#!/bin/bash

# Check if running as root
if [ "$EUID" -ne 0 ]; then 
    echo "Please run as root"
    exit 1
fi

if [ -z "$1" ]; then
    echo "Usage: $0 <client-name>"
    exit 1
fi

CLIENT_NAME=$1
cd /etc/openvpn/server/easy-rsa

# Generate client certificate and key
./easyrsa gen-req $CLIENT_NAME nopass
./easyrsa sign-req client $CLIENT_NAME

# Make sure client directory exists
mkdir -p /etc/openvpn/client

# Create client configuration
cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
client
dev tun
proto udp
remote $(curl -s ifconfig.me) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:CHACHA20-POLY1305
block-outside-dns
verb 3
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
<ca>
$(cat /etc/openvpn/server/ca.crt)
</ca>
<cert>
$(cat /etc/openvpn/server/easy-rsa/pki/issued/$CLIENT_NAME.crt)
</cert>
<key>
$(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
</key>
EOL

echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn"