#!/bin/bash

if [ "$EUID" -ne 0 ]
then
	echo "Root-Rechte werden benötigt."
	exit 1
fi

if [ -z "$1" ] || [ -z "$2" ]
then
	echo "Starte das Skript mit den Daten deines Uni-Accounts: vpn-configure USERNAME PASSWORD"
	exit 1
fi
username=$1
password=$2

apt -y install strongswan libcharon-extra-plugins libcharon-extra-plugins resolvconf

printf '%s\n\t' 'conn tu-dortmund' 'keyexchange=ike' 'ike=aes128-sha256-modp1024' 'esp=aes128-sha256-modp1024' 'dpdaction=clear' 'dpddelay=300s' "eap_identity=${username}" 'leftauth=eap-mschapv2' 'left=%defaultroute' 'leftdns=129.217.129.42' 'leftsourceip=%config' 'right=stud.vpn.tu-dortmund.de' 'rightauth=pubkey' 'rightsubnet=0.0.0.0/0' 'type=tunnel' '#tu-dortmund' 'auto=add' >  /etc/ipsec.conf
printf '%s' "${username}" ' : EAP ' "${password}" $'\n' >> /etc/ipsec.secrets
printf '%s\n\t' '/etc/resolv.conf rw,' '/run/systemd/resolve/stub-resolv.conf rw,' > /etc/apparmor.d/local/usr.lib.ipsec.charon
if [ -L "/etc/ipsec.d/cacerts" ]
then
	rm /etc/ipsec.d/cacerts
fi
if [ -d "/etc/ipsec.d/cacerts" ]
then
	rmdir /etc/ipsec.d/cacerts
fi
ln -s /etc/ssl/certs /etc/ipsec.d/cacerts
ipsec restart

echo ""
echo "vpn-configure erfolgreich abgeschlossen."