#!/bin/sh
################################################################################
# Most portions of this script shamelessly stolen from the original script     #
# provided with the vpnc project.  Script has been fixed to work with FreeBSD  #
# and commented.                                                               #
#                                                                              #
# Modifications by: Jason But 2004                                             #
################################################################################
#* VPNGATEWAY             -- vpn gateway address (always present)
#* TUNDEV                 -- tunnel device (always present)
#* INTERNAL_IP4_ADDRESS   -- address (always present)
#* INTERNAL_IP4_NETMASK   -- netmask (often unset)
#* INTERNAL_IP4_DNS       -- list of dns serverss
#* INTERNAL_IP4_NBNS      -- list of wins servers
#* CISCO_DEF_DOMAIN       -- default domain name
#* CISCO_BANNER           -- banner from server

################################################################################
# Filenames where runtime database information is stored to be used by the     #
# corresponding vpnc-disconnect script.                                        #
################################################################################
defr=/var/run/vpnc/defaultroute
gateway=/var/run/vpnc/gateway
pid=/var/run/vpnc/pid

################################################################################
# Check to see if called as a first instance (to connect to a VPN Gateway).    #
# If so, the ($VPNGATEWAY) variable will not be set.  Most of this code does   #
# some checking - locating the vpnc executable, ensuring the directory for the #
# location of the database file exists, and killing any currently running      #
# instance of vpnc before continuing.                                          #
# Once this is complete, we run vpnc, storing the process ID in the specified  #
# file, telling it to recall this script once the connection is complete, and  #
# with any parameters originally passed to this script.                        #
################################################################################
if [ -z "$VPNGATEWAY" ]; then
    if [ -x "`which vpnc`" ]; then
        VPNC="`which vpnc`"
    elif [ -x /usr/local/sbin/vpnc ]; then
       	VPNC=/usr/sbin/vpnc
    elif [ -x /usr/sbin/vpnc ]; then
       	VPNC=/usr/sbin/vpnc
    elif [ -x $(dirname $0)/vpnc ]; then
       	VPNC=$(dirname $0)/vpnc
    else
       	echo No vpnc daemon found, aborting...
        exit 1
    fi

    for i in "$gateway" "$defr" "$pid"; do
        mkdir -p $(dirname "$i")
    done

    PID="$(cat "$pid" 2> /dev/null)"

    if [ "$PID" ]; then
        if kill -0 "$PID" > /dev/null 2>&1; then
            echo "vpnc found running (pid: $PID, pidfile: $pid)"
            exit 1
        fi
    fi

    echo "...Connecting to $VPNGATEWAY"
    exec "$VPNC" --pid-file "$pid" --script "$0" "$@" || exit 1
fi

################################################################################
# This portion of the script is executed when the script is re-called by vpnc, #
# not when it is called by the user to connect.  This segment runs AFTER the   #
# IPSec negotiation is complete and is used to configure the tunnel device and #
# the routing tables to go through the VPN connection.                         #
################################################################################
echo
echo "...Connected! Configuring devices and Routing tables"

ifconfig $TUNDEV inet $INTERNAL_IP4_ADDRESS $INTERNAL_IP4_ADDRESS netmask 255.255.255.255 mtu 1412 up

################################################################################
# Add a new static route to the VPN Gateway using the current route to get to  #
# this host.  This ensures that we can always reach the gateway, even after a  #
# new default route is added.  Funky actions applied to extract the current    #
# gateway to VPNGATEWAY and format it for use in a 'route add' command.        #
################################################################################
route add -host $VPNGATEWAY $(route -n get $VPNGATEWAY | awk '/gateway:/ { print $2 }')

################################################################################
# Store the current default route in the file ($defr) so it can be reapplied   #
# when vpnc-disconnect is called.  Store the VPN Gateway address in the file   #
# ($gateway) so the route can be found and removed when vpnc-disconnect is     #
# called.                                                                      #
################################################################################
echo "default `route -n get default | awk '/gateway:/ { print $2 }'`" > "$defr"
echo "$VPNGATEWAY" > "$gateway"

################################################################################
# Delete the current default route and replace it with one that tunnels all    #
# traffic without a specific route to the tunnel device $TUNDEV.               #
################################################################################
route delete default
route add default -interface $TUNDEV

exit 0