#!/usr/bin/env bash
set -euo pipefail

if [[ $# -ne 4 ]]; then
  cat >&2 <<USAGE
Usage: $0 /path/to/ca.crt /path/to/clientname.crt /path/to/clientname.key /path/to/ta.key
Example: ./gen-client.sh /etc/openvpn/ca.crt ./client1.crt ./client1.key ./ta.key
This writes output to stdout and also saves to ./<clientname>.ovpn
USAGE
  exit 1
fi

ca="$1"
cert="$2"
key="$3"
ta="$4"

# verify files exist and are readable
for f in "$ca" "$cert" "$key" "$ta"; do
  if [[ ! -r "$f" ]]; then
    echo "Error: cannot read file '$f'." >&2
    exit 2
  fi
done

# derive client name from certificate filename (remove extension)
clientname="$(basename "$cert")"
clientname="${clientname%.*}"
outfile="${clientname}.ovpn"

# build and write config (also send to stdout). Use a block to avoid command-substitution problems with large files.
{
cat <<'HEADER'
client
dev tun
proto udp
remote 14.241.240.102 1194 # use FTP IP address 
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
# push mac address info 
push-peer-info
verb 3

HEADER

echo "<ca>"
cat "$ca"
echo "</ca>"
echo
echo "<cert>"
cat "$cert"
echo "</cert>"
echo
echo "<key>"
cat "$key"
echo "</key>"
echo
echo "<tls-auth>"
cat "$ta"
echo "</tls-auth>"
echo "key-direction 1"
} | tee "$outfile"

echo "Wrote config to ./${outfile}"