# Set up the relevant stuff in /etc/userv/vpn, and then run
# this. It should tell you what to do to inittab and ipif-networks.
+# This file is part of ipif, part of userv-utils
+#
+# Copyright 1996-2013 Ian Jackson <ijackson@chiark.greenend.org.uk>
+# Copyright 1998 David Damerell <damerell@chiark.greenend.org.uk>
+# Copyright 1999,2003
+# Chancellor Masters and Scholars of the University of Cambridge
+# Copyright 2010 Tony Finch <fanf@dotat.at>
+#
# This is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
+# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with userv-utils; if not, write to the Free Software
-# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# $Id$
+# along with userv-utils; if not, see http://www.gnu.org/licenses/.
use Socket;
undef $/;
$m4out= <X>;
$/= "\n";
- close X; $? and exit -1;
+ $!=0; close X; $? and die "m4 failed with code $? $!";
$m4out =~ s/^\s+//;
$m4out =~ s/\n+/\n/g;
$m4out =~ s/\s+$//;
return ($iaddr, $mask);
}
-$forbid_remote= var_global('forbid_remote');
-@forbid_remote= ();
-foreach $r (split /[, \t]+/, $forbid_remote) {
- push @forbid_remote, [ parse_addr_mask($r) ];
-}
-
sub ipif_permit ($$$$) {
my ($group,$local,$net,$why) = @_;
my ($pmask,$piaddr,$fmask,$fiaddr,@lgroup,$lgid);
}
foreach $site (@actives, @passives) {
+ $forbid_remote= var_site('forbid_remote');
+ @forbid_remote= ();
+ if ($forbid_remote ne '-') {
+ foreach $r (split /[, \t]+/, $forbid_remote) {
+ push @forbid_remote, [ parse_addr_mask($r) ];
+ }
+ }
+
$tlend= var_site('lend')."/32";
$tlgroup= var_site('lgroup');
if ($tlend ne $glend || $tlgroup ne $glgroup) {
write_file($ipifnetsfile,'ipifnetsfile','', $ipif_file);
$active_file= '';
+$knownhosts_file= '';
$inittab= '';
$ix= 0;
foreach $site (@actives) {
$active_file.= "$site\t".var_site('activesxinfo')."\n";
$inittab.= sprintf("t%d", $ix++).':'.var_site('inittab_line')."\n";
+ $hostkey= var_site('rhostkey');
+ $knownhosts_file.= var_site('sshdest').' '.$hostkey."\n"
+ if length $hostkey;
$invoke_file= var_site('invoke_file');
write_file($invoke_file, 'invoke_file',
- var_site('invoke_head'), var_site('invoke_body'));
+ var_site('invoke_head')."\n", var_site('invoke_body'));
chmod 0777&~umask, $invoke_file or die $!;
}
+write_file(var_global('knownhostsfile'),'knownhostsfile', '',$knownhosts_file);
write_file(var_global('activesfile'),'activesfile', '',$active_file);
print