In summer I gave up the additional "luxury" Internet access (with native IPv6 and fixed IPv4 address) to cut costs, leaving me without IPv6 at home. Now, a few weeks ago, one of our local IPv6 evangelists triggered me to try the free tunnel offering from Hurricane Electric (HE), and so I did. This weekend I put together the remaining pieces, so now I have everything in place again, including tunnel updates when my home IP address changes, and reverse DNS delegation.
Getting the tunnel to work was not that easy. On the HE tunnel broker website the information on how to update the tunnel information (i.e. the web API) is not exactly pushed into your face; googling helps. The first script I found for the Mikrotik router, though, seems to use an outdated version of the API, and then you don't want the router to do that anyway – while it has an HTTP client that you can use in scripts, it does not do https (WTF?!), so it sends your password in clear text. And don't get me started on the scripting language.
Anyway, for (IPv4) dynamic DNS updates I have a script on my home server watch the external IP address anyway, so this could as well trigger a script to update the tunnel when the address changed. This is so much easier in a shell script than with a router script...
In case anyone else needs something like it, this is the script:
Getting the tunnel to work was not that easy. On the HE tunnel broker website the information on how to update the tunnel information (i.e. the web API) is not exactly pushed into your face; googling helps. The first script I found for the Mikrotik router, though, seems to use an outdated version of the API, and then you don't want the router to do that anyway – while it has an HTTP client that you can use in scripts, it does not do https (WTF?!), so it sends your password in clear text. And don't get me started on the scripting language.
Anyway, for (IPv4) dynamic DNS updates I have a script on my home server watch the external IP address anyway, so this could as well trigger a script to update the tunnel when the address changed. This is so much easier in a shell script than with a router script...
In case anyone else needs something like it, this is the script:
Of course, be sure to understand what this does before you use it. Needs#!/bin/ksh
# update HE ipv6 tunnel with Mikrotik router
USER=he_user # HE account username
PASS=hepassword # HE account password
HOST=12345678 # HE tunnel ID
URL="https://ipv4.tunnelbroker.net/nic/update?username=$USER&password=$PASS&hostname=$HOST"
TNIF=sit1 # Mikrotik router's tunnel interface name
ROUTER=mt_router # router hostname
ADMIN=admin # router admin account
SSHKEY=$HOME/.ssh/id_dsa_$ROUTER # ssh identity key file
SSH="ssh -i $SSHKEY $ADMIN@$ROUTER"
curl -s -k "$URL" | while read mode addr; do
case "$mode" in
good) $SSH "/interface 6to4 set [find name=sit1] local-address=$addr"
logger "$0: new address $addr";;
nochg) logger "$0: address unchanged $addr";;
*) logger "$0: unknown response $mode $addr";;
esac
done
curl
, and the approriate ssh key file in place. The ssh key must be good for admin access at the router.