1#!/bin/sh
2
3push_na_rule(){
4	cat <<EOF
5push "route 3.0.0.0 255.0.0.0 $gateway"
6push "route 4.0.0.0 255.0.0.0 $gateway"
7push "route 8.0.0.0 255.0.0.0 $gateway"
8push "route 9.0.0.0 255.0.0.0 $gateway"
9push "route 14.0.0.0 255.0.0.0 $gateway"
10push "route 16.0.0.0 255.0.0.0 $gateway"
11push "route 18.0.0.0 255.0.0.0 $gateway"
12push "route 23.0.0.0 255.0.0.0 $gateway"
13push "route 47.128.0.0 255.128.0.0 $gateway"
14push "route 54.0.0.0 255.0.0.0 $gateway"
15push "route 184.0.0.0 255.0.0.0 $gateway"
16push "route 69.0.0.0 255.0.0.0 $gateway"
17push "route 204.245.0.0 255.255.0.0 $gateway"
18push "route 173.224.0.0 255.255.0.0 $gateway"
19EOF
20}
21
22push_eu_rule(){
23	cat <<EOF
24push "route 57.0.0.0 255.0.0.0 $gateway"
25push "route 90.0.0.0 255.128.0.0 $gateway"
26push "route 78.192.0.0  255.192.0.0 $gateway"
27push "route 92.128.0.0 255.192.0.0 $gateway"
28push "route 86.192.0.0 255.192.0.0 $gateway"
29push "route 176.128.0.0 255.192.0.0 $gateway"
30push "route 25.0.0.0 255.0.0.0 $gateway"
31push "route 51.0.0.0 255.0.0.0 $gateway"
32push "route 86.128.0.0 255.192.0.0 $gateway"
33push "route 53.0.0.0 255.0.0.0 $gateway"
34push "route 84.128.0.0 255.192.0.0 $gateway"
35push "route 93.192.0.0 255.192.0.0 $gateway"
36push "route 176.0.0.0 255.192.0.0 $gateway"
37push "route 151.3.0.0 255.128.0.0 $gateway"
38EOF
39}
40
41push_home_rule(){
42	cat <<EOF
43push "route-delay 10"
44push "route $lan_net_id $lan_netmask $gateway"
45EOF
46	if [ "$1" = "tun" ]; then
47	cat <<EOF
48push "route $tun_subnet $lan_netmask $gateway"
49EOF
50	fi
51}
52
53push_all_site_rule(){
54	if [ "$1" = "tap" ]; then
55	cat <<EOF
56push "route-delay 10"
57push "route-gateway $gateway"
58EOF
59	fi
60	cat <<EOF
61push "redirect-gateway def1"
62EOF
63}
64
65lan_ipaddr=$(config get lan_ipaddr)
66lan_netmask=$(config get lan_netmask)
67lan_net_id=$(net_id $lan_ipaddr $lan_netmask) 
68if [ $1 = "tap" ]; then 
69	gateway=$lan_ipaddr
70else
71	tun_subnet=$(tun_net $lan_ipaddr $lan_netmask)
72	gateway=$ifconfig_pool_local_ip
73fi
74
75vpn_access_mode=$(config get vpn_access_mode)
76case $vpn_access_mode in 
77  "auto")
78	/usr/sbin/wget -T 10 http://www.speedtest.net/api/country?ip=$trusted_ip -O /tmp/openvpn/client_location
79	client_location=$(cat /tmp/openvpn/client_location)
80	server_location=$(cat /tmp/openvpn/server_location)
81	if [ "$server_location" = "US" ] && [ "$client_location" != "US" ]; then
82		# push NA routing rule + home network rule to client 	
83		push_na_rule > $2
84		push_home_rule $1>> $2
85	elif [ "$server_location" = "EU" ] && [ "$client_location" != "EU" ]; then	
86		# push EU routing rule + home network rule to client 	
87		push_eu_rule > $2
88		push_home_rule $1 >> $2
89	else
90		# push only home network rule to client 	
91		push_home_rule $1> $2
92	fi
93	;;
94 "home")
95		push_home_rule $1> $2
96	;;
97 "all")
98   push_all_site_rule $1> $2
99   ;;
100esac
101
102