WikiDevi.Wi-Cat.RU:DD-WRT/IPv6 setup Hurricane Electric Tunnel Broker
About
This will...
Set up HE's tunnel broker service.
Automatically finds your wan ip at boot using whatismyip.com
Automatically updates HE's endpoint on boot
Generates a radvd.conf on boot, and applies it automatically
Generates a executable file that can be used with cron to keep HE's endpoint up-to-date if you have a dynamic IP
My setup for reference.
Optimum Online Cable ISP
WRT610Nv2
v24-sp2 (Aug 12, 2010)
build 14929
You should have an account and tunnel created on the website. This post will not cover that. Install steps are below the script. This script will only work with /64 tunnels/addresses. Don't use it if you're using /48
Script
#v1.4 Feb 29, 2012 #*************************** #Settings start here #*************************** #basic connection settings SERVER_IP4_ADDR="enter ip here" CLIENT_IPV6_ADDR="enter ip here" ROUTED_64_ADDR="enter ip here" #account info to auto update endpoint USERID="enter your hex user id. NOT text username" PASSWD="your plain text password" TUNNELID="your numeric tunnel id" #####Optional/Advanced Settings###### #IPv6 OpenDNS IPv6 Resolver ENABLE_OPENDNS_IPV6_DNS=1 #HE's endpoint verificiation server ip to add to whitelist HE_VERIFY_SERVER_IP="66.220.2.74" #WAN IP Source settings #Set below to 1 to use internal NVRAM wan address instead of fetching it from a site USE_NVRAM_WAN_ADDR_INSTEAD=1 WAN_IP_SOURCE_ADDR="http://automation.whatismyip.com/n09230945.asp" #logging settings (set to /dev/null for no logging) STARTUP_SCRIPT_LOG_FILE="/tmp/ipv6.log" CRON_STATUS_LOG_FILE="/tmp/lastHEUpdate.log" #Enable this to generate a .wanup script to automatically update local tunnel endpoint address on wan change ENABLE_WANUP_SCRIPT=1 WANUP_SCRIPT_FILE_PATH="/tmp/etc/config/tunnelUpdate.wanup" #Generated files paths CRON_JOB_FILE="/tmp/report.sh" RADVD_CONFIG="/tmp/radvd.conf" #*************************** #Settings end here #*************************** echo "" >> $STARTUP_SCRIPT_LOG_FILE echo "HE IPv6 Script started" >> $STARTUP_SCRIPT_LOG_FILE insmod ipv6 sleep 10 #get a hash of the plaintext password MD5PASSWD=`echo -n $PASSWD | md5sum | sed -e 's/ -//g'` echo `date` >> $STARTUP_SCRIPT_LOG_FILE #cut out the "/64" if user typed it in ROUTED_64_ADDR=`echo $ROUTED_64_ADDR|cut -f1 -d/` SERVER_IP4_ADDR=`echo $SERVER_IP4_ADDR|cut -f1 -d/` CLIENT_IPV6_ADDR=`echo $CLIENT_IPV6_ADDR|cut -f1 -d/` echo "User added addresses cleaned/checked" >> $STARTUP_SCRIPT_LOG_FILE #get wan ip for our own use if [ $USE_NVRAM_WAN_ADDR_INSTEAD -eq 1 ] then echo "Fetching WAN IP from NVRAM" >> $STARTUP_SCRIPT_LOG_FILE WANIP=$(nvram get wan_ipaddr); else echo "Fetching WAN IP from External Site: " $WAN_IP_SOURCE_ADDR >> $STARTUP_SCRIPT_LOG_FILE WANIP=`wget $WAN_IP_SOURCE_ADDR -O - 2>/dev/null` fi echo "External IP detected as:" $WANIP >> $STARTUP_SCRIPT_LOG_FILE if [ -n $WANIP ] then echo "configuring tunnel" >> $STARTUP_SCRIPT_LOG_FILE #update HE endpoint #need to alllow wan ping or HE will not validate new endpoint iptables -I INPUT 2 -s $HE_VERIFY_SERVER_IP -p icmp -j ACCEPT echo -e wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O $CRON_STATUS_LOG_FILE >>$CRON_JOB_FILE chmod +x $CRON_JOB_FILE echo "Cron script created, sending endpoint update request to HE" >> $STARTUP_SCRIPT_LOG_FILE etime=`date +%s` wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O /tmp/wget.tmp.$etime cat /tmp/wget.tmp.$etime >> $STARTUP_SCRIPT_LOG_FILE echo "" >> $STARTUP_SCRIPT_LOG_FILE rm /tmp/wget.tmp.$etime # The following commands are straight from HE's website ip tunnel add he-ipv6 mode sit remote $SERVER_IP4_ADDR local $WANIP ttl 255 ip link set he-ipv6 up ip addr add $CLIENT_IPV6_ADDR/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip -f inet6 addr TEMP_ADDR=`echo $ROUTED_64_ADDR'1'` # These commands aren't on HE's website, but they're necessary for the tunnel to work ip -6 addr add $TEMP_ADDR/64 dev br0 ip route add 2000::/3 dev he-ipv6 #Enable IPv6 forwarding echo 1 > /proc/sys/net/ipv6/conf/all/forwarding # make sure to accept proto-41 iptables -I INPUT 2 -p ipv6 -i vlan1 -j ACCEPT #make sure to not NAT proto-41 iptables -t nat -A POSTROUTING --proto ! 