# https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto

mkdir -p /etc/openvpn/server
cd /etc/openvpn/server

if [ -z "$2" ]; then
    echo "Caranya: $0 <nama-server> <network>"
    echo "Contoh: $0 vpn-server 10.8.41.0"
    exit 0
fi

HOSTNAME=$1
NETWORK=$2

if [ ! -d easy-rsa ]; then
    if [ ! -f /usr/bin/git ]; then
        apt-get install git
    fi
    git clone https://github.com/OpenVPN/easy-rsa --depth=1
fi

cp -r easy-rsa/easyrsa3 easyrsa3-ca
cd easyrsa3-ca
echo "Current directory "`pwd`
./easyrsa init-pki || exit 1

sed -e 's/^#set_var EASYRSA_CA_EXPIRE/set_var EASYRSA_CA_EXPIRE/g' /usr/share/easy-rsa/vars.example > /tmp/vars || exit 1
sed -e 's/^#set_var EASYRSA_CERT_EXPIRE\t825/set_var EASYRSA_CERT_EXPIRE\t3650/g' /tmp/vars > pki/vars || exit 1
./easyrsa build-ca || exit 1
cd ..
echo "Current directory "`pwd`

cp -r easy-rsa/easyrsa3 easyrsa3-server
cd easyrsa3-server
echo "Current directory "`pwd`
./easyrsa init-pki || exit 1
sed -e 's/^#set_var EASYRSA_CA_EXPIRE/set_var EASYRSA_CA_EXPIRE/g' /usr/share/easy-rsa/vars.example > /tmp/vars || exit 1
sed -e 's/^#set_var EASYRSA_CERT_EXPIRE\t825/set_var EASYRSA_CERT_EXPIRE\t3650/g' /tmp/vars > pki/vars || exit 1
./easyrsa gen-req $HOSTNAME nopass || exit 1
cd ..
echo "Current directory "`pwd`

cd easyrsa3-ca
echo "Current directory "`pwd`
./easyrsa import-req ../easyrsa3-server/pki/reqs/$HOSTNAME.req $HOSTNAME || exit 1
./easyrsa sign server $HOSTNAME || exit 1
./easyrsa gen-dh || exit 1
cd ..
echo "Current directory "`pwd`

cp -va easyrsa3-ca/pki/ca.crt .
cp -va easyrsa3-ca/pki/issued/$HOSTNAME.crt server.crt
cp -va easyrsa3-ca/pki/dh.pem .
cp -va easyrsa3-server/pki/private/$HOSTNAME.key server.key

# http://stackoverflow.com/questions/3368955/how-to-make-a-line-as-a-comment-in-sed

if [ -f server.conf ]; then
    exit 0
fi

if [ -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then
    cp -v /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz .
    gunzip server.conf.gz
else
    cp -v /usr/share/doc/openvpn/examples/sample-config-files/server.conf . || exit 1
fi

sed '/^proto udp/s/^/;/' server.conf > server.conf.tmp
sed -e 's/^;proto tcp/proto tcp/g' server.conf.tmp > server.conf
sed '/^dev tap/s/^/;/' server.conf > server.conf.tmp
sed -e 's/^;dev tun/dev tun/g' server.conf.tmp > server.conf
sed -e 's/^dh dh2048.pem/dh dh.pem/g' server.conf > server.conf.tmp
sed -e 's/^server 10.8.0.0/server '$NETWORK' /g' server.conf.tmp > server.conf 
sed -e 's/^;client-to-client/client-to-client/g' server.conf > server.conf.tmp
sed '/^explicit-exit-notify/s/^/;/' server.conf.tmp > server.conf
sed '/^tls-auth ta.key 0/s/^/;/' server.conf > server.conf.tmp
mv server.conf.tmp server.conf

cd /etc/openvpn
ln -s server/dh.pem
ln -s server/ca.crt 
ln -s server/server.key
ln -s server/server.crt 
ln -s server/server.conf