#!/bin/bash

SSH_VPN_SERVER=dni@preprod.matelex.info
SSH_VPN_PRIV_CERT=/etc/ssh/ssh_host_rsa_key
SSH_VPN_LOC_SOCKET=vpn-ssh.XXXX
SSH_VPN_LOC_PORT=22
SSH_VPN_REM_PORT=0


# Read the PB-ID for remote port
read_PBID()
{
	echo "Read port number for SSH-VPN"
	SSH_VPN_REM_PORT="$(sed -En 's/DniNumber=*([^ ]+).*$/\1/p' /etc/matelex/controller.conf)"
	echo "Readed remote SSH port number: ${SSH_VPN_REM_PORT}"
}

# Start SSH-VPN
vpn_start()
{
        echo "Start SSH-VPN to server ${SSH_VPN_SERVER}"
        # Check if SSH_VPN_LOC_SOCKET exist
	if [ -f "$(/usr/bin/find /tmp -type f -iname 'ssh-vpn.*')" ]
	    then
	        echo "The SSH-VPN (${SSH_VPN_LOC_SOCKET}) is already open, please STOP before"
	        exit 1
	fi

        # Read PB ID (SSH_VPN_REM_PORT)
	read_PBID
	if [ ${SSH_VPN_REM_PORT} == "0" ]; then echo "DNI Number NOT configured, DniNumber=O!"; exit 1; fi

        # Start VPN
        /usr/bin/mktemp -t "${SSH_VPN_LOC_SOCKET}"
#        /usr/bin/ssh -M -S ${SSH_VPN_LOC_SOCKET} -i ${SSH_VPN_PRIV_CERT} -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${SSH_VPN_REM_PORT}:localhost:${SSH_VPN_LOC_PORT} -N -f ${SSH_VPN_SERVER}
        /usr/bin/ssh -M -S ${SSH_VPN_LOC_SOCKET} -i ${SSH_VPN_PRIV_CERT} -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${SSH_VPN_REM_PORT}:localhost:${SSH_VPN_LOC_PORT} -N ${SSH_VPN_SERVER}
}

# Stop SSH-VPN
vpn_stop()
{
        echo "Stop SSH-VPN"
        /usr/bin/ssh -S ${SSH_VPN_LOC_SOCKET} -O exit ${SSH_VPN_SERVER}
	/usr/bin/rm /tmp/vpn-ssh.*
}

# Status SSH-VPN
vpn_status()
{
        echo "SSH-VPN Status"
        /usr/bin/ssh -S ${SSH_VPN_LOC_SOCKET} -O check ${SSH_VPN_SERVER}
}

# Configure SSH-VPN
vpn_config()
{
        echo "SSH-VPN Config"
	/usr/bin/sed -i 's/#HostKey/HostKey/g' /etc/ssh/sshd_config
	/usr/bin/sed -i 's/#AllowTcpForwarding yes/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
	/usr/bin/sed -i 's/#GatewayPorts no/GatewayPorts yes/g' /etc/ssh/sshd_config
	/usr/bin/sed -i 's/#PermitTunnel no/PermitTunnel yes/g' /etc/ssh/sshd_config
	/usr/bin/systemctl reload ssh.service
}

###########################
#  Execution starts here  #
###########################
if [ $# -lt 1 ]; then
    echo "This script creates an SSH VPN tunnel to server ${SSH_VPN_SERVER}"
    echo "Usage: $0 start|stop|restart|status|config"
    exit 1
fi

case $1 in
start)
        vpn_start
        ;;
stop)
        vpn_stop
        ;;
restart)
        vpn_stop
        vpn_start
        ;;
status)
        vpn_status
        ;;
config)
        vpn_config
        ;;
esac

exit 0
