• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

HE - Tunnel with a dynamic ip-address

Started by freese60, December 05, 2008, 08:03:36 AM

Previous topic - Next topic

freese60

Hello,

most of the normal users, like me, have an internet connection with a dynamic ip-address (DSL with NAT etc.) and not a static ip-address, which would be much easier to handle, but also is much more expensive. The tunnel works als long as the dynamic ip-address doesn´t change. The people at Sixxs use the programm aiccu for solving this problem, with -heartbeats- and -aiya- etc.
This solution is not possible for HE, as far as I know.
During the last days I set up a tunnel with HE and a subnet, all works fine. Thanks to HE for the free service.
The thing that remained to be solved was the automatic update of the tunnel endpoint, the dynamic ip-address. The solution I found is as follows (shell script/Debian):

#######################################################################
# Update des HE (Hurricane Electric) ipv6-Tunnels, wegen der dynamischen IP
#######################################################################
NEW_IP=`host freese.mx-host.de | grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>'`

wget --no-check-certificate -T10 -a$LOG - "https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$NEW_IP&pass=YOUR_MD5_PASS&user_id=YOUR_HE_ID
&tunnel_id=YOUR_HE_TUNNELID"

---------------------------------------------------------------
where:
the wget option -a$LOG means my own logfile, you take your own or remove the option
the https:// string is as suggested by HE for update

and NEW_IP,  the shell variable gets the new (dynamic) ip-address from one of my Dyn.DNS providers.
The general solution could be, for other users:

NEW_IP=`wget http://whatismyip.org/ -q -O - | grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>'`

You may run this script at startup oder as a -cron- job.


jrowens

freese60: If you'd like to try out my modified ddclient, and know your way around a tarball & patch, you could try installing standard ddclient for your distribution (I'd guess Debian has it), and apply the patch I've submitted:
https://sourceforge.net/tracker2/index.php?func=detail&aid=2471040&group_id=116817&atid=676130

It could use some testing, but should be fairly safe.  The big question about it that I'd like answered is whether the tunnel needs to be rebuilt after an IP address change.  My IP almost never changes, so I won't get to find out for a while.  If yours changes more often, and you find out whether it needs rebuilding, please let me know, there or here.  I think I know how it can handle that, if it needs to be handled.

Oh, for those who aren't familiar with it, ddclient is a perl program to automatically update dynamic DNS information whenever your IP address changes.  I've done some work on it in the past, so I already know its innards fairly well, and when I was thinking of how to update HE tunnel IPs, once it occurred to me, it seemed a natural fit, even if the target is rather different.

freese60

Hello,

you wrote:

The big question about it that I'd like answered is whether the tunnel needs to be rebuilt after an IP address change.

---> as far as I experienced here, you only have to change the IP4 address (automatically) and everything works fine, the tunnel must not be rebuild.

I know that the automatic IP change via wget is not the best solution, only an easy to use workaround.
The easiest/best way to detect an ip change, if you use NAT/DSL -Router, is to establish an internet connection via ppp (debian/linux) and then use nsupdate (package bind9) to do dynamic update in your own name servers. This solution seems to be the best, and you no longer depend on companies like dyndns.org etc. for dynamic ip stuff.
And the best solution ist of course, if you use IPv6, then you have almost unlimited static ip-addresses (a few billion) and don´ t have to handle this limited IPv4 technology anymore.

limemonkey

Hi, i have changed your code to be a bit more universal. I am using it together with MarcoPolo, since i did not find any better way to execute the script on network changes. Because marcopolo runs under the user's account, i had to embed the password for sudo in the script.


#######################################################################
# Config start
#######################################################################
# Your Mac OS X account's password, needed for sudo
PASS="pass1234"

# en1 = Airport, en0 = Ethernet, would be nicer to detect the active interface automatically
MYIF="en1"


# Your Tunnel settings start here
# 1. get HEUSER hash from the website, "UserID"
# 2. get HEPASS hash: echo -n MyPass|md5
# 3. get HETUNNEL from the website, "Global Tunnel ID"
# 4. get other settings from the website

HEUSER=5d41402abc4b2a76b9719d911017c592
HEPASS=5d41402abc4b2a76b9719d911017c592
HETUNNEL=12123
HETHEIR4END=216.66.80.30
HEYOUR6END=2001:1234:1234:1234::2
HETHEIR6END=2001:1234:1234:1234::1

#######################################################################
# Config end
#######################################################################
NEW_IP=`curl -s "http://www.networksecuritytoolkit.org/nst/cgi-bin/ip.cgi"`

# if you need to use your public ip address, use LOCAL_IP=$NEW_IP instead
LOCAL_IP=`ifconfig $MYIF |grep -E 'inet.[0-9]' | grep -v '127.0.0.1' | awk '{ print $2}'`

#ignore any errors:
echo $PASS |sudo -S ifconfig gif0 deletetunnel
sudo ifconfig gif0 down
sudo ifconfig gif0 inet6 delete $(ifconfig gif0 | sed -nE 's/.*inet6 ([0-9a-f:]+) .*/\1/p')
sudo route delete -inet6 default -interface gif0

# update the tunnel
curl -k -s "https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$NEW_IP&pass=$HEPASS&user_id=$HEUSER&tunnel_id=$HETUNNEL"
echo " "

sleep 1
sudo ifconfig gif0 tunnel $LOCAL_IP $HETHEIR4END
sudo ifconfig gif0 inet6 $HEYOUR6END $HETHEIR6END prefixlen /128
sudo route -n add -inet6 default $HETHEIR6END

pklaus

Hello there! I realize that the thread is already a bit old, but it is usefull nevertheless!

Quote from: freese60 on December 05, 2008, 08:03:36 AMDuring the last days I set up a tunnel with HE and a subnet, all works fine. Thanks to HE for the free service.
The thing that remained to be solved was the automatic update of the tunnel endpoint, the dynamic ip-address.

Quote from: limemonkey on January 10, 2009, 03:32:04 AM
Hi, i have changed your code to be a bit more universal.

Thanks for your good work. I further modified it and published my code in a gist on github.com. It works for my on Mac OS X 10.6.7:

https://gist.github.com/960672#file_tunnelbroker_net.sh