#!/usr/bin/env bash
# Quick checks: OpenVPN UDP/1194 listener, UFW, then live tcpdump.
# Usage: sudo bash check-openvpn-udp.sh
#        tcpdump runs until Ctrl+C — connect your VPN client while it runs.

set -euo pipefail

if [[ "$(id -u)" -ne 0 ]]; then
  echo "Run as root: sudo bash $0" >&2
  exit 1
fi

echo "==> ss — UDP listeners (port 1194)"
if ss -ulnp | grep -q 1194; then
  ss -ulnp | grep 1194
else
  echo "    (no listener on 1194 — check: systemctl status openvpn-server@server)"
  ss -ulnp | head -20
fi

echo ""
echo "==> ufw status (verbose)"
ufw status verbose 2>/dev/null || ufw status

echo ""
echo "==> tcpdump — inbound/outbound UDP/1194 (Ctrl+C to stop)"
echo "    Start your OpenVPN client and tap Connect within ~10 seconds."
echo ""
exec tcpdump -n -i any udp port 1194