#!/bin/vbash
#
# Script for Ubiquiti devices to find the fastest NordVPN OpenVPN
# server and switch your current VPN tunnel over to it fairly
# seamlessly
#
# COUNTRY_ID=38 # Canada
# COUNTRY_ID=228 # USA
# COUNTRY_ID=140 # Mexico
IP_PROTOCOL=udp
VPN_PROTOCOL=ovpn
CONF_PATH=/config/auth/openvpn
TUNNEL_NAME=vtun0
ACTIVE_OVPN_FILE="${CONF_PATH}/active.ovpn"
SLEEP=15

function add() {
  echo $* >> "${OVPN_FILE_FULL_PATH}"
}

function add_auth() {
  sed -i -e "s/auth-user-pass/auth-user-pass \/config\/auth\/nordvpn.creds/" "${OVPN_FILE_FULL_PATH}"
}


HOSTNAME_LIST=$(curl 'https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\{%22servers_technologies%22:\[3\]\}' \
  -H 'pragma: no-cache' \
  -H 'dnt: 1' \
  -H 'accept-encoding: br' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36' \
  -H 'accept: */*' \
  -H 'cache-control: no-cache' \
  -H 'authority: nordvpn.com' \
  -H 'x-requested-with: XMLHttpRequest' \
  -H 'referer: https://nordvpn.com/servers/tools/' |\
    jq -r '.[].hostname' |\
    tr ' ' '\n')

echo "Choosing from: "
echo "$HOSTNAME_LIST"

# If you want to go by country, get the country ID from
# https://nordvpn.com/servers/tools/ and plug it in to
# COUNTRY_ID at the top of the file and comment out the
# other HOSTNAME_LIST= lines above. It is recommended
# that you use the recommended for the best bandwidth
# but you can choose a country if that is what you'd
# like to do. Just beware- the recommended host is
# usually up to more than 10x faster in bandwidth. I
# have seen speeds in the recommended servers up to
# 14MB/sec, while picking a specific country, even
# the one I am local to, I've seen as low as 500KB
# HOSTNAME_LIST=$(curl "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\{%22country_id%22:${COUNTRY_ID},%22servers_groups%22:\[11\],%22servers_technologies%22:\[3\]\}" \
#  -H 'pragma: no-cache' \
#  -H 'cache-control: no-cache' |\
#    jq -r '.[].hostname' |\
#    tr ' ' '\n')
HOSTNAME="$(echo ${HOSTNAME_LIST} | tr ' ' '\n' | head -1)"
echo "Chose ${HOSTNAME} .."
OVPN_FILE="${HOSTNAME}.${IP_PROTOCOL}.${VPN_PROTOCOL}"
echo "${OVPN_FILE}"
OVPN_FILE_FULL_PATH="${CONF_PATH}/${OVPN_FILE}"
curl "https://downloads.nordcdn.com/configs/files/${VPN_PROTOCOL}_${IP_PROTOCOL}/servers/${OVPN_FILE}" > "${OVPN_FILE_FULL_PATH}"
# You can bail here if all you wanted was the ovpn file
# for the fastest server. The below is used to reset
# a VPN tunnel on a Ubiquiti EdgeRouter by temporarily
# disabling it, symlinking the new .ovpn file to one
# called "active.ovpn", and then re-enabling it
######## Begin Ubiquiti EdgeRouter Specific Stuff ########
# cat "${OVPN_FILE_FULL_PATH}"
ln -sf "${OVPN_FILE_FULL_PATH}" "${ACTIVE_OVPN_FILE}"
# ls -l "${ACTIVE_OVPN_FILE}"
add ping 5
add ping-restart 15
add script-security 2
add mlock
add status /tmp/vtun0.status 60
add mute 3
add up-restart
add up /config/scripts/vpn.up
add down /config/scripts/vpn.down
add explicit-exit-notify 3
add_auth

echo "Resetting device ${TUNNEL_NAME} ..."
source /opt/vyatta/etc/functions/script-template
configure
set interfaces openvpn "${TUNNEL_NAME}" disable
commit
delete interfaces openvpn "${TUNNEL_NAME}" disable
commit
# exit
echo "Done ..."
sleep "${SLEEP}"
ifconfig "${TUNNEL_NAME}" || echo "Tunnel is not up after ${SLEEP} seconds, something may be wrong ..."
conntrack -F
exit