#!/bin/sh

uci -q batch <<-EOF >/dev/null
	delete ucitrack.@glorytun[-1]
	add ucitrack glorytun
	set ucitrack.@glorytun[-1].init=glorytun
	set ucitrack.@glorytun[-1].affects=glorytun-udp
	delete ucitrack.@glorytun-udp[-1]
	add ucitrack glorytun-udp
	set ucitrack.@glorytun-udp[-1].init=glorytun-udp
	commit ucitrack
EOF

if [ "$(uci -q get network.glorytun)" = "" ] && [ "$(uci -q get network.omrvpn)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		delete network.glorytun
		set network.glorytun=interface
		set network.glorytun.device=tun0
		set network.glorytun.proto=dhcp
		set network.glorytun.ip4table=vpn
		set network.glorytun.multipath=off
		set network.glorytun.leasetime=12h
		commit network
	EOF
#	set network.glorytun.proto=static
#	set network.glorytun.ipaddr=10.0.0.2
#	set network.glorytun.netmask=255.255.255.0
#	set network.glorytun.gateway=10.0.0.1
fi

if [ "$(uci -q show firewall | grep glorytun)" = "" ] && [ "$(uci -q get network.omrvpn)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		set firewall.zone_vpn=zone
		set firewall.zone_vpn.name=vpn
		set firewall.zone_vpn.network=glorytun
		set firewall.zone_vpn.masq=1
		set firewall.zone_vpn.input=REJECT
		set firewall.zone_vpn.forward=ACCEPT
		set firewall.zone_vpn.output=ACCEPT
		commit firewall
	EOF
fi
if [ "$(uci -q show firewall | grep Allow-All-LAN-to-VPN)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		add firewall rule
		set firewall.@rule[-1].enabled='1'
		set firewall.@rule[-1].target='ACCEPT'
		set firewall.@rule[-1].name='Allow-All-LAN-to-VPN'
		set firewall.@rule[-1].dest='vpn'
		set firewall.@rule[-1].src='lan'
		set firewall.@rule[-1].proto='all'
		commit firewall
	EOF
fi
rm -f /tmp/luci-indexcache
exit 0
