#!/bin/sh

uci set network.vpn0="interface"
uci set network.vpn0.ifname="tun0"
uci set network.vpn0.proto="none"
uci commit network;
/etc/init.d/network reload

uci delete firewall.openvpn
uci add firewall rule 
uci rename firewall.@rule[-1]="openvpn"
uci set firewall.@rule[-1].name="openvpn"
uci set firewall.@rule[-1].target="ACCEPT"
uci set firewall.@rule[-1].src="wan"
uci set firewall.@rule[-1].proto="tcp udp"
uci set firewall.@rule[-1].dest_port="1194"

uci delete firewall.vpn
uci delete firewall.vpnwan
uci delete firewall.vpnlan
uci commit firewall

uci add firewall zone
uci rename firewall.@zone[-1]="vpn"
uci set firewall.@zone[-1].name="vpn"
uci set firewall.@zone[-1].input="ACCEPT"
uci set firewall.@zone[-1].forward="ACCEPT"
uci set firewall.@zone[-1].output="ACCEPT"
uci set firewall.@zone[-1].masq="1"
uci set firewall.@zone[-1].network="vpn0"
uci add firewall forwarding
uci rename firewall.@forwarding[-1]="vpnwan"
uci set firewall.@forwarding[-1].src="vpn"
uci set firewall.@forwarding[-1].dest="wan"
uci add firewall forwarding
uci rename firewall.@forwarding[-1]="vpnlan"
uci set firewall.@forwarding[-1].src="vpn"
uci set firewall.@forwarding[-1].dest="lan"
uci commit firewall;
/etc/init.d/firewall restart

/etc/init.d/openvpn enable
/etc/init.d/openvpn stop

rm -f /tmp/luci-indexcache
exit 0