Update to "Hurricane Electric IPv6toIPv4 Endpoint updater"

CristianDeluxe · November 7, 2011, 4:06am

Hi i would like to add an update of this script:

http://wiki.mikrotik.com/wiki/Hurricane_Electric_IPv6_Tunnel_-_IPv4_Endpoint_updater

I made some changes based on original author script:

Check if WAN interface IP and “6to4 Tunnel” Local Address are the same, if they are equal script don’t update the tunnel info.
Script only change the “6to4 Tunnel” Local Address if a valid string is returned from server.
Now you can configure a scheduler with this script and don’t flood the update server.

Script name (ie: update_ipv6_tunnel)

# Update Hurricane Electric IPv6 Tunnel Client IPv4 address

:local HEtunnelinterface "<this router's tunnel interface name>"
:local HEtunnelid "<tunnel id>"
:local HEuserid "<user id>"
:local HEmd5pass "<md5 hash of password>"
:local HEupdatehost "ipv4.tunnelbroker.net"
:local HEupdatepath "/ipv4_end.php"
:local WANinterface "WAN"
:local outputfile ("HE-" . $HEtunnelid . ".txt")


# Internal processing below...
# ----------------------------------
:local HEipv4addr

# Get WAN interface IP address
:set HEipv4addr [/ip address get [/ip address find interface=$WANinterface] address]
:set HEipv4addr [:pick [:tostr $HEipv4addr] 0 [:find [:tostr $HEipv4addr] "/"]]

:if ([:len $HEipv4addr] = 0) do={
   :log error ("Could not get IP for interface " . $WANinterface)
   :error ("Could not get IP for interface " . $WANinterface)
}

:local HEtunnelipv4addr

# Get current TUNNEL interface IP address
:set HEtunnelipv4addr [/interface 6to4 get $HEtunnelinterface local-address]

:if ([:len $HEtunnelipv4addr] = 0) do={
   :log error ("Could not get IP for interface " . $HEtunnelinterface)
   :error ("Could not get IP for interface " . $HEtunnelinterface)
}

:if ($HEipv4addr != $HEtunnelipv4addr) do={
:local htmlcontent
:log info ("Updating IPv6 Tunnel " . $HEtunnelid . " Client IPv4 address to new IP " . $HEipv4addr . "...")
/tool fetch mode=http \
                  host=($HEupdatehost) \
                  url=("http://" . $HEupdatehost . $HEupdatepath . \
                          "?ipv4b=" . $HEipv4addr . \
                          "&pass=" . $HEmd5pass . \
                          "&user_id=" . $HEuserid . \
                          "&tunnel_id=" . $HEtunnelid) \
                  dst-path=($outputfile)

:set htmlcontent [/file get $outputfile contents]
/file remove $outputfile

:if ($htmlcontent = "+OK: Tunnel endpoint updated to: $HEipv4addr" || \
$htmlcontent = "-ERROR: This tunnel is already associated with this IP address.  Please try and limit your updates to IP changes.") do={
  :log info "OK Tunnel endpoint updated  to $HEipv4addr. Updating 6to4 interface"

/interface 6to4 {
   :if ([get ($HEtunnelinterface) local-address] != $HEipv4addr) do={
      :log info ("Updating " . $HEtunnelinterface . " local-address with new IP " . $HEipv4addr . "...")
      set ($HEtunnelinterface) local-address=$HEipv4addr
   }
}

} else={
  :log info "Update FAIL"
  :log info $htmlcontent
}

} else={
  :log info ("This tunnel is already associated with current public IP address (" . $WANinterface . "). Address update is not necesary")
}

Scheduler entry:

/system scheduler
add disabled=no interval=30s name=Check_Tunnel_IP on-event=\
    update_ipv6_tunnel start-time=startup

I hope this will be helpful to someone : )

janisk · November 7, 2011, 7:31am

that page is editable by registered users, so you can update it. If you do not have user on wiki, you can write to support and we will help you with that.

and thanks for the update.

Rivera · November 7, 2011, 9:47am

Just a quick note: you can also use /tool netwatch for it. My setup:

/tool netwatch add disabled=no down-script="/system script run he-update" host=2001:47:47:47::1 interval=20s timeout=1s up-script=""

Where 2001:47:47:47::1 - IPv6 of your tunnelbroker server.
So when the IPv6 is available, there will be no useless requests to tunnelbroker.net

CristianDeluxe · November 7, 2011, 1:35pm

Thanks janisk, I’ve sent the email requesting the wiki user : )

Rivera your method looks really smart, I’m implementing my script with netwatch and it works better than scheduler, really thanks i will post your method in the wiki as soon as I have access to it

Rivera · November 11, 2011, 12:28pm

No problem. And thanks for my first karma +

Personally i think that whole article should be rewriten. For example:

In newer ROS versions you should use IPv6 of gateway, not ::216.7.3.6/etc - it stated in the end of article as “you probably can try…”
It also does not cover ND (neigbor discovery) - IPv6 doesn’t work for me without it.
It does not say that you should assign subnet to bridge (if any) which pretty obvious but can be problematic for new users.
Another point is that router should be pingable - HE does check if endpoint is available with ping.
There is many info about outdated software (ros 3.x) - does it really needed?

My english is not good, so i can’t do that.

Also, is there any way to use new ipv6 pools feature with HE tunnel service to manually assign IPv6 to machine?

volkirik · July 23, 2016, 11:07am

I use the new feature of RouterOS that detects local-address automatically. Here is modified script for auto-detect local-address setup

# Update Hurricane Electric IPv6 Tunnel Client IPv4 address

:local HEtunnelid "YOUR_tunnelid"
:local HEuserid "YOUR_username"
:local HEmd5pass "YOUR_accesskey"
:local HEupdatehost "ipv4.tunnelbroker.net"
:local HEupdatepath "/nic/update"

# Internal processing below...
# ----------------------------------
:log info ("Updating IPv6 Tunnel " . $HEtunnelid . " Client IPv4 address to new IP...")
/tool fetch mode=http \
                  host=($HEupdatehost) \
                  url=("http://" . $HEupdatehost . $HEupdatepath . \
                          "?password=" . $HEmd5pass . \
                          "&username=" . $HEuserid . \
                          "&hostname=" . $HEtunnelid) \
                  keep-result=no

save the script as “he-update” in scripts.
And you use netwatch to add & remove scheduler;

/tool netwatch add disabled=no down-script="/system scheduler \
    add disabled=no interval=10s name=Check_Tunnel_IP on-event=\
    he-update start-time=startup" host=2001:470:20::2 \
    interval=20s timeout=1s up-script="/system scheduler \
    remove Check_Tunnel_IP"

without scheduler, netwatch runs script once, and if it fails due to some reason, ipv4 will never be updated. My method solves that.
You may also want to firewall your router from WAN (internet);

/ipv6 firewall filter
add action=drop chain=input in-interface=sit1 log-prefix="" protocol=!icmpv6
add action=drop chain=input in-interface=all-ppp log-prefix="" protocol=!icmpv6

volkirik · July 25, 2016, 1:04pm

This script also does the job, without auto-detect local-address feature: http://forum.mikrotik.com/viewtopic.php?f=9&t=66204&p=548943#p336881

keepalive feature should be disabled for IPv6 tunnel, it takes the interface down…