Sharing my IPv6 script for Hurricane Electric Tunnel Broker

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
ac1115
DD-WRT User


Joined: 10 Feb 2010
Posts: 53

PostPosted: Tue Oct 19, 2010 1:39    Post subject: Sharing my IPv6 script for Hurricane Electric Tunnel Broker Reply with quote
Note: I no longer use dd-wrt as I've changed my router to pfsense so I no longer support this script. I think the script still works, and of course anyone else is welcome to pick it up. Also keep in mind dd-wrt lacks ip6tables so every client connected via ipv6 will be without the protection that nat usually offers. Be sure to install and configure a ipv6 compatible firewall on every client on your lan. (You should be doing this anyway!!!)

***

I finally got around to setting up an ipv6->4 setup on my home network today and was dismayed at how fragmented and outdated the instructions were. So after half a day of gathering information and other scripts I put together this startup script which works well for me.

This will...
Set up HE's tunnel broker service.
Automatically finds your wan ip at boot using whatismyip.com
Automatically updates HE's endpoint on boot
Generates a radvd.conf on boot, and applies it automatically
Generates a executable file that can be used with cron to keep HE's endpoint up-to-date if you have a dynamic IP


My setup for reference.
Optimum Online Cable ISP
Asus RT-N16
v24-sp2 (Aug 12,2010) mega
build 14929

You should have an account and tunnel created on the website. This post will not cover that. Install steps are below the script.

Code:
#v1.4 Feb 29, 2012
#***************************
#Settings start here
#***************************

#basic connection settings
SERVER_IP4_ADDR="enter ip here"
CLIENT_IPV6_ADDR="enter ip here"
ROUTED_64_ADDR="enter ip here"

#account info to auto update endpoint
USERID="enter your hex user id. NOT text username"
PASSWD="your plain text password"
TUNNELID="your numeric tunnel id"

#####Optional/Advanced Settings######

#IPv6 OpenDNS IPv6 Resolver
ENABLE_OPENDNS_IPV6_DNS=1

#HE's endpoint verificiation server ip to add to whitelist
HE_VERIFY_SERVER_IP="66.220.2.74"

#WAN IP Source settings
#Set below to 1 to use  internal NVRAM wan address instead of fetching it from a site
USE_NVRAM_WAN_ADDR_INSTEAD=1
WAN_IP_SOURCE_ADDR="http://automation.whatismyip.com/n09230945.asp"

#logging settings (set to /dev/null for no logging)
STARTUP_SCRIPT_LOG_FILE="/tmp/ipv6.log"
CRON_STATUS_LOG_FILE="/tmp/lastHEUpdate.log"

#Enable this to generate a .wanup script to automatically update local tunnel endpoint address on wan change
ENABLE_WANUP_SCRIPT=1
WANUP_SCRIPT_FILE_PATH="/tmp/etc/config/tunnelUpdate.wanup"

#Generated files paths
CRON_JOB_FILE="/tmp/report.sh"
RADVD_CONFIG="/tmp/radvd.conf"

#***************************
#Settings end here
#***************************

echo "" >> $STARTUP_SCRIPT_LOG_FILE
echo "HE IPv6 Script started" >> $STARTUP_SCRIPT_LOG_FILE

insmod ipv6
sleep 10

#get a hash of the plaintext password
MD5PASSWD=`echo -n $PASSWD | md5sum | sed -e 's/  -//g'`
echo `date` >> $STARTUP_SCRIPT_LOG_FILE

#cut out the "/64" if user typed it in
ROUTED_64_ADDR=`echo $ROUTED_64_ADDR|cut -f1 -d/`
SERVER_IP4_ADDR=`echo $SERVER_IP4_ADDR|cut -f1 -d/`
CLIENT_IPV6_ADDR=`echo $CLIENT_IPV6_ADDR|cut -f1 -d/`
echo "User added addresses cleaned/checked" >> $STARTUP_SCRIPT_LOG_FILE

#get wan ip for our own use
if [ $USE_NVRAM_WAN_ADDR_INSTEAD -eq 1 ]
then
  echo "Fetching WAN IP from NVRAM" >> $STARTUP_SCRIPT_LOG_FILE
  WANIP=$(nvram get wan_ipaddr);
else
  echo "Fetching WAN IP from External Site: " $WAN_IP_SOURCE_ADDR >> $STARTUP_SCRIPT_LOG_FILE
  WANIP=`wget $WAN_IP_SOURCE_ADDR -O - 2>/dev/null`
fi

echo "External IP detected as:" $WANIP >> $STARTUP_SCRIPT_LOG_FILE
if [ -n $WANIP ]
then
echo "configuring tunnel" >> $STARTUP_SCRIPT_LOG_FILE


