Posted: Tue Oct 19, 2010 1:39 Post subject: Sharing my IPv6 script for Hurricane Electric Tunnel Broker
Note: I no longer use dd-wrt as I've changed my router to pfsense so I no longer support this script. I think the script still works, and of course anyone else is welcome to pick it up. Also keep in mind dd-wrt lacks ip6tables so every client connected via ipv6 will be without the protection that nat usually offers. Be sure to install and configure a ipv6 compatible firewall on every client on your lan. (You should be doing this anyway!!!)
***
I finally got around to setting up an ipv6->4 setup on my home network today and was dismayed at how fragmented and outdated the instructions were. So after half a day of gathering information and other scripts I put together this startup script which works well for me.
This will...
Set up HE's tunnel broker service.
Automatically finds your wan ip at boot using whatismyip.com
Automatically updates HE's endpoint on boot
Generates a radvd.conf on boot, and applies it automatically
Generates a executable file that can be used with cron to keep HE's endpoint up-to-date if you have a dynamic IP
My setup for reference.
Optimum Online Cable ISP
Asus RT-N16
v24-sp2 (Aug 12,2010) mega
build 14929
You should have an account and tunnel created on the website. This post will not cover that. Install steps are below the script.
Code:
#v1.4 Feb 29, 2012
#***************************
#Settings start here
#***************************
#basic connection settings
SERVER_IP4_ADDR="enter ip here"
CLIENT_IPV6_ADDR="enter ip here"
ROUTED_64_ADDR="enter ip here"
#account info to auto update endpoint
USERID="enter your hex user id. NOT text username"
PASSWD="your plain text password"
TUNNELID="your numeric tunnel id"
#HE's endpoint verificiation server ip to add to whitelist
HE_VERIFY_SERVER_IP="66.220.2.74"
#WAN IP Source settings
#Set below to 1 to use internal NVRAM wan address instead of fetching it from a site
USE_NVRAM_WAN_ADDR_INSTEAD=1
WAN_IP_SOURCE_ADDR="http://automation.whatismyip.com/n09230945.asp"
#logging settings (set to /dev/null for no logging)
STARTUP_SCRIPT_LOG_FILE="/tmp/ipv6.log"
CRON_STATUS_LOG_FILE="/tmp/lastHEUpdate.log"
#Enable this to generate a .wanup script to automatically update local tunnel endpoint address on wan change
ENABLE_WANUP_SCRIPT=1
WANUP_SCRIPT_FILE_PATH="/tmp/etc/config/tunnelUpdate.wanup"
#get a hash of the plaintext password
MD5PASSWD=`echo -n $PASSWD | md5sum | sed -e 's/ -//g'`
echo `date` >> $STARTUP_SCRIPT_LOG_FILE
#cut out the "/64" if user typed it in
ROUTED_64_ADDR=`echo $ROUTED_64_ADDR|cut -f1 -d/`
SERVER_IP4_ADDR=`echo $SERVER_IP4_ADDR|cut -f1 -d/`
CLIENT_IPV6_ADDR=`echo $CLIENT_IPV6_ADDR|cut -f1 -d/`
echo "User added addresses cleaned/checked" >> $STARTUP_SCRIPT_LOG_FILE
#get wan ip for our own use
if [ $USE_NVRAM_WAN_ADDR_INSTEAD -eq 1 ]
then
echo "Fetching WAN IP from NVRAM" >> $STARTUP_SCRIPT_LOG_FILE
WANIP=$(nvram get wan_ipaddr);
else
echo "Fetching WAN IP from External Site: " $WAN_IP_SOURCE_ADDR >> $STARTUP_SCRIPT_LOG_FILE
WANIP=`wget $WAN_IP_SOURCE_ADDR -O - 2>/dev/null`
fi
echo "External IP detected as:" $WANIP >> $STARTUP_SCRIPT_LOG_FILE
if [ -n $WANIP ]
then
echo "configuring tunnel" >> $STARTUP_SCRIPT_LOG_FILE
#update HE endpoint
#need to alllow wan ping or HE will not validate new endpoint
iptables -I INPUT 2 -s $HE_VERIFY_SERVER_IP -p icmp -j ACCEPT
echo -e wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O $CRON_STATUS_LOG_FILE >>$CRON_JOB_FILE
chmod +x $CRON_JOB_FILE
echo "Cron script created, sending endpoint update request to HE" >> $STARTUP_SCRIPT_LOG_FILE
etime=`date +%s`
wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O /tmp/wget.tmp.$etime
cat /tmp/wget.tmp.$etime >> $STARTUP_SCRIPT_LOG_FILE
echo "" >> $STARTUP_SCRIPT_LOG_FILE
rm /tmp/wget.tmp.$etime
# The following commands are straight from HE's website
ip tunnel add he-ipv6 mode sit remote $SERVER_IP4_ADDR local $WANIP ttl 255
ip link set he-ipv6 up
ip addr add $CLIENT_IPV6_ADDR/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr
TEMP_ADDR=`echo $ROUTED_64_ADDR'1'`
# These commands aren't on HE's website, but they're necessary for the tunnel to work
ip -6 addr add $TEMP_ADDR/64 dev br0
ip route add 2000::/3 dev he-ipv6
echo "starting radvd" >> $STARTUP_SCRIPT_LOG_FILE
radvd -C $RADVD_CONFIG &
fi
Installation steps:
