#!/bin/bash

# --- USER CONFIGURATION ---
VPN_SERVER="mcipower1.apibaz.info"
EXCLUDE_HOST="2268-host.com"   # or use IP directly
VPN_INTERFACE_SCRIPT="/etc/vpnc/vpnc-script"
# ---------------------------

echo "[+] Resolving IP address of $EXCLUDE_HOST..."
EXCLUDE_IP=$(getent ahosts "$EXCLUDE_HOST" | awk '{print $1; exit}')

if [[ -z "$EXCLUDE_IP" ]]; then
    echo "[!] Could not resolve IP for $EXCLUDE_HOST"
    exit 1
fi

echo "[+] Found IP: $EXCLUDE_IP"

echo "[+] Detecting your current default gateway..."
LOCAL_GATEWAY=$(ip route | grep default | awk '{print $3; exit}')

if [[ -z "$LOCAL_GATEWAY" ]]; then
    echo "[!] Could not determine local gateway."
    exit 1
fi

echo "[+] Local gateway is: $LOCAL_GATEWAY"

echo "[+] Connecting to VPN: $VPN_SERVER ..."
sudo openconnect --script "$VPN_INTERFACE_SCRIPT" "$VPN_SERVER" &

VPN_PID=$!
echo "[+] Waiting for VPN to establish..."
sleep 10

echo "[+] Adding route to $EXCLUDE_IP via $LOCAL_GATEWAY to bypass VPN..."
sudo ip route add "$EXCLUDE_IP" via "$LOCAL_GATEWAY"

echo "[+] VPN is running. Traffic to $EXCLUDE_IP will bypass VPN (including port 2268)."
wait $VPN_PID