41 -o eth0 -j MASQUERADE echo "creating radvd conf" >> $STARTUP_SCRIPT_LOG_FILE if [ $ENABLE_OPENDNS_IPV6_DNS -eq 1 ] then echo "Open DNS ipv6 enabled" >> $STARTUP_SCRIPT_LOG_FILE echo "nameserver 2620:0:ccc::2" >> /tmp/resolv.dnsmasq echo "nameserver 2620:0:ccd::2" >> /tmp/resolv.dnsmasq fi #generate wanup script if [ $ENABLE_WANUP_SCRIPT -eq 1 ] then echo "WANUP script being generated" >> $STARTUP_SCRIPT_LOG_FILE dirname $WANUP_SCRIPT_FILE_PATH | xargs mkdir echo 'echo "WANUP script triggered on `date`" >>' $STARTUP_SCRIPT_LOG_FILE > $WANUP_SCRIPT_FILE_PATH if [ $USE_NVRAM_WAN_ADDR_INSTEAD -eq 1 ] then echo -e 'WANIP=$(nvram get wan_ipaddr);' >> $WANUP_SCRIPT_FILE_PATH else echo -e 'WANIP=`wget $WAN_IP_SOURCE_ADDR -O - 2>/dev/null`' >> $WANUP_SCRIPT_FILE_PATH fi echo -e wget -q 'http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP'"&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" >> $WANUP_SCRIPT_FILE_PATH echo 'ip tunnel change he-ipv6 local $WANIP'>> $WANUP_SCRIPT_FILE_PATH chmod +x $WANUP_SCRIPT_FILE_PATH fi #creating radvd.conf echo "#generated by startup script" > $RADVD_CONFIG echo "interface br0 {" >> $RADVD_CONFIG echo "AdvSendAdvert on;" >> $RADVD_CONFIG echo "prefix "$ROUTED_64_ADDR"/64 {" >> $RADVD_CONFIG echo "AdvOnLink on;" >> $RADVD_CONFIG echo "AdvAutonomous on;" >> $RADVD_CONFIG echo "AdvRouterAddr on;" >> $RADVD_CONFIG echo "};" >> $RADVD_CONFIG echo "};" >> $RADVD_CONFIG echo "starting radvd" >> $STARTUP_SCRIPT_LOG_FILE radvd -C $RADVD_CONFIG & fi
Install Steps
Installation steps:
- Change the settings in the beginning of the above script to your settings.
- Copy personalized script into Administration > Commands. Save as startup script
- Go into Administration > Management
- enable IPv6 and radvd. Leave the config box empty
- (Optional) enable cron and enter this into "Additional Cron Jobs"
Code:
* 4 * * * root /tmp/report.sh
The above line will auto update the endpoint daily at 4am. Change to personal taste
- Apply settings, wait for reboot
OpenDNS Setting
This setting will append the following two entries into /tmp/resolv.dnsmasq
nameserver 2620:0:ccc::2 nameserver 2620:0:ccd::2
These will give dnsmasq access to the OpenDNS Sandbox DNS servers. These will give access to IPv6 only dns entries. (And will also give you double 10s on test-ipv6.com ;) )
Dnsmasq must be enabled (DHCP Server) or this will not work!
Also dnsmasq needs to be used for DNS.
On my working box, I have...
Under Setup...
Static DNS1 - 208.67.222.222 (OpenDNS ipv4 dns server, not required)
Static DNS2 - 208.67.220.220 (OpenDNS ipv4 dns server, not required)
Use DNSMasq for DHCP - Checked
Use DNSMasq for DNS - Checked
DHCP-Authoritative - Checked
Under Services...
DNSMasq - Enabled
Local DNS - Enabled
No DNS Rebind - Disabled
All clients have only 1 dns entry : 192.168.1.1 (My router's IP Address)
Reducing Script Size
The script size is increasing as new features and error checking is added. Your NVRAM might be too small to hold this script along with the other settings your router uses.
To get around this you could move the script to your jffs or usb partition then reference the script in Administrator > Command instead of copying the entire script.
If you do not have a JFFS or USB partition, you can remove all the comments from the script and you can replace all the variable names with single letters. Both of these will significantly reduce the size of the script.
See Also
Test the setup with e.g.:
http://ipv6.google.com
http://aaaa.test-ipv6.com/
Forum link:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=81060
Example of Basic Connection settings syntax
SERVER_IP4_ADDR="0.0.0.0" CLIENT_IPV6_ADDR="0000:000:0000:000::0" ROUTED_64_ADDR="0000:000:0000:000::0"