WikiDevi.Wi-Cat.RU:DD-WRT/IPv6 setup Hurricane Electric Tunnel Broker

About
This will... Set up HE's tunnel broker service. Automatically finds your wan ip at boot using whatismyip.com Automatically updates HE's endpoint on boot Generates a radvd.conf on boot, and applies it automatically Generates a executable file that can be used with cron to keep HE's endpoint up-to-date if you have a dynamic IP

My setup for reference. Optimum Online Cable ISP WRT610Nv2 v24-sp2 (Aug 12, 2010) build 14929

You should have an account and tunnel created on the website. This post will not cover that. Install steps are below the script. This script will only work with /64 tunnels/addresses. Don't use it if you're using /48

Script

 * 1) v1.4 Feb 29, 2012
 * 2) Settings start here
 * 1) Settings start here

SERVER_IP4_ADDR="enter ip here" CLIENT_IPV6_ADDR="enter ip here" ROUTED_64_ADDR="enter ip here"
 * 1) basic connection settings

USERID="enter your hex user id. NOT text username" PASSWD="your plain text password" TUNNELID="your numeric tunnel id"
 * 1) account info to auto update endpoint


 * 1) Optional/Advanced Settings######

ENABLE_OPENDNS_IPV6_DNS=1
 * 1) IPv6 OpenDNS IPv6 Resolver

HE_VERIFY_SERVER_IP="66.220.2.74"
 * 1) HE's endpoint verificiation server ip to add to whitelist

USE_NVRAM_WAN_ADDR_INSTEAD=1 WAN_IP_SOURCE_ADDR="http://automation.whatismyip.com/n09230945.asp"
 * 1) WAN IP Source settings
 * 2) Set below to 1 to use internal NVRAM wan address instead of fetching it from a site

STARTUP_SCRIPT_LOG_FILE="/tmp/ipv6.log" CRON_STATUS_LOG_FILE="/tmp/lastHEUpdate.log"
 * 1) logging settings (set to /dev/null for no logging)

ENABLE_WANUP_SCRIPT=1 WANUP_SCRIPT_FILE_PATH="/tmp/etc/config/tunnelUpdate.wanup"
 * 1) Enable this to generate a .wanup script to automatically update local tunnel endpoint address on wan change

CRON_JOB_FILE="/tmp/report.sh" RADVD_CONFIG="/tmp/radvd.conf"
 * 1) Generated files paths


 * 1) Settings end here
 * 1) Settings end here

echo "" >> $STARTUP_SCRIPT_LOG_FILE echo "HE IPv6 Script started" >> $STARTUP_SCRIPT_LOG_FILE

insmod ipv6 sleep 10

MD5PASSWD=`echo -n $PASSWD | md5sum | sed -e 's/ -//g'` echo `date` >> $STARTUP_SCRIPT_LOG_FILE
 * 1) get a hash of the plaintext password

ROUTED_64_ADDR=`echo $ROUTED_64_ADDR|cut -f1 -d/` SERVER_IP4_ADDR=`echo $SERVER_IP4_ADDR|cut -f1 -d/` CLIENT_IPV6_ADDR=`echo $CLIENT_IPV6_ADDR|cut -f1 -d/` echo "User added addresses cleaned/checked" >> $STARTUP_SCRIPT_LOG_FILE
 * 1) cut out the "/64" if user typed it in

if [ $USE_NVRAM_WAN_ADDR_INSTEAD -eq 1 ] then echo "Fetching WAN IP from NVRAM" >> $STARTUP_SCRIPT_LOG_FILE WANIP=$(nvram get wan_ipaddr); else echo "Fetching WAN IP from External Site: " $WAN_IP_SOURCE_ADDR >> $STARTUP_SCRIPT_LOG_FILE WANIP=`wget $WAN_IP_SOURCE_ADDR -O - 2>/dev/null` fi
 * 1) get wan ip for our own use

echo "External IP detected as:" $WANIP >> $STARTUP_SCRIPT_LOG_FILE if [ -n $WANIP ] then echo "configuring tunnel" >> $STARTUP_SCRIPT_LOG_FILE

iptables -I INPUT 2 -s $HE_VERIFY_SERVER_IP -p icmp -j ACCEPT echo -e wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O $CRON_STATUS_LOG_FILE >>$CRON_JOB_FILE chmod +x $CRON_JOB_FILE echo "Cron script created, sending endpoint update request to HE" >> $STARTUP_SCRIPT_LOG_FILE etime=`date +%s` wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O /tmp/wget.tmp.$etime cat /tmp/wget.tmp.$etime >> $STARTUP_SCRIPT_LOG_FILE echo "" >> $STARTUP_SCRIPT_LOG_FILE rm /tmp/wget.tmp.$etime
 * 1) update HE endpoint
 * 2) need to alllow wan ping or HE will not validate new endpoint

ip tunnel add he-ipv6 mode sit remote $SERVER_IP4_ADDR local $WANIP ttl 255 ip link set he-ipv6 up ip addr add $CLIENT_IPV6_ADDR/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip -f inet6 addr TEMP_ADDR=`echo $ROUTED_64_ADDR'1'`
 * 1) The following commands are straight from HE's website

ip -6 addr add $TEMP_ADDR/64 dev br0 ip route add 2000::/3 dev he-ipv6
 * 1) These commands aren't on HE's website, but they're necessary for the tunnel to work

