#!/bin/sh

cmd=$1

# vpn info
# site : host : cert
vpn_sites[0]="Denver:denam.vpn.jdsu.com:124cc61d9018cd96a23402b819b4bf3e11654331d3a0ddc15c362efaad470abe:sha256:anyconnect"
vpn_sites[1]="Milpitas:milam.vpn.jdsu.com:a08afd5054b9cdeaabfa7bd587e59fdc7c34be887445260c3b7d2c625e5b2615:sha256:anyconnect"
vpn_sites[2]="Germantown:geram.vpn.jdsu.com:cd3cd4253a048039d90ca94319a8a9ee2f4bacda8eeb6021455d84ad957d7e5a:sha256:anyconnect"
vpn_sites[3]="Stevenage:195.89.37.174:DkLR3vsLpiMy+3R4lDVvcYlr7zAJP99UVXGZ8+3+G/Y=:pin-sha256:anyconnect"
vpn_sites[4]="Romania:emea.vpn.jdsu.com:8E4iogVBsx4D8mwXZl4FddBnukVwETijWmAly+ZoMk8=:pin-sha256:anyconnect"

# vpn_sites[5]="Eningen_not_ready_yet_:193.102.179.30:8E4iogVBsx4D8mwXZl4FddBnukVwETijWmAly+ZoMk8=:pin-sha256:anyconnect"
# vpn_sites[6]="SaintEtienne:stegp.viavisolutions.com:T75+PQySqrRb2+yuuH+BfUkNkbfF+AAuLkc4fjlUGdA=:pin-sha256:gp"


# TODO: With Eningen we have this error: "Failed to obtain WebVPN cookie"

num_sites=${#vpn_sites[@]}

for (( i=0; i<$num_sites; i++ )); do
    site_rec=${vpn_sites[$i]}
    site[$i]="${site_rec%%:*}"
    IFS=: eval 'set -- ${site_rec#*:}'
    host[$i]=$1
    cert[$i]=$2
    certformat[$i]=$3
    protocol[$i]=$4
done


abort()
{
    echo "abort"
    dmesg -n 4
    exit 1
}

tun_is_not_installed()
{
    if lsmod | grep -wq tun > /dev/null
    then
        # installed
        echo 0
    else
        # not installed
        echo 1
    fi
}

install_tun()
{
    echo -n "installing tunnel driver.. "
    modprobe tun &> /dev/null
    if [ $? != 0 ]
    then
        echo "failed"
        abort
    else
        sleep 2
        echo "ok"
    fi
}

startvpn()
{
    while true; do
        echo "Select vpn site:"
        for (( i=0; i<$num_sites; i++ )); do
            echo "  $(( i + 1 )) ${site[$i]}"
        done
        echo -n "Enter 1-$num_sites (q-quit): "
        read ant
        #echo "ant"=$ant
        if [ $ant == "q" ]; then
            abort
        fi
        if (( ($ant >= 1) && ($ant <= $num_sites) )); then
            sel=$(( ant - 1 ))
            break
        fi
    done
    #echo "sel=$sel"

    # install tunnel driver
    if (( $( tun_is_not_installed ) ))
    then
        install_tun
    fi

    echo "Starting vpn.. "
    # not using --base-mtu=1194 anymore
    # echo "openconnect -q -l -b -s /etc/vpnc/vpnc-script ${host[$sel]} --servercert '${certformat[$sel]}:${cert[$sel]}' -authgroup=Employee"
    openconnect -q -l -b -s /etc/vpnc/vpnc-script --protocol ${protocol[$sel]} ${host[$sel]} --servercert "${certformat[$sel]}:${cert[$sel]}" --authgroup=NoMFA-Employee
}

stopvpn()
{
    # kill openconnect
    # use sigint for clean shutdown including, logging off session,
    #  disconnecting from gateway, and restoring network configuration
    pid=`ps | grep openconnect | grep -v grep | awk '{print $1}'`
    #echo "openconnect pid=$pid"
    if [[ "" != "$pid" ]]
    then
        echo -n "stopping openconnect.. "
        kill -2 $pid
        echo "ok"
    fi
}

if [ "x$cmd" = "xstart" ]
then
    startvpn
elif [ "x$cmd" = "xstop" ]
then
    stopvpn
else
    echo "usage: $0 [start|stop] $cmd"
fi

