# Make sure script is ran as root
if [[ $EUID -ne 0 ]]; then
        exec sudo /bin/bash "$0" "$@"
fi

DIR=$(pwd)
for i in {1..255}; do
	CLIENT_NAME="client$i"
	if [ ! -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
		break
	fi
done
read -e -p "Enter client name: " -i "$CLIENT_NAME" CLIENT_NAME
if [ -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
	echo Client $CLIENT_NAME already exists...
	exit 1
fi
VPN_SUBNET=$(grep -E '^server ' "/etc/openvpn/myserver.conf" | awk '{print $2}')
read -e -p "Use static IP for this client? VPN subnet is $VPN_SUBNET (Leave empty for dynamic): " -i "" CLIENT_IP
if [ ! -z "${CLIENT_IP}" ]; then
	echo Setting IP...
cat > "/etc/openvpn/ccd/$CLIENT_NAME" <<EOL
ifconfig-push $CLIENT_IP 255.255.255.0
EOL
fi

cd /etc/openvpn/easy-rsa
./easyrsa gen-req $CLIENT_NAME nopass
./easyrsa sign-req client $CLIENT_NAME

CA_CERT=$(cat "/etc/openvpn/ca.crt")
CLIENT_CERT=$(cat "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt")
CLIENT_KEY=$(cat "/etc/openvpn/easy-rsa/pki/private/$CLIENT_NAME.key")
TA_KEY=$(cat "/etc/openvpn/ta.key")

cd "$DIR"
cat > $CLIENT_NAME.conf <<EOL
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA1
# tls-client
client
resolv-retry infinite
remote home.myspace.nu 1294 udp
# remote-cert-tls server
float
verb 3

<ca>
$CA_CERT
</ca>
<cert>
$CLIENT_CERT
</cert>
<key>
$CLIENT_KEY
</key>
key-direction 1
<tls-auth>
$TA_KEY
</tls-auth>
EOL