--- FreeBSDAdmin/DNS/dhclient-exit-hooks.in	2007/07/04 06:09:59	935
+++ FreeBSDAdmin/Gateway/dhclient-exit-hooks	2011/10/22 21:57:26	1444
@@ -5,17 +5,70 @@
 #
 # $Id$
 
-%%key%%
-%%secret%%
-%%hostname%%
+tunnelbroker()
+{
+	local pass=`python -c "import getpass, hashlib; print hashlib.md5(getpass.getpass('tunnelbroker pass: ')).hexdigest()"`
+	read -p 'tunnelbroker user_id: ' -r user_id
+	read -p 'tunnelbroker tunnel_id: ' -r tunnel_id
+	export CURL_CA_BUNDLE=`mktemp -t dhclient`
+	cat >$CURL_CA_BUNDLE <<-EOF
+	-----BEGIN CERTIFICATE-----
+	MIICsTCCAhoCCQC8IBpX67SYlzANBgkqhkiG9w0BAQQFADCBnDELMAkGA1UEBhMC
+	VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEDAOBgNVBAcTB0ZyZW1vbnQxIDAeBgNV
+	BAoTF0h1cnJpY2FuZSBFbGVjdHJpYywgTExDMQ0wCwYDVQQLEwRJUFY2MRkwFwYD
+	VQQDExB0dW5uZWxicm9rZXIubmV0MRowGAYJKoZIhvcNAQkBFgtpbmZvQGhlLm5l
+	dDAeFw0wNzA3MTEwMTM1MzFaFw0xNzA3MDgwMTM1MzFaMIGcMQswCQYDVQQGEwJV
+	UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEQMA4GA1UEBxMHRnJlbW9udDEgMB4GA1UE
+	ChMXSHVycmljYW5lIEVsZWN0cmljLCBMTEMxDTALBgNVBAsTBElQVjYxGTAXBgNV
+	BAMTEHR1bm5lbGJyb2tlci5uZXQxGjAYBgkqhkiG9w0BCQEWC2luZm9AaGUubmV0
+	MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXJHwlKn5pdUqFAZGGYI8sluS+
+	luS2NiihelZTXAGkE8hrlkS3Xj3AYLknddWgcoTXVMlI9LK0tEQMPZBIV/QXjXHq
+	HvhOb4hoT14w+VbySPRXGDqUiakJYBnNFZiIR8OA51AwM9+pUZGkNEAJYMXE+Th8
+	euta8zxjPS0kEgjGbwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAFVFliiWM802HDqY
+	loveIJOZdcnXhpQuYmnDgHHC9PAadOVcYzdkkmBoQ1APSfugkHEc7zc/vzjiMlVs
+	62PFaqFxi692CknGCnwyCn+Hm/PFWx+YnOyNLCji2oOYbTZre97n5iZKrOk/hJZO
+	y7bsxRNdmUWgy0urugi331F9y7cf
+	-----END CERTIFICATE-----
+	EOF
+	curl -4 "https://tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$pass&user_id=$user_id&tunnel_id=$tunnel_id"
+	echo
+	rm $CURL_CA_BUNDLE
+	unset CURL_CA_BUNDLE
+	if ! grep -q "^gifconfig_${tunnelbroker_gif:=gif0}=\"$new_ip_address $tunnelbroker_server\"$" /etc/rc.conf; then
+		sed -Ee "s/^(gifconfig_$tunnelbroker_gif=\").*( $tunnelbroker_server\")$/\1$new_ip_address\2/" -i '' /etc/rc.conf
+		ifconfig $tunnelbroker_gif tunnel $new_ip_address $tunnelbroker_server
+	fi
+}
 
-case $reason in
-BOUND|RENEW|REBIND|REBOOT)
+dns()
+{
+	read -p 'dns key: ' -r key
+	read -p 'dns secret: ' -r secret
 	nsupdate -d <<-EOF
 	key $key $secret
 	update delete $hostname A
-	update add $hostname 3600 A $new_ip_address
+	update add $hostname 300 A $new_ip_address
 	send
 	EOF
+}
+
+case ${reason:=RENEW} in
+BOUND|RENEW|REBIND|REBOOT)
+	case `hostname -s` in
+	justonenight)
+		hostname='laguna.douglasthrift.net'
+		tunnelbroker_server='64.62.134.130'
+		;;
+	backhome)
+		hostname='mustang.douglasthrift.net'
+		tunnelbroker_server='66.220.18.42'
+		;;
+	esac
+
+	: ${new_ip_address:=`host -t a $hostname | cut -d ' ' -f 4`}
+
+	[ -n "$tunnelbroker_server" ] && tunnelbroker
+
+	dns
 	;;
 esac