#!/bin/sh
# Author: Blake, Kuo-Lien Huang
# License: GPL
# Description:
#   A modified version from the scripts described in the book 
#   Building Linux VPNs, New Riders, ISBN 1-57870-266-6, by
#   Oleg Kilesnikov and Brian Hatch
#
#   The website of the book is http://www.buildinglinuxvpns.net/

SU=/bin/su
SUDO=/usr/bin/sudo
PPPD=/usr/sbin/pppd
ROUTE=/sbin/route
WHOAMI=/usr/bin/whoami
SSH=/usr/bin/ssh
SCP=/usr/bin/scp
SSH_VPN_USER=`$WHOAMI`
SSH_ARGS="-oBatchMode=yes -enone -t -t"
SCP_ARGS="-q -oBatchMode=yes"
PIDDIR=/var/run

vpn_config () {
      vpn_network=$1
      . $vpn_network || exit 0

      vpn_network=${vpn_network##/*/}
      vpn_network=${vpn_network##*/}

      if [ "$client_debug" = "yes" ] ; then
            set -x
            client_pppd_args="$client_pppd_args debug"
      elif [ "$server_debug" = "yes" ] ; then
            set -x
	    server_pppd_args="$server_pppd_args debug"
      fi

      SSH_ARGS="$SSH_ARGS $server_ip"
}

vpn_config_example() {
  tail +${LINENO_SSHVPN} $0 | head -n ${LINENO_EXAMPLE} -
}

vpn_usage() {
  echo "Usage: $0 start|stop config" >&2
  echo "  'config' is a file that contains the following entries:"
  echo "   server_ip, client_debug, server_debug,"
  echo "   client_network, server_network, server_ppp_ip, client_ppp_ip,"
  echo "   client_require_pap, server_require_pap, client_require_chap, "
  echo "   server_require_chap."
  echo "   the command '$0 example' will give you"
  echo "   a example of the 'config' file"
}

# Determine how we should behave:

if [ ! -z "$LINKNAME" ] ; then
        # We were called as the ip-up script from pppd

        vpn_config $LINKNAME

        # Configure our new route
        # sudo not needed -- we were run from pppd as root

        # $IPREMOTE is set by pppd for us
        [ "$server_network" ] && $ROUTE add -net $server_network gw $IPREMOTE

        exit 0;

elif [ "$1" = "stop" ] ; then

        [ ! "$2" ] && vpn_usage && exit 1
		vpn_config "$2" 

        tail +${LINENO_KILLVPN} $0 > /tmp/killvpn
        chmod 755 /tmp/killvpn

        $SCP $SCP_ARGS /tmp/killvpn $SSH_VPN_USER@$server_ip:/tmp
        $SSH $SSH_ARGS "$SUDO /tmp/killvpn $vpn_network"
		rm -f /tmp/killvpn

        exit 0;

elif [ "$1" = "start" ] ; then
      # started init.d style, similar to above.

        [ ! "$2" ] && vpn_usage && exit 1
		vpn_config "$2"

elif [ "$1" = "example" ] ; then
        
		vpn_config_example
        exit 1

else
        vpn_usage
        exit 1
fi


## client ..
# Universal pppd arguments
CLIENT_PPPD_ARGS="updetach lock connect-delay 10000 name $vpn_network-client \
user $vpn_network-client linkname $vpn_network \
remotename $vpn_network-server $client_pppd_args pty"

# Munge PPPD_ARGS for desired auth level
if [ "$client_require_pap" = "yes" ] ; then
        CLIENT_PPPD_ARGS="require-pap $CLIENT_PPPD_ARGS"
elif [ "$client_require_chap" = "yes" ] ; then
        CLIENT_PPPD_ARGS="require-chap $CLIENT_PPPD_ARGS"
else
        CLIENT_PPPD_ARGS="noauth $CLIENT_PPPD_ARGS"
fi

## server
SERVER_PPPD_ARGS="updetach linkname $vpn_network \
remotename $vpn_network-client user $vpn_network-server \
name $vpn_network-server $server_pppd_args"

if [ "$server_require_pap" = "yes" ] ; then
        SERVER_PPPD_ARGS="require-pap $SERVER_PPPD_ARGS"
elif [ "$server_require_chap" = "yes" ] ; then
        SERVER_PPPD_ARGS="require-chap $SERVER_PPPD_ARGS"
else
        SERVER_PPPD_ARGS="noauth $SERVER_PPPD_ARGS"
fi

SERVER_PPPD_ARGS="$SERVER_PPPD_ARGS $server_ppp_ip:$client_ppp_ip"

# Start our pppd/ssh processes
echo "$SUDO $PPPD $CLIENT_PPPD_ARGS \
        \"$SUDO -u $SSH_VPN_USER $SSH $SSH_ARGS $PPPD $SERVER_PPPD_ARGS\"" 

$SUDO $PPPD $CLIENT_PPPD_ARGS \
        "$SUDO -u $SSH_VPN_USER $SSH $SSH_ARGS $SUDO $PPPD $SERVER_PPPD_ARGS" 
exit 0
