I have had a number of hurricane electric IPv6 tunnels for a while. On my routers I’ve had scripts to update hurricane electric’s records when my dynamic IP address on the router changes. However recently I noticed on my RB 751 the script was no longer working. I have googled this to death, and have played with all of the different scripts I have been able to find, and I can’t get anything to work. The scripts run, and they make log entries, but the numbers don’t change on hurricane electric’s end.

I’m running version 6.12 of router OS.

If anybody has a working script I would really appreciate a copy of it. I suspect I’m not the only one pulling my hair out with this. Thanks so much!

Change the following lines from the script in MikroTik Wiki. The password must be specified in plain text instead of an md5 checksum.

:local HEupdatepath "/nic/update"

                          "?username=" . $HEuserid . \
                          "&password=" . $HEpass . \
                          "&hostname=" . $HEtunnelid . \
                          "&myip=" . $HEipv4addr) \

Original script from MikroTik Wiki.

http://wiki.mikrotik.com/wiki/Hurricane_Electric_IPv6_Tunnel_-_IPv4_Endpoint_updater


This is my script.

Update Hurricane Electric IPv6 Tunnel Client IPv4 address

#--------------- Beginning of user defined variables ------------------

This routers 6to4 Tunnel Interface

:local HEtunnelinterface “6to4 Interface”

Hurricane Electric Tunnel ID

:local HEtunnelid “Tunnel ID”

Hurricane Electric Username

:local HEuserid “HE Username”

Hurricane Electric Password in Plain Text

:local HEpass “HE Password”

This routers WAN Interface

:local WANinterface “WAN Interface”

#--------------- End of user defined variables -----------------------------

:local HEupdatehost “ipv4.tunnelbroker.net”
:local HEupdatepath “/nic/update”

:local outputfile (“HE-” . $HEtunnelid . “.txt”)

Internal processing below…

----------------------------------

:local HEipv4addr

Get WAN interface IP address

:set HEipv4addr [/ip address get [/ip address find interface=$WANinterface] address]
:set HEipv4addr [:pick [:tostr $HEipv4addr] 0 [:find [:tostr $HEipv4addr] “/”]]

:if ([:len $HEipv4addr] = 0) do={
:log error ("Could not get IP for interface " . $WANinterface)
:error ("Could not get IP for interface " . $WANinterface)
}

Update the HEtunnelinterface with WAN IP

/interface 6to4 {
:if ([get ($HEtunnelinterface) local-address] != $HEipv4addr) do={
:log info ("Updating " . $HEtunnelinterface . " local-address with new IP " . $HEipv4addr . “…”)
set ($HEtunnelinterface) local-address=$HEipv4addr
}
}

:log info ("Updating IPv6 Tunnel " . $HEtunnelid . " Client IPv4 address to new IP " . $HEipv4addr . “…”)
/tool fetch mode=http
host=($HEupdatehost)
url=(“http://” . $HEupdatehost . $HEupdatepath .
“?username=” . $HEuserid .
“&password=” . $HEpass .
“&hostname=” . $HEtunnelid .
“&myip=” . $HEipv4addr)
dst-path=($outputfile)

:log info ([/file get ($outputfile) contents])
/file remove ($outputfile)

Thank you so much THG ! I really appreciate it!

Wiki Mikrotik script with a fully working, but instead need to embed Update Key (Advanced > Update Key)

:local HEupdatekey “”# Update Hurricane Electric IPv6 Tunnel Client IPv4 address

:local HEtunnelinterface “<this router’s tunnel interface name>”
:local HEtunnelid “”
:local HEuserid “”
:local HEupdatekey “”
:local HEupdatehost “ipv4.tunnelbroker.net”
:local HEupdatepath “/ipv4_end.php”
:local WANinterface “WAN”
:local outputfile (“HE-” . $HEtunnelid . “.txt”)

Internal processing below…

----------------------------------

:local HEipv4addr

Get WAN interface IP address

:set HEipv4addr [/ip address get [/ip address find interface=$WANinterface] address]
:set HEipv4addr [:pick [:tostr $HEipv4addr] 0 [:find [:tostr $HEipv4addr] “/”]]

:if ([:len $HEipv4addr] = 0) do={
:log error ("Could not get IP for interface " . $WANinterface)
:error ("Could not get IP for interface " . $WANinterface)
}

Update the HEtunnelinterface with WAN IP

/interface 6to4 {
:if ([get ($HEtunnelinterface) local-address] != $HEipv4addr) do={
:log info ("Updating " . $HEtunnelinterface . " local-address with new IP " . $HEipv4addr . “…”)
set ($HEtunnelinterface) local-address=$HEipv4addr
}
}

:log info ("Updating IPv6 Tunnel " . $HEtunnelid . " Client IPv4 address to new IP " . $HEipv4addr . “…”)
/tool fetch mode=http
host=($HEupdatehost)
url=(“http://” . $HEupdatehost . $HEupdatepath .
“?ipv4b=” . $HEipv4addr .
“&pass=” . $HEupdatekey .
“&user_id=” . $HEuserid .
“&tunnel_id=” . $HEtunnelid)
dst-path=($outputfile)

:log info ([/file get ($outputfile) contents])
/file remove ($outputfile)

Is there a reason why you call the Hurricane Electric updater even when the local IPv4 address hasn’t changed?
Also fetch supports https now.