#update HE endpoint
#need to alllow wan ping or HE will not validate new endpoint
iptables -I INPUT 2 -s $HE_VERIFY_SERVER_IP -p icmp -j ACCEPT
echo -e wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O $CRON_STATUS_LOG_FILE  >>$CRON_JOB_FILE
chmod +x $CRON_JOB_FILE
echo "Cron script created, sending endpoint update request to HE" >> $STARTUP_SCRIPT_LOG_FILE
etime=`date +%s`
wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O /tmp/wget.tmp.$etime
cat /tmp/wget.tmp.$etime >> $STARTUP_SCRIPT_LOG_FILE
echo "" >> $STARTUP_SCRIPT_LOG_FILE
rm /tmp/wget.tmp.$etime


# The following commands are straight from HE's website
ip tunnel add he-ipv6 mode sit remote $SERVER_IP4_ADDR local $WANIP ttl 255
ip link set he-ipv6 up
ip addr add $CLIENT_IPV6_ADDR/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr
TEMP_ADDR=`echo $ROUTED_64_ADDR'1'`

# These commands aren't on HE's website, but they're necessary for the tunnel to work
ip -6 addr add $TEMP_ADDR/64 dev br0
ip route add 2000::/3 dev he-ipv6

#Enable IPv6 forwarding
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

# make sure to accept proto-41
iptables -I INPUT 2 -p ipv6 -i vlan1 -j ACCEPT

#make sure to not NAT proto-41
iptables -t nat -A POSTROUTING --proto ! 41 -o eth0 -j MASQUERADE
echo "creating radvd conf" >> $STARTUP_SCRIPT_LOG_FILE

if [ $ENABLE_OPENDNS_IPV6_DNS -eq 1 ]
then
  echo "Open DNS ipv6 enabled" >> $STARTUP_SCRIPT_LOG_FILE
  echo "nameserver 2620:0:ccc::2" >> /tmp/resolv.dnsmasq
  echo "nameserver 2620:0:ccd::2" >> /tmp/resolv.dnsmasq
fi

#generate wanup script
if [ $ENABLE_WANUP_SCRIPT -eq 1 ]
then
   echo "WANUP script being generated" >> $STARTUP_SCRIPT_LOG_FILE
   dirname $WANUP_SCRIPT_FILE_PATH  | xargs mkdir
   echo 'echo "WANUP script triggered on `date`" >>' $STARTUP_SCRIPT_LOG_FILE > $WANUP_SCRIPT_FILE_PATH
   if [ $USE_NVRAM_WAN_ADDR_INSTEAD -eq 1 ]
   then
      echo -e 'WANIP=$(nvram get wan_ipaddr);' >> $WANUP_SCRIPT_FILE_PATH
   else
      echo -e 'WANIP=`wget $WAN_IP_SOURCE_ADDR -O - 2>/dev/null`' >> $WANUP_SCRIPT_FILE_PATH
   fi
   echo -e wget -q 'http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP'"&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID"  >> $WANUP_SCRIPT_FILE_PATH
   echo 'ip tunnel change he-ipv6 local $WANIP'>>  $WANUP_SCRIPT_FILE_PATH
   chmod +x $WANUP_SCRIPT_FILE_PATH
fi   

#creating radvd.conf
echo "#generated by startup script" > $RADVD_CONFIG
echo "interface br0 {" >> $RADVD_CONFIG
echo "AdvSendAdvert on;" >> $RADVD_CONFIG
echo "prefix "$ROUTED_64_ADDR"/64 {" >> $RADVD_CONFIG
echo "AdvOnLink on;" >> $RADVD_CONFIG
echo "AdvAutonomous on;" >> $RADVD_CONFIG
echo "AdvRouterAddr on;" >> $RADVD_CONFIG
echo "};" >> $RADVD_CONFIG
echo "};" >> $RADVD_CONFIG

echo "starting radvd" >> $STARTUP_SCRIPT_LOG_FILE
radvd -C $RADVD_CONFIG &
fi



Installation steps:
1. Change the settings in the beginning of the above script to your settings.
2. Copy personalized script into Administration > Commands. Save as startup script
3. Go into Administration > Management
4. enable IPv6 and radvd. Leave the config box empty
5. (Optional) enable cron and enter this into "Additional Cron Jobs"
Code:
* 4 * * * root /tmp/report.sh

