNDIR ] || 
	{
		print_error "OpenVPN rundir $OVPNRUNDIR does not exist"
		exit 1
	}
	$IP route ls | grep ^default > $OVPNRUNDIR/openvpn-iface-$NAME.defaultroute
	[ -s $OVPNRUNDIR/openvpn-iface-$NAME.defaultroute ] || \
		rm -f $OVPNRUNDIR/openvpn-iface-$NAME.defaultroute
}

PROF_CAFILE=`profiled_filename $MYIFACEDIR/${OVPNCAFILE:-$DEFAULT_OVPNCAFILE}`
PROF_CRTFILE=`profiled_filename $MYIFACEDIR/${OVPNCRTFILE:-$DEFAULT_OVPNCRTFILE}`
PROF_KEYFILE=`profiled_filename $MYIFACEDIR/${OVPNKEYFILE:-$DEFAULT_OVPNKEYFILE}`
PROF_CONFFILE=`profiled_filename $MYIFACEDIR/${OVPNCONFFILE:-$DEFAULT_OVPNCONFFILE}`
PROF_TLSAUTHFILE=`profiled_filename $MYIFACEDIR/${OVPNTLSAUTHFILE:-$DEFAULT_OVPNTLSAUTHFILE}`
OVPN_USER=${OVPNUSER:-$DEFAULT_OVPNUSER}
OVPN_GROUP=${OVPNGROUP:-$DEFAULT_OVPNGROUP}

# FIXME: this won't work in every case
if egrep '^(tls-client|tls-server|client)$' "$PROF_CONFFILE" >/dev/null; then
	[ -s "$PROF_CAFILE" ] && KEY_ARGS="--ca $PROF_CAFILE"
	[ -s "$PROF_CRTFILE" ] && KEY_ARGS="$KEY_ARGS --cert $PROF_CRTFILE"
	[ -s "$PROF_KEYFILE" ] && KEY_ARGS="$KEY_ARGS --key $PROF_KEYFILE"
	[ -s "$PROF_TLSAUTHFILE" ] && KEY_ARGS="$KEY_ARGS --tls-auth $PROF_TLSAUTHFILE"
else
	[ -s "$PROF_KEYFILE" ] && KEY_ARGS="$KEY_ARGS --secret $PROF_KEYFILE"
fi

[ -d $OVPNCHROOTDIR/cache ] ||
{
	print_error "OpenVPN cache dir $OVPNCHROOTDIR/cache does not exist"
	exit 1
}

$OVPN --dev $NAME --daemon \
	${PROF_CONFFILE:+ --config $PROF_CONFFILE} $KEY_ARGS $TLSAUTH_ARGS \
	${OVPN_USER:+ --user $OVPN_USER --persist-tun --persist-key} \
	${OVPN_GROUP:+ --group $OVPN_GROUP} \
	--cd $OVPNCHROOTDIR/cache --chroot $OVPNCHROOTDIR \
	--writepid $OVPNRUNDIR/openvpn-iface-$NAME.pid \
	--up $SCRIPTDIR/openvpn.action
