#!/bin/sh
USERNAME=""
PASSWORD=""
PROTO="udp"
TUN="tun1"
REMOTE="remote 38.132.111.190 1194"
CA_CRT='-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgIJALvSMaZkTqL3MA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD
VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEbMBkGA1UEAxMSdXMxMDE5Lm5vcmR2
cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
cmR2cG4uY29tMB4XDTE3MTAxODE2MzYxMVoXDTI3MTAxNjE2MzYxMVowgZ8xCzAJ
BgNVBAYTAlBBMQswCQYDVQQIEwJQQTEPMA0GA1UEBxMGUGFuYW1hMRAwDgYDVQQK
EwdOb3JkVlBOMRAwDgYDVQQLEwdOb3JkVlBOMRswGQYDVQQDExJ1czEwMTkubm9y
ZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRA
bm9yZHZwbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0wvlR
QsN3qzD8qBNV4Lc1zOTfdBZ7fhtA/uuTz3E3s04fmFc4lLnlBxkQ4JdLX4o0zV5q
k6ac1hQ4+8j4fnNay+N0imef/1XKlg6lrnD2/uoQYzs1lbdGBjxh53B6/Uq4X34q
WVt5lrSnRfXwJtVG/rK/9OH7zq2whle59kxOrygXeHE/jaP07B5XCAy3r82VxMIC
KP7b0dnUFwp7gbLW0RMTbyblMowJsjQfh0Agqwyw4ye5zMqdL//zKO6dQ5hdDy17
pwZR+6fXFxsxryQPDuh6ExTnNAvyWEn6Eetjet3wlTpJwDR2CmdlLjVp6NeZ4M7A
dIDYUUHmBnEJ0SypAgMBAAGjggEIMIIBBDAdBgNVHQ4EFgQUf+YTRBRDRccEnHS/
+b10HXSEn6cwgdQGA1UdIwSBzDCByYAUf+YTRBRDRccEnHS/+b10HXSEn6ehgaWk
gaIwgZ8xCzAJBgNVBAYTAlBBMQswCQYDVQQIEwJQQTEPMA0GA1UEBxMGUGFuYW1h
MRAwDgYDVQQKEwdOb3JkVlBOMRAwDgYDVQQLEwdOb3JkVlBOMRswGQYDVQQDExJ1
czEwMTkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0B
CQEWEGNlcnRAbm9yZHZwbi5jb22CCQC70jGmZE6i9zAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQCQHdgGncjrSSifMpZAIQB38E2dciucX5dGtPOLqlSn
Ad0GNKMntO0YfbSfgqG6PnES7vzmFvsvwFbNJ9V7r4w2ErlDSnkCggk7WgPAZte6
R1SJgOYJSXlA1oLP+4F1uM8CN2qwtaujyHEoYxam+lCqbuwoY8buNCmCVoARGppA
oBhg2C7giJVbi+bBK8Rap6Q7/FGZ43joKyMX6n0NnC4wLzoEeg9Rl30c//Yo5OGZ
+A4mFP1fAV97CXUhLijKrSqdK7UYxj9eXd2H06Cg/2IwXUV9ROf3YgRm095VC7us
MfRd9YHaxxuBdBnJ2Rsk5q/JZatG7isZwfFLWlQS9eiY
-----END CERTIFICATE-----'
TLS_AUTH='-----BEGIN OpenVPN Static key V1-----
3f0caf14b74143b1f704cf87c160b27c
6214d16c712c66f1c387e888176f50c4
8afdee9386ce38a87825ddf9a7eea2dc
f36572969bc1c37e6b9d4c279e69da96
3cc3c606dd70b83f78e34e7bd66b86e6
755a88a4fc3c129d018bfe704c9d387b
69eb293f150aa0a7ad69bc328099ce76
43bf4df8c8586ddcdb639e7fe301ac6a
b13f6a9558f5482ab50b4493b1739e7d
4512e0adedca74254baf5ae8023e70b6
dba8929dfd9ed288aba1114f13014696
8c268df506a3977b6d8db067a54592ba
e7c54eea57d0a001f01b4f479677369e
7da3bcf8bd6a14a35a85960fee0b8d90
a2d7402b3fd798bd79cf33b4c2bfb34f
4ea5ef59a2a0771ac909fa37b0e5357d
-----END OpenVPN Static key V1-----'
#### Don't modify below here, except the "auth sha512" line ####
#### Ensure gui client disabled ####
if [ `nvram get openvpncl_enable` != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
sleep 10
fi
mkdir /tmp/vpncl; cd /tmp/vpncl
echo -e "$USERNAME\n$PASSWORD" > userpass.txt
echo "#!/bin/sh
iptables -t nat -I POSTROUTING -o $TUN -j MASQUERADE" > route-up.sh
echo "#!/bin/sh
iptables -t nat -D POSTROUTING -o $TUN -j MASQUERADE" > route-down.sh
echo "$CA_CRT" > ca.crt
echo "$TLS_AUTH" > tls-auth.key
sleep 10
echo "client
dev $TUN
proto $PROTO
$REMOTE
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
keepalive 5 30
comp-lzo
mute 20
verb 3
log-append /tmp/vpn.log
log /tmp/nord.log
fast-io
auth-user-pass userpass.txt
script-security 2
remote-cert-tls server
cipher AES-256-CBC
# if the server is relatively new and uses sha512, uncomment the line below
auth sha512
ca ca.crt
tls-auth tls-auth.key 1
daemon" > openvpn.conf
chmod 600 ca.crt tls-auth.key userpass.txt openvpn.conf; chmod 700 route-up.sh route-down.sh
(killall openvpn ; openvpn --config openvpn.conf --route-up /tmp/vpncl/route-up.sh --down-pre /tmp/vpncl/route-down.sh) &
exit 0