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 * 1) Enable IPv6 forwarding

iptables -I INPUT 2 -p ipv6 -i vlan1 -j ACCEPT
 * 1) make sure to accept proto-41

iptables -t nat -A POSTROUTING --proto ! 41 -o eth0 -j MASQUERADE echo "creating radvd conf" >> $STARTUP_SCRIPT_LOG_FILE
 * 1) make sure to not NAT proto-41

if [ $ENABLE_OPENDNS_IPV6_DNS -eq 1 ] then echo "Open DNS ipv6 enabled" >> $STARTUP_SCRIPT_LOG_FILE echo "nameserver 2620:0:ccc::2" >> /tmp/resolv.dnsmasq echo "nameserver 2620:0:ccd::2" >> /tmp/resolv.dnsmasq fi

if [ $ENABLE_WANUP_SCRIPT -eq 1 ] then echo "WANUP script being generated" >> $STARTUP_SCRIPT_LOG_FILE dirname $WANUP_SCRIPT_FILE_PATH | xargs mkdir echo 'echo "WANUP script triggered on `date`" >>' $STARTUP_SCRIPT_LOG_FILE > $WANUP_SCRIPT_FILE_PATH if [ $USE_NVRAM_WAN_ADDR_INSTEAD -eq 1 ] then echo -e 'WANIP=$(nvram get wan_ipaddr);' >> $WANUP_SCRIPT_FILE_PATH else echo -e 'WANIP=`wget $WAN_IP_SOURCE_ADDR -O - 2>/dev/null`' >> $WANUP_SCRIPT_FILE_PATH fi echo -e wget -q 'http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP'"&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" >> $WANUP_SCRIPT_FILE_PATH echo 'ip tunnel change he-ipv6 local $WANIP'>> $WANUP_SCRIPT_FILE_PATH chmod +x $WANUP_SCRIPT_FILE_PATH fi
 * 1) generate wanup script

echo "#generated by startup script" > $RADVD_CONFIG echo "interface br0 {" >> $RADVD_CONFIG echo "AdvSendAdvert on;" >> $RADVD_CONFIG echo "prefix "$ROUTED_64_ADDR"/64 {" >> $RADVD_CONFIG echo "AdvOnLink on;" >> $RADVD_CONFIG echo "AdvAutonomous on;" >> $RADVD_CONFIG echo "AdvRouterAddr on;" >> $RADVD_CONFIG echo "};" >> $RADVD_CONFIG echo "};" >> $RADVD_CONFIG
 * 1) creating radvd.conf

echo "starting radvd" >> $STARTUP_SCRIPT_LOG_FILE radvd -C $RADVD_CONFIG & fi

Install Steps
Installation steps: Code: * 4 * * * root /tmp/report.sh
 * Change the settings in the beginning of the above script to your settings.
 * Copy personalized script into Administration > Commands. Save as startup script
 * Go into Administration > Management
 * enable IPv6 and radvd. Leave the config box empty
 * (Optional) enable cron and enter this into "Additional Cron Jobs"

The above line will auto update the endpoint daily at 4am. Change to personal taste
 * Apply settings, wait for reboot

OpenDNS Setting
This setting will append the following two entries into /tmp/resolv.dnsmasq

nameserver 2620:0:ccc::2 nameserver 2620:0:ccd::2

These will give dnsmasq access to the OpenDNS Sandbox DNS servers. These will give access to IPv6 only dns entries. (And will also give you double 10s on test-ipv6.com ;) )

Dnsmasq must be enabled (DHCP Server) or this will not work!

Also dnsmasq needs to be used for DNS.

On my working box, I have... Under Setup... Static DNS1 - 208.67.222.222  (OpenDNS ipv4 dns server, not required) Static DNS2 - 208.67.220.220  (OpenDNS ipv4 dns server, not required) Use DNSMasq for DHCP  - Checked Use DNSMasq for DNS    - Checked DHCP-Authoritative        - Checked

Under Services... DNSMasq   - Enabled Local DNS  - Enabled No DNS Rebind - Disabled

All clients have only 1 dns entry :  192.168.1.1 (My router's IP Address)

Reducing Script Size
The script size is increasing as new features and error checking is added. Your NVRAM might be too small to hold this script along with the other settings your router uses.

To get around this you could move the script to your jffs or usb partition then reference the script in Administrator > Command instead of copying the entire script.

If you do not have a JFFS or USB partition, you can remove all the comments from the script and you can replace all the variable names with single letters. Both of these will significantly reduce the size of the script.