#!/bin/bash 
#  WARNING:  THIS SHELL SCRIPT IS INSECURE!
#  You can make it more secure by ensuring you only connect to a
#  google server.  The cacert is part of that.  Next step would be to
#  lock it to a particular cert, and validate that that's Google's cert.
#    based in part on:
#       http://www.kevinstock.com/osx/googlevpn/
#       http://www.macosxhints.com/article.php?story=20030311232930261


# Configuration area  
# Set a variable to 1 to enable
TOR=1
GSA_ONLY=1
CERT_PERSIST=1
GSA_URL=https://vpn.google.com/getpass/
D=~/.gsa/
DEBUG=1


[ ! -e ${D} ] && mkdir ${D}
[ ! -e ${D}/thawte.pem ] && CERT_PERSIST=0


echo "Getting credentials `[ $TOR ] && echo \(via tor\)`"

curl `[ ! $DEBUG ] && echo --silent ` \
  `[ $TOR ] && echo --proxy localhost:8118 ` \
  `[ $CERT_PERSIST ] && echo --cacert ${D}/thawte.pem ` \
  $GSA_URL > ${D}/nextuser

# The goal of the second sub is to remove all but the expected
# characters.  We probably fail at this, too.  I told you this was insecure.
# Assumes user is a numeric.  Be really careful expanding the 2nd
# regexps, they're for security.

SERV=`grep serv $D/nextuser | sed -e 's/\<[^\>]*\>//g' -e 's/[^0-9.]//g'`
USER=`grep user $D/nextuser | sed -e 's/\<[^\>]*\>//g' -e 's/[^0-9]//g'`
PASS=`grep pass $D/nextuser | sed -e 's/\<[^\>]*\>//g' -e 's/[^0-9A-Za-z]//g'`

echo "Attempting to connect with pppd."
sudo pppd plugin \
/System/Library/SystemConfiguration/PPPController.bundle/Contents/PlugIns/PPPDialogs.ppp \
logfile /var/log/ppp.log plugin PPTP.ppp pptp-tcp-keepalive 60 \
remoteaddress \$SERV lcp-echo-interval 60 lcp-echo-failure 5 mru \
1500 mtu 1448 receive-all ipparam 192.168.0.1 \
`[ $GSA_ONLY ] && echo -n defaultroute` \
 novj \
ip-src-address-filter 2 0:0 noipdefault ipcp-accept-local \
ipcp-accept-remote usepeerdns +ipv6 ipv6cp-use-persistent noauth user \
$USER mppe-stateless mppe-128 mppe-40 refuse-pap refuse-chap-md5 \
refuse-eap noaskpassword nodetach 

exit $?

# The thawte.pem cert is:

-----BEGIN CERTIFICATE-----
MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
-----END CERTIFICATE-----