#!/bin/bash
#
#Things a user may need to edit to get this to work is TUNNEL_NAME as tunnel
#may not be named tun0 by distribution. Find this with ifconfig when the tunnel
#is running. 
#
#Something that will need changing is the name of your Network Manager UUID
#variable - you get your UUID by running 'nmcli connection show' in your shell 
#when the tunnel is active (assuming a Network manager managed connection) then plug that UUID #into the variable below.
#
#I run this as cronjob and that is why I have a zenity dialog popup so that I 
#have some feedback of what is going on with my internet connection / VPN

WGET="/usr/bin/wget"
TUNNEL_NAME="tun0"
TUNUUID="ea72604d-7efd-48bd-8591-3cb1deba1de4"

#Test for internet connectivity
$WGET -q --tries=20 --timeout=10 http://www.google.com -O /tmp/google.idx &> /dev/null

#Test for vpn firewall killswitch (is it in place yet?)
connstatus=$(ufw status | grep -c $TUNNEL_NAME)
echo $connstatus

#If killswitch on and internet connection down, then reinitiliase the 
#connection. If killswitch not initialised, then start it (like @ startup)
if ([ ! $connstatus -eq 0 ] && [ ! -s /tmp/google.idx ]) ||  [ $connstatus -eq 0 ]
then
    echo "Not Connected..."
  
    zenity --info --width=300 --title "VPN Connection Process" --text="VPN Reinitilisation..."

    ufw --force reset
    ufw default deny incoming
    ufw default allow outgoing
    ufw enable
 
    nmcli connection up $TUNUUID

    ufw --force reset
    ufw default deny incoming
    ufw default deny outgoing
    ufw allow out on tun0 from any to any
    ufw enable

else
    echo "Connected..."
fi

#remove internet test connection file for the next run of the script
rm /tmp/google.idx