#!/bin/bash

#========================================
# TeamViewer VPN - PLC Access Setup Script
# For Linux
#========================================

set -e

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

echo ""
echo "========================================"
echo "TeamViewer VPN - PLC Access Setup"
echo "========================================"
echo ""

# Check if running as root
if [[ $EUID -ne 0 ]]; then
   echo -e "${RED}ERROR: This script must be run as root (use sudo)${NC}"
   exit 1
fi

#========================================
# Configuration Variables - CUSTOMIZE THESE
#========================================

echo "Enter your configuration details:"
echo ""

read -p "Enter PLC Network (e.g., 192.168.10.0/24): " PLC_NETWORK
read -p "Enter Remote Gateway VPN IP (e.g., 7.254.0.2): " REMOTE_VPN_IP

echo ""
echo "Configuration Summary:"
echo "----------------------"
echo "PLC Network:     $PLC_NETWORK"
echo "Remote VPN IP:   $REMOTE_VPN_IP"
echo ""

read -p "Is this correct? (y/n): " CONFIRM
if [[ ! "$CONFIRM" =~ ^[Yy]$ ]]; then
    echo "Setup cancelled."
    exit 0
fi

#========================================
# Step 1: Check TeamViewer Installation
#========================================

echo ""
echo -e "${BLUE}[Step 1/6] Checking TeamViewer installation...${NC}"

if command -v teamviewer &> /dev/null; then
    echo -e "${GREEN}TeamViewer found: $(teamviewer --version)${NC}"
else
    echo -e "${YELLOW}WARNING: TeamViewer not found in PATH${NC}"
    echo "TeamViewer may not be installed or not in PATH."
    echo ""
    read -p "Do you want to install TeamViewer now? (y/n): " INSTALL_TV
    
    if [[ "$INSTALL_TV" =~ ^[Yy]$ ]]; then
        echo "Installing TeamViewer..."
        
        # Detect distribution
        if [ -f /etc/debian_version ]; then
            # Debian/Ubuntu
            echo "Detected Debian/Ubuntu system"
            wget https://download.teamviewer.com/download/linux/teamviewer_amd64.deb -O /tmp/teamviewer.deb
            dpkg -i /tmp/teamviewer.deb || apt-get install -f -y
            rm /tmp/teamviewer.deb
        elif [ -f /etc/redhat-release ]; then
            # RHEL/CentOS
            echo "Detected RHEL/CentOS system"
            wget https://download.teamviewer.com/download/linux/teamviewer.x86_64.rpm -O /tmp/teamviewer.rpm
            yum install -y /tmp/teamviewer.rpm
            rm /tmp/teamviewer.rpm
        else
            echo -e "${RED}ERROR: Unsupported distribution${NC}"
            echo "Please install TeamViewer manually from: https://www.teamviewer.com"
            exit 1
        fi
        
        echo -e "${GREEN}TeamViewer installed successfully!${NC}"
    else
        echo "Skipping TeamViewer installation."
        echo "Please install manually if needed."
    fi
fi

# Check if TeamViewer daemon is running
if systemctl is-active --quiet teamviewerd; then
    echo -e "${GREEN}TeamViewer daemon is running${NC}"
else
    echo -e "${YELLOW}TeamViewer daemon is not running${NC}"
    read -p "Do you want to start TeamViewer daemon? (y/n): " START_TV
    if [[ "$START_TV" =~ ^[Yy]$ ]]; then
        systemctl start teamviewerd
        systemctl enable teamviewerd
        echo -e "${GREEN}TeamViewer daemon started${NC}"
    fi
fi

#========================================
# Step 2: Check Network Connectivity
#========================================

echo ""
echo -e "${BLUE}[Step 2/6] Checking network connectivity...${NC}"

echo "Testing internet connection..."
if ping -c 1 8.8.8.8 &> /dev/null; then
    echo -e "${GREEN}Internet connection: OK${NC}"
else
    echo -e "${RED}WARNING: No internet connection detected!${NC}"
    echo "TeamViewer requires internet to establish VPN."
fi

#========================================
# Step 3: Check IP Forwarding
#========================================

echo ""
echo -e "${BLUE}[Step 3/6] Checking IP forwarding...${NC}"

IP_FORWARD=$(cat /proc/sys/net/ipv4/ip_forward)
if [ "$IP_FORWARD" == "1" ]; then
    echo -e "${GREEN}IP forwarding is already enabled${NC}"
else
    echo -e "${YELLOW}IP forwarding is disabled${NC}"
    read -p "Do you want to enable IP forwarding? (y/n): " ENABLE_FORWARD
    
    if [[ "$ENABLE_FORWARD" =~ ^[Yy]$ ]]; then
        echo "Enabling IP forwarding..."
        sysctl -w net.ipv4.ip_forward=1
        
        # Make persistent
        if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then
            echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
            echo -e "${GREEN}IP forwarding enabled and made persistent${NC}"
        fi
    fi
fi