Here is what I use:

# Update Hurricane Electric IPv6 Tunnel Client IPv4 address

#--------------- Beginning of user defined variables ------------------

# This routers 6to4 Tunnel Interface
:local HEtunnelinterface "Your local tunnel interface here, e.g. sit1"

# Hurricane Electric Tunnel ID
:local HEtunnelid "Your Tunnel ID here, e.g. 123456"

# Hurricane Electric Username
:local HEuserid "Your Hurricane Electric username here"

# Hurricane Electric Update Key in Plain Text
:local HEpass "Your Update Key here (get it from Advanced -> Update Key)"

# This routers WAN Interface
:local WANinterface "Your WAN Interface here"

#--------------- End of user defined variables -----------------------------

:local HEupdatehost "ipv4.tunnelbroker.net"
:local HEupdatepath "/nic/update"

:local outputfile ("HE-" . $HEtunnelid . ".txt")

# Internal processing below...
# ----------------------------------
:local HEipv4addr

# Get WAN interface IP address
:set HEipv4addr [/ip address get [/ip address find interface=$WANinterface] address]
:set HEipv4addr [:pick [:tostr $HEipv4addr] 0 [:find [:tostr $HEipv4addr] "/"]]

:if ([:len $HEipv4addr] = 0) do={
   :log error ("Could not get IP for interface " . $WANinterface)
   :error ("Could not get IP for interface " . $WANinterface)
}

# Update the HEtunnelinterface with WAN IP
/interface 6to4 {
   :if ([get ($HEtunnelinterface) local-address] != $HEipv4addr) do={
      :log info ("Updating " . $HEtunnelinterface . " local-address with new IP " . $HEipv4addr . "...")
      set ($HEtunnelinterface) local-address=$HEipv4addr
      :log info ("Updating IPv6 Tunnel " . $HEtunnelid . " Client IPv4 address to new IP " . $HEipv4addr . "...")
      /tool fetch mode=https \
                  host=($HEupdatehost) \
                  url=("https://" . $HEupdatehost . $HEupdatepath . \
                          "?username=" . $HEuserid . \
                          "&password=" . $HEpass . \
                          "&hostname=" . $HEtunnelid . \
                          "&myip=" . $HEipv4addr) \
                  dst-path=($outputfile)
      :log info ([/file get ($outputfile) contents])
      /file remove ($outputfile)
   } else={
      :log info ("No update necessary, " . $HEtunnelinterface . " still works through IPv4 IP " . $HEipv4addr . ".") 
   }
}

Is there a reason why you have your 6to4 local address set to your WAN IP?
I have my 6to4 local address set to the routers local IP.
If I set the 6to4 local address to the WAN IP no traffic passes, even if I allow proto41 input.

EDIT: Fixed the above, needed to add a dst-nat above my masquerade.
But now, running your script, it will update the local address of my tunnel, but fails to update the HE client IP. It doesn’t give a reason in the log.

If I build up the address from the script and put it into my browser, I’ll get a simple login username and password box rather than it updating my IP. If I put in my username and update key as password it’ll work from there.

https://ipv4.tunnelbroker.net/nic/update?username=&password=&hostname=&myip=<newip>

In a browser, it only seems to work for me if I format it as

https://:@ipv4.tunnelbroker.net/nic/update?hostname=&myip=<newip>

does anyone have script tunnelbroker in case we only get private ip in our WAN interface?
the idea we can compare the ip public between ip cloud compared to ip that already set in tunnelbroker..

if u have that kind of script..lets share with us.
thanks

I use something like this to force a change to HE only when the public IP changes.

:global WANIP
:local currentWANIP [/ip/cloud/get public-address]

:if ($currentWANIP != $WANIP) do={
	/tool/fetch url="as indicated by HE info page" src-address=<private IP wan> keep-result=no
	:set $WANIP ($currentWANIP)
}

:set $WANIP ($currentWANIP)
=>
:set WANIP $currentWANIP

You’re right since no operation, other than assignment.
Point noted, thanks.

After the recent outage of /ip/cloud I’ve decided to include one more check before sending the update to HE server, so here is the latest code that I use:

:global WANIP
:local cloudStatus [/ip/cloud/get status]
:local currentWANIP

:if ($cloudStatus = "updated") do={
	:set $currentWANIP [/ip/cloud/get public-address]
} else={
	:set $currentWANIP 0.0.0.0
}

:if ($currentWANIP != 0.0.0.0 and $currentWANIP != $WANIP) do={
	/tool/fetch url="https://<your account data>@ipv4.tunnelbroker.net/nic/update\?hostname=<tunnel ID>" src-address=<WAN IP> keep-result=no
	:set $WANIP $currentWANIP
	:log info "Updated TunnelBroker EndPoint - $currentWANIP"
}

Remove all errors, and not erros, on syntax…

:global WANIP
:local cloudStatus  [/ip cloud get status]
:local currentWANIP $WANIP

:if ($cloudStatus = "updated") do={ :set currentWANIP [/ip cloud get public-address] }

:if ($currentWANIP != $WANIP) do={
    /tool fetch src-address=<WAN IP> keep-result=no \
        url="https://<your account data>@ipv4.tunnelbroker.net/nic/update\3Fhostname=<tunnel ID>"
    :set WANIP $currentWANIP
    :log info "Updated TunnelBroker EndPoint - $currentWANIP"
}

Ok, I will take your advice about :local currentWANIP $WANIP instead of setting 0.0.0.0, better logic.

Ti ringrazio.

thanks your idea

Thanks, but I just fix errors, the idea is from @accarda