The above line will auto update the endpoint daily at 4am. Change to personal taste
6. Apply settings, wait for reboot
7. http://ipv6.google.com
http://aaaa.test-ipv6.com/


Last edited by ac1115 on Fri Jun 29, 2012 17:51; edited 6 times in total
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17616
Location: Hesse/Germany

PostPosted: Tue Oct 19, 2010 20:46    Post subject: Reply with quote
nice but it would be better if you could setup a tutorial in the wiki
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
ac1115
DD-WRT User


Joined: 10 Feb 2010
Posts: 53

PostPosted: Tue Oct 19, 2010 21:54    Post subject: Reply with quote
I updated the script with a few little changes. Nothing major. Just a bit of error checking/correction and de-hard-coded a few file paths.

I don't really know how to edit a wiki. But the post as-is is probably good enough for a simple copy/paste. Maybe a bit of formatting
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17616
Location: Hesse/Germany

PostPosted: Sat Oct 23, 2010 13:53    Post subject: Reply with quote
additional changes should be done here:
http://www.dd-wrt.com/wiki/index.php/IPv6_setup_Hurricane_Electric_Tunnel_Broker

_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Mierdin
DD-WRT Novice


Joined: 04 Dec 2010
Posts: 4

PostPosted: Sat Dec 04, 2010 17:38    Post subject: Reply with quote
Trying to find the "long hex code" you referred to in lieu of my username, but can't find it on HE's site.
Could you point me in the right direction?
Mierdin
DD-WRT Novice


Joined: 04 Dec 2010
Posts: 4

PostPosted: Sat Dec 04, 2010 18:34    Post subject: Reply with quote
Forgot to say this as well...your script works phenomenally, by the way. I've been struggling with aiccu problems so I got away from SixXS and tried HE several times before your script with no luck.

I'm running v24sp2 mega on my WRT600N by the way.

I'm still interested in the hex username for HEnet auto-update, though. Their site doesn't seem to want to give me that info.
ac1115
DD-WRT User


Joined: 10 Feb 2010
Posts: 53

PostPosted: Sat Dec 04, 2010 19:35    Post subject: Reply with quote
Mierdin wrote:
Forgot to say this as well...your script works phenomenally, by the way. I've been struggling with aiccu problems so I got away from SixXS and tried HE several times before your script with no luck.

I'm running v24sp2 mega on my WRT600N by the way.

I'm still interested in the hex username for HEnet auto-update, though. Their site doesn't seem to want to give me that info.


I'm glad it's working for you.

As for the long username, look at this page http://tunnelbroker.net/main.php You'll see your name in the center box, up top. And right below it you'll see UserID: and then a very long hex number. That's what I'm referring to.
Cythrawl
DD-WRT Novice


Joined: 22 Dec 2009
Posts: 7

PostPosted: Sun Dec 26, 2010 3:24    Post subject: Reply with quote
I cannot for the life of me get this working.. I have tried on and off over the past few months to get ipv6 running on my network but to no avail.

I found your script today and I thought "this has gotta be it"

Alas its not to be.. I have followed your setup to the letter, and its in the router (latest eko nokaid build of DD-wrt on a Linksys wrtg54g v4)

Script is setup fine etc, however, when I telnet in there are no logfiles under tmp
ipv6.log and lastHEUpdate.log are not there..


so I cant even fault find why its not working.. any ideas?

Also on Tunnelbroker my IP's end in "b1a::2/64" for the Client IP and "b1a::/64" for the routed 64. Do I have to include the "/64" on the settings part of the script, if not there is no number at then end of the :: on routed as you can see... this whole IP6 thing is horribly confusing.. why is it such a bitch to set up? seriously if they want people to migrate to it, why??

I am about to throw the towel in on ipv6 with this router...
ac1115
DD-WRT User


Joined: 10 Feb 2010
Posts: 53

PostPosted: Sun Dec 26, 2010 7:15    Post subject: Reply with quote
hmm, well here's a few things to try if you're up for it.

first, put this in the script file right below the sleep line in the beginning
echo "script started up" >> $STARTUP_SCRIPT_LOG_FILE

hopefully we'll see if the script is even starting up.


second, try a different firmware reversion. A year ago I was bashing my head against a wall trying to get QoS running on a wrt54g running a micro build. turned out QoS was broken in that build. Took me a good 2 weeks before I found out. :x



Also, the script will automatically trim off the /64. so it won't make any difference if you add it on or not.
Cythrawl
DD-WRT Novice


Joined: 22 Dec 2009
Posts: 7

PostPosted: Wed Dec 29, 2010 16:16    Post subject: Reply with quote
after adding that line I now see an ipv6.log that echos the text that it started (I edited it to say IPv6 Script started up).. Also there is a report.sh that states the following :

Code:
root@DD-WRT:/tmp# cat ipv6.log
IPv6 script started up

root@DD-WRT:/tmp# cat report.sh

wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=66dc69fe2e173
615cf1d44d5112118f3&user_id=<Edited Out>8ead&tunnel_id="<MyID Edited Out>" -O
 /tmp/lastHEUpdate.log

root@DD-WRT:/tmp#


When I list the contents of tmp this is what I get.

