#!/bin/bash
# OpenMPTCProuter VPS service script
# This script configure 6in4, multipath and firewall for current VPN

if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
	ip route del fd00::/8 via fe80::a00:2 dev omr-6in4
	ip link set omr-6in4 down
	ip tunnel del omr-6in4
	exit 0
fi

_multipath() {
	# Force multipath status
	source /etc/shorewall/params.net
	for intf in `ls -1 /sys/class/net`; do
		if [ "$intf" = "$NET_IFACE" ]; then
			multipath $intf on
		else
			multipath $intf off
		fi
	done
}

# Add IPv6 tunnel
if [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
	ip tunnel change omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
else
	ip tunnel add omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
	ip addr add fe80::a00:1/64 dev omr-6in4 >/dev/null 2>&1
fi
ip link set omr-6in4 up
ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4

_ping() {
	local host=$1
	ret=$(ping -4 "${host}" \
		-W 5 \
		-c 1 \
		-q
	)
	[ -n "$ret" ] && echo "$ret" | grep -sq "0% packet loss" && {
		return
	}
	false
}

_ping_range() {
	local network=$1
	for i in {2..50} ;do 
		_ping $network$i
		pingr=$?
		if $(exit $pingr); then
			ipd=$network$i
			return
		fi
	done
	false
}

while true; do
	source /etc/shorewall/params.vpn
	iface=""
	currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n")
	currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n")
	if [ -n "$currentpeer" ]; then
		_ping $currentpeer
		status=$?
		if ! $(exit $status) || [ "$currentpeer" != "$OMR_ADDR" ]; then
			allip_tcp=$(ip -4 addr show gt-tun0 2>/dev/null | grep inet)
			allip_udp=$(ip -4 addr show gt-udp-tun0 2>/dev/null | grep inet)
			[ -d "/sys/class/net/mlvpn0" ] && allip_mlvpn=$(ip -4 addr show mlvpn0 2>/dev/null | grep inet)
			[ -d "/sys/class/net/tun0" ] && allip_openvpn=$(ip -4 addr show tun0 2>/dev/null | grep inet)
			allip="$allip_tcp
$allip_udp
$allip_openvpn
$allip_mlvpn"
			while IFS= read -r inet; do
				ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")
				if [ "$ip" != "" ]; then
					_ping_range $(echo $ip | sed 's/.1/./' | tr -d "\n")
					statusr=$?
					if $(exit $statusr); then
						_ping $ipd
						statusp=$?
						if $(exit $statusp); then
							ip tunnel change omr-6in4 mode sit remote $ipd local $ip
							echo "VPS_ADDR=$ip" > /etc/shorewall/params.vpn
							echo "OMR_ADDR=$ipd" >> /etc/shorewall/params.vpn
							iface=$(ip -4 addr | grep $ip | awk '{print $7}' | tr -d "\n")
							echo "VPS_IFACE=$iface" >> /etc/shorewall/params.vpn
							systemctl reload shorewall
							_multipath
							break
						fi
					fi
				fi
			done < <(printf '%s\n' "$allip")
			[ -z "$iface" ] && {
				logger -t "OMR-Service" "Restart Glorytun and networkd"
				systemctl -q restart glorytun-tcp@tun0
				systemctl -q restart glorytun-udp@tun0
				systemctl -q restart systemd-networkd
				_multipath
				sleep 10
			}
		fi
	fi
	result="$(curl -Isk -m 30 https://127.0.0.1:65500/status | head -n 1 | grep 401)"
	if [ "$result" = "" ]; then
		logger -t "OMR-Service" "Restart OMR Admin"
		systemctl -q restart omr-admin
		sleep 10
	fi
	sleep 5
done