#========================================
# Step 4: Display Current Routes
#========================================

echo ""
echo -e "${BLUE}[Step 4/6] Current network routes:${NC}"
echo ""
ip route show | grep -E "192\.168\.|10\.|172\."
echo ""

#========================================
# Step 5: Add Static Route to PLC Network
#========================================

echo ""
echo -e "${BLUE}[Step 5/6] Adding static route to PLC network...${NC}"

# Check if route already exists
if ip route show | grep -q "$PLC_NETWORK"; then
    echo -e "${YELLOW}WARNING: Route to $PLC_NETWORK already exists!${NC}"
    echo ""
    ip route show | grep "$PLC_NETWORK"
    echo ""
    read -p "Do you want to delete existing route and recreate? (y/n): " DELETE_ROUTE
    
    if [[ "$DELETE_ROUTE" =~ ^[Yy]$ ]]; then
        echo "Deleting existing route..."
        ip route del $PLC_NETWORK
        sleep 1
    else
        echo "Keeping existing route. Skipping route creation."
        SKIP_ROUTE=1
    fi
fi

if [ -z "$SKIP_ROUTE" ]; then
    echo "Adding route: $PLC_NETWORK via $REMOTE_VPN_IP"
    
    if ip route add $PLC_NETWORK via $REMOTE_VPN_IP; then
        echo -e "${GREEN}Route added successfully!${NC}"
        
        echo ""
        read -p "Make this route persistent (survive reboot)? (y/n): " MAKE_PERSISTENT
        
        if [[ "$MAKE_PERSISTENT" =~ ^[Yy]$ ]]; then
            echo "Creating systemd service for persistent route..."
            
            cat > /etc/systemd/system/teamviewer-plc-route.service <<EOF
[Unit]
Description=TeamViewer VPN Route to PLC Network
After=network-online.target teamviewerd.service
Wants=network-online.target

[Service]
Type=oneshot
ExecStart=/sbin/ip route add $PLC_NETWORK via $REMOTE_VPN_IP
ExecStop=/sbin/ip route del $PLC_NETWORK
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOF
            
            systemctl daemon-reload
            systemctl enable teamviewer-plc-route.service
            echo -e "${GREEN}Persistent route service created and enabled${NC}"
            echo "Service will start automatically after reboot"
        fi
    else
        echo -e "${RED}ERROR: Failed to add route!${NC}"
        echo "This may happen if:"
        echo "  - TeamViewer VPN is not connected"
        echo "  - VPN IP is incorrect"
        echo "  - Insufficient permissions"
    fi
fi

#========================================
# Step 6: Verify Configuration
#========================================

echo ""
echo -e "${BLUE}[Step 6/6] Verifying configuration...${NC}"
echo ""

echo "TeamViewer VPN Interface Status:"
ip addr show | grep -A 5 teamviewer || echo -e "${YELLOW}TeamViewer VPN interface not found!${NC}"

echo ""
echo "Current routes to PLC network:"
ip route show | grep "$PLC_NETWORK" || echo -e "${YELLOW}No route found${NC}"

#========================================
# Display Connection Test Instructions
#========================================

echo ""
echo "========================================"
echo -e "${GREEN}Setup Complete!${NC}"
echo "========================================"
echo ""
echo "Next Steps:"
echo "-----------"
echo "1. Ensure TeamViewer VPN connection is active"
echo "2. Test connectivity:"
echo "   ping $REMOTE_VPN_IP"
echo "   ping <PLC_IP>  (e.g., 192.168.10.100)"
echo ""
echo "3. Open TIA Portal (via Wine or Windows VM) and connect to PLC"
echo ""
echo "To remove the route later, run:"
echo "   sudo ip route del $PLC_NETWORK"
echo ""

#========================================
# Optional: Test Connectivity Now
#========================================

read -p "Do you want to test connectivity now? (y/n): " TEST_NOW

if [[ "$TEST_NOW" =~ ^[Yy]$ ]]; then
    echo ""
    echo "Testing connection to remote VPN gateway..."
    ping -c 4 $REMOTE_VPN_IP || echo -e "${RED}Ping failed!${NC}"
    
    echo ""
    read -p "Enter PLC IP to test (e.g., 192.168.10.100): " PLC_IP
    
    if [ -n "$PLC_IP" ]; then
        echo "Testing connection to PLC..."
        ping -c 4 $PLC_IP || echo -e "${RED}Ping failed!${NC}"
        
        echo ""
        echo "Testing S7 communication port (102)..."
        if command -v nc &> /dev/null; then
            nc -zv $PLC_IP 102 || echo -e "${RED}Port 102 is not reachable${NC}"
        else
            echo -e "${YELLOW}netcat (nc) not found. Cannot test port.${NC}"
            echo "Install with: apt-get install netcat  or  yum install nc"
        fi
    fi
fi

echo ""
echo "========================================"
echo "Script finished!"
echo "========================================"
echo ""