#!/bin/sh

uci -q batch <<-EOF >/dev/null
	delete ucitrack.@glorytun[-1]
	add ucitrack glorytun
	set ucitrack.@glorytun[-1].init=glorytun
	delete ucitrack.@glorytun-udp[-1]
	add ucitrack glorytun-udp
	set ucitrack.@glorytun-udp[-1].init=glorytun-udp
	commit ucitrack
EOF

uci -q batch <<-EOF >/dev/null
	delete network.glorytun=interface
	set network.glorytun=interface
	set network.glorytun.ifname=tun0
	set network.glorytun.proto=none
	set network.glorytun.ip4table=vpn
	set network.glorytun.multipath=off
	set network.glorytun.defaultroute=0
	commit network
EOF
uci -q batch <<-EOF >/dev/null
	add firewall zone
	set firewall.@zone[-1].name=vpn
	set firewall.@zone[-1].network=glorytun
	set firewall.@zone[-1].masq=1
	set firewall.@zone[-1].input=REJECT
	set firewall.@zone[-1].forward=REJECT
	set firewall.@zone[-1].output=ACCEPT
	set firewall.allow_dhcp_request_vpn=rule
	set firewall.allow_dhcp_request_vpn.name=Allow-DHCP-Request-VPN
	set firewall.allow_dhcp_request_vpn.src=glorytun
	set firewall.allow_dhcp_request_vpn.proto=udp
	set firewall.allow_dhcp_request_vpn.dest_port=67
	set firewall.allow_dhcp_request_vpn.target=ACCEPT
	set firewall.allow_dhcp_request_vpn.family=ipv4
	set firewall.redirect_vpn_to_lan=redirect
	set firewall.redirect_vpn_to_lan.name=Redirect-VPN-to-LAN
	set firewall.redirect_vpn_to_lan.src=vpn
	set firewall.redirect_vpn_to_lan.dest=lan
	set firewall.redirect_vpn_to_lan.proto=all
	set firewall.redirect_vpn_to_lan.enabled=1
	set firewall.redirect_vpn_to_lan.src_dip=192.168.100.1
	commit firewall
EOF

rm -f /tmp/luci-indexcache
exit 0