#!/bin/sh

uci -q batch <<-EOF >/dev/null
	delete firewall.ipsecd
	set firewall.ipsecd=include
	set firewall.ipsecd.type=script
	set firewall.ipsecd.path=/etc/ipsec.include
	set firewall.ipsecd.reload=1
	commit firewall
EOF

uci -q batch <<-EOF >/dev/null
	delete network.VPN
	set network.VPN=interface
	set network.VPN.ifname="ipsec0"
	set network.VPN.proto="static"
	set network.VPN.ipaddr="10.10.10.1"
	set network.VPN.netmask="255.255.255.0"
	
	commit network
		
	delete firewall.ike
	add firewall rule
	rename firewall.@rule[-1]="ike"
	set firewall.@rule[-1].name="ike"
	set firewall.@rule[-1].target="ACCEPT"
	set firewall.@rule[-1].src="wan"
	set firewall.@rule[-1].proto="udp"
	set firewall.@rule[-1].dest_port="500"
  
	delete firewall.ipsec
	add firewall rule
	rename firewall.@rule[-1]="ipsec"
	set firewall.@rule[-1].name="ipsec"
	set firewall.@rule[-1].target="ACCEPT"
	set firewall.@rule[-1].src="wan"
	set firewall.@rule[-1].proto="udp"
	set firewall.@rule[-1].dest_port="4500"
  
	delete firewall.ah
	add firewall rule
	rename firewall.@rule[-1]="ah"
	set firewall.@rule[-1].name="ah"
	set firewall.@rule[-1].target="ACCEPT"
	set firewall.@rule[-1].src="wan"
	set firewall.@rule[-1].proto="ah"
  
	delete firewall.esp
	add firewall rule
	rename firewall.@rule[-1]="esp"
	set firewall.@rule[-1].name="esp"
	set firewall.@rule[-1].target="ACCEPT"
	set firewall.@rule[-1].src="wan"
	set firewall.@rule[-1].proto="esp"
  
	delete firewall.VPN
	set firewall.VPN=zone
	set firewall.VPN.name="VPN"
	set firewall.VPN.input="ACCEPT"
	set firewall.VPN.forward="ACCEPT"
	set firewall.VPN.output="ACCEPT"
	set firewall.VPN.network="VPN"
	
	delete firewall.vpn
	set firewall.vpn=forwarding
	set firewall.vpn.name="vpn"
	set firewall.vpn.dest="wan"
	set firewall.vpn.src="VPN"
  
	commit firewall
EOF

uci -q batch <<-EOF >/dev/null
	delete ucitrack.@ipsec[-1]
	add ucitrack ipsec
	set ucitrack.@ipsec[-1].init=ipsec
	commit ucitrack
EOF

rm -f /tmp/luci-indexcache
exit 0