#VPN Hub-and-Spoke Gateway-to-Gateway Routed
# GW1 is the Hub (i.e.,openvpn server), GW2,GW3 are the spokes (i.e., openvpn client)
# internet net_id	160.80.85.0/24	(public)
# site1 net_id	192.168.1.0/24	(private)
# site2 net_id	192.168.2.0/24	(private)
# site3 net_id	192.168.3.0/24	(private)
# virtal adapters net_id 10.8.0.0/24	(private)

vstart GW1 --eth0=internet --eth1=site1 -M 16
vstart GW2 --eth0=internet --eth1=site2 -M 16
vstart GW3 --eth0=internet --eth1=site3 -M 16
vstart PC1 --eth0=site1 -M 32
vstart PC2 --eth0=site2 -M 32
vstart PC3 --eth0=site3 -M 32

### from whatever virtual machine perform the following commands

cd /usr/share/doc/openvpn/examples/easy-rsa/2.0

## build cretification authority security files that will be put in ./keys
# if necessary give "source ./vars"

. ./vars
./clean-all
./build-ca

# build server security files (be sure that COMMON NAME is "gw1")
./build-key-server gw1

#build cliet security files
./build-key gw2 ;#(be sure that COMMON NAME is "gw2")
./build-key gw3 ;#(be sure that COMMON NAME is "gw3")

./build-dh

## end building security files

## security files coping
# buid directorys that store the security files 
mkdir /hosthome/open-vpn-hs
mkdir /hosthome/open-vpn-hs/gw1
mkdir /hosthome/open-vpn-hs/gw2
mkdir /hosthome/open-vpn-hs/gw3

# copy the certificate and private keys of GWs
cd keys
cp ./gw1* /hosthome/open-vpn-hs/gw1
cp ./gw2* /hosthome/open-vpn-hs/gw2
cp ./gw3* /hosthome/open-vpn-hs/gw3

# copy the CA certificate
cp ./ca.crt /hosthome/open-vpn-hs/gw1
cp ./ca.crt /hosthome/open-vpn-hs/gw2
cp ./ca.crt /hosthome/open-vpn-hs/gw3

# copy DH parameter on GW1 (the openvpn server)
cp ./dh1024.pem /hosthome/open-vpn-hs/gw1

## end security files coping

## configuration of ip addresses and IP routing
#GW1
ifconfig eth0 160.80.85.1/24
ifconfig eth1 192.168.1.1/24

#GW2
ifconfig eth0 160.80.85.2/24
ifconfig eth1 192.168.2.1/24

#GW3
ifconfig eth0 160.80.85.3/24
ifconfig eth1 192.168.3.1/24

#PC1
ifconfig eth0 192.168.1.2/24
route add default gw 192.168.1.1

#PC2
ifconfig eth0 192.168.2.2/24
route add default gw 192.168.2.1

#PC3
ifconfig eth0 192.168.3.2/24
route add default gw 192.168.3.1

## configuration of ip addresses end

## if necessary on each virtual machine build the tun character device
mkdir /dev/net
mknod /dev/net/tun c 10 200

## from whatever virtual machine build the client config dir on gw1 (from any one 
mkdir /hosthome/open-vpn-hs/gw1/ccd

## configure openvpn server/client config files "gw1.conf" (server), "gw2.conf" (client), "gw3.conf" (client)  
# put them in the /hosthome/open-vpn-hs/gw# directories
# start from the server.conf and client.conf available in /usr/share/doc/openvpn/examples/sample-config-files
#

## configure openvpn client config files "gw2", "gw3" on server and put them in the /hosthome/open-vpn-hs/gw1/ccd directory

## run clients and server on a terminal emulator TE (see "screen" command)

## on GW1

screen
cd /hosthome/open-vpn-hs/gw1
openvpn gw1.conf
# detach from terminal emulator by CTRL-A-D; to re-open the TE use the command "screen -r"; to close the TE, within the TE type "exit"

## on GW2
screen
cd /hosthome/open-vpn-hs/gw2
openvpn gw2.conf
# detach from terminal emulator by CTRL-A-D

## on GW3
screen
cd /hosthome/open-vpn-hs/gw3
openvpn gw3.conf
# detach from terminal emulator by CTRL-A-D

# 
## Test the PC2 to PC3 connectivity with ping






