#!/usr/bin/perl

use strict;

use gateway_lib;

use Getopt::Long;

my $ssh_pubkey;
my $tunnelip;
my $peer;

exit(20) unless GetOptions('ssh_pubkey=s' => \$ssh_pubkey,
    'tunnelip' => \$tunnelip,
    'peer=s' => \$peer,
);

gateway_lib::set_sshd_params( 
    { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
system("/etc/rc.d/sshd restart");

gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
    if $ssh_pubkey;

# Need these to make the Ethernet tap and bridge work.
system("kldload /boot/kernel/bridgestp.ko") 
    if -r "/boot/kernel/bridgestp.ko"; 
system("kldload /boot/kernel/if_bridge.ko");
system("kldload /boot/kernel/if_tap.ko");

if ( $tunnelip ) {
    my ($interface, $ip, $netmask, $mac, $router) = 
	gateway_lib::deter_tunnelip();

    gateway_lib::configure_outgoing_iface($interface, $ip, $netmask, $mac);
    # Add the route to a peer.  Wait up to an hour for the peer's IP address to
    # appear in the DNS.
    gateway_lib::add_route($peer, $router, 1, 60 *60);
}

exit(0);