#!/bin/bash

export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf"
# this allows for legacy renegotation which seems to be required now
SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."

# connects to SSH through openconnect and VPN
# for use with ProxyCommand in SSH

# first run openconnect
/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "${HOME}/bin/nu-vpn-proxy/openconnect_command-ssh.sh"
sleep 2

# kill connection on exit
function cleanup {
  /sbin/start-stop-daemon --stop --pidfile /tmp/nu-vpn-openconnect.pid
}
trap cleanup EXIT

tail -f /tmp/nu-globalprotect-saml.log | grep -qe "${SEARCH_PATTERN}"

if [ $? == 1 ]; then
    echo "Search terminated without finding the pattern"
    exit
fi

# redirect traffic (standard input and output) through VPN
/bin/nc.openbsd -X 5 -x 127.0.0.1:9052 $1 $2