1. Change the settings in the beginning of the above script to your settings.
2. Copy personalized script into Administration > Commands. Save as startup script
3. Go into Administration > Management
4. enable IPv6 and radvd. Leave the config box empty
5. (Optional) enable cron and enter this into "Additional Cron Jobs"
Forgot to say this as well...your script works phenomenally, by the way. I've been struggling with aiccu problems so I got away from SixXS and tried HE several times before your script with no luck.
I'm running v24sp2 mega on my WRT600N by the way.
I'm still interested in the hex username for HEnet auto-update, though. Their site doesn't seem to want to give me that info.
Forgot to say this as well...your script works phenomenally, by the way. I've been struggling with aiccu problems so I got away from SixXS and tried HE several times before your script with no luck.
I'm running v24sp2 mega on my WRT600N by the way.
I'm still interested in the hex username for HEnet auto-update, though. Their site doesn't seem to want to give me that info.
I'm glad it's working for you.
As for the long username, look at this page http://tunnelbroker.net/main.php You'll see your name in the center box, up top. And right below it you'll see UserID: and then a very long hex number. That's what I'm referring to.
I cannot for the life of me get this working.. I have tried on and off over the past few months to get ipv6 running on my network but to no avail.
I found your script today and I thought "this has gotta be it"
Alas its not to be.. I have followed your setup to the letter, and its in the router (latest eko nokaid build of DD-wrt on a Linksys wrtg54g v4)
Script is setup fine etc, however, when I telnet in there are no logfiles under tmp
ipv6.log and lastHEUpdate.log are not there..
so I cant even fault find why its not working.. any ideas?
Also on Tunnelbroker my IP's end in "b1a::2/64" for the Client IP and "b1a::/64" for the routed 64. Do I have to include the "/64" on the settings part of the script, if not there is no number at then end of the :: on routed as you can see... this whole IP6 thing is horribly confusing.. why is it such a bitch to set up? seriously if they want people to migrate to it, why??
I am about to throw the towel in on ipv6 with this router...
hmm, well here's a few things to try if you're up for it.
first, put this in the script file right below the sleep line in the beginning
echo "script started up" >> $STARTUP_SCRIPT_LOG_FILE
hopefully we'll see if the script is even starting up.
second, try a different firmware reversion. A year ago I was bashing my head against a wall trying to get QoS running on a wrt54g running a micro build. turned out QoS was broken in that build. Took me a good 2 weeks before I found out. :x
Also, the script will automatically trim off the /64. so it won't make any difference if you add it on or not.
after adding that line I now see an ipv6.log that echos the text that it started (I edited it to say IPv6 Script started up).. Also there is a report.sh that states the following :
Code:
root@DD-WRT:/tmp# cat ipv6.log
IPv6 script started up
I will try a different Firmware revision later today.. Any recommendations as the standard Stable and betas do not have IPv6 in them on this router for some reason...
ok then, it might be your firmware is missing commands that I have.
try either of these two options.
1) put an echo "spot 1" >> $STARTUP_SCRIPT_LOG_FILE after every block of commands following the sleep and modprobe commands, change the number for every echo line. that way you can find out exactly how far the script gets up to
2. try entering these commands into the console. see if any gives an error message, something like command not found