Code:
root@DD-WRT:/tmp# ls
cron.d          hosts           oet             udhcpc
crontab         igmpproxy.conf  radvd.conf      udhcpc.expires
ddns            ipv6.log        report.sh       var
dnsmasq.conf    loginprompt     resolv.conf     www
dnsmasq.leases  nas.wl0lan.pid  resolv.dnsmasq
etc             nvram           root
root@DD-WRT:/tmp#


I will try a different Firmware revision later today.. Any recommendations as the standard Stable and betas do not have IPv6 in them on this router for some reason...
ac1115
DD-WRT User


Joined: 10 Feb 2010
Posts: 53

PostPosted: Wed Dec 29, 2010 19:04    Post subject: Reply with quote
ok then, it might be your firmware is missing commands that I have.

try either of these two options.
1) put an echo "spot 1" >> $STARTUP_SCRIPT_LOG_FILE after every block of commands following the sleep and modprobe commands, change the number for every echo line. that way you can find out exactly how far the script gets up to

2. try entering these commands into the console. see if any gives an error message, something like command not found

md5sum
cut
wget
Cythrawl
DD-WRT Novice


Joined: 22 Dec 2009
Posts: 7

PostPosted: Wed Dec 29, 2010 20:35    Post subject: Reply with quote
Ok this is where it fails:

Code:
echo -e wget -q "\042http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$MD5PASSWD&user_id=$USERID&tunnel_id=$TUNNELID\042" -O $CRON_STATUS_LOG_FILE  >$CRON_JOB_FILE
chmod +x $CRON_JOB_FILE
wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$MD5PASSWD&user_id=$USERID&tunnel_id=$TUNNELID" -O $STARTUP_SCRIPT_LOG_FILE


None of those commands you gave me report back an error..

The only thing I can think of is that the first wget isnt ended correctly on my copied text file.. Where does that command line end? is
Quote:
chmod +x $CRON_JOB_FILE
another command or should be at the end of the first line?

I have enclosed my Script File for you to look at..
ac1115
DD-WRT User


Joined: 10 Feb 2010
Posts: 53

PostPosted: Wed Dec 29, 2010 20:40    Post subject: Reply with quote
there are 3 lines. check for incorrect line breaks. and try putting an echo in between each one of these.

the first 2 lines are for creating the cron update script. you could safely comment those out if you think they're causing the issues.

Code:

echo -e wget -q "\042http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$MD5PASSWD&user_id=$USERID&tunnel_id=$TUNNELID\042" -O $CRON_STATUS_LOG_FILE  >$CRON_JOB_FILE


chmod +x $CRON_JOB_FILE


wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$MD5PASSWD&user_id=$USERID&tunnel_id=$TUNNELID" -O $STARTUP_SCRIPT_LOG_FILE
Cythrawl
DD-WRT Novice


Joined: 22 Dec 2009
Posts: 7

PostPosted: Wed Dec 29, 2010 21:57    Post subject: Reply with quote
wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$MD5PASSWD&user_id=$USERID&tunnel_id=$TUNNELID" -O $STARTUP_SCRIPT_LOG_FILE

This line is where its getting to... but I get no reason why it fails ...

Checked all breaks and suchlike ..
ac1115
DD-WRT User


Joined: 10 Feb 2010
Posts: 53

PostPosted: Thu Dec 30, 2010 0:12    Post subject: Reply with quote
ok, try

Code:
wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AU
TO&pass=$MD5PASSWD&user_id=$USERID&tunnel_id=$TUNNELID" -O /tmp/test


then read /tmp/test. if wget is functioning correctly, we should get something in the test file.

Also, the router you're setting ipv6 on has a working internet connection, yes?



also, that line is to automatically update the endpoint, which is also non-essential, but useful.

you could manually update the endpoint on the HE website and comment that line out if it's not playing nicely with your router.
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 1 of 8
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum