IPv6 Tunnel

I use Hurricane Electric IPv6 Tunnel Broker for my IPv6 setup. They have a nice setup for a variety of devices and OS. My tunnel runs from my Fortigate to their servers/gateway. I have had no problem with the setup.

The Fortigate setup as provided by them was simple and easy as below:
config system sit-tunnel
edit "HE"
set destination 216.66.80.26
set ip6 2001:470:1f08:393::2/64
set source 41.56.122.176
next
end
config router static6
edit 1
set device "HE"
next
end

I use a script I found on the net that updates my dynamic IP address to their IPv6 Gateway. The script retrieves from the Fortigate Interface the IP and then update the tunnel end point.

I’ve modified script from the original to accommodate my setup via wireless.

#!/bin/bash
#
#file: fg_ext_ip.sh
#

source /root/.bash_profile
PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/admin:

# use: interface script to get the current external IP from the FG firewall
#
# Author: Johan Bisschoff
# Based on a script of Anton Belodedenko (anton.belodedenko@gmail.com)
#
# Version 2
#
# Ensure you have your public key added to the $FG_USERNAME account on the FG firewall:
#
# config system admin
# edit fg_admin_user
# set ssh-public-key1 ” ”
# end
#

## define variables
FG_USERNAME=”read_user”
FG_IPV6=2001:470:1f09:393::10
FG_PRIMARY_INT=ppp1
#FG_BACKUP_INT=modem

HE_USERNAME=
HE_PASSWORD=
HE_IPV6_TUN=.tunnel.tserv5.lon1.ipv6.he.net

SSH_KEY=/tmp/fg_id_rsa
SSH_PORT=22
WHICH_CMD=`which which`
SUDO_CMD=`which sudo`
SSH_CMD=`which ssh`
AWK_CMD=`which awk`
GREP_CMD=`which grep`
CUT_CMD=`which cut`

DAT=$(date +”%Y-%m-%d %H:%M:%S”)
LOG_FILE=”/var/log/he_ipv6.log”

#################
# tmp parameters
#################

PROGNAME=$(basename $0)
## who am i? ##
_script=”$(readlink -f ${BASH_SOURCE[0]})”
## Delete last component from $_script ##
_base=”$(dirname $_script)”
_script=”basename $0″

pidfile=”/tmp/fg_ip.pid”
if [ -f ${pidfile} ]; then
SYSBCKPID=`head -n1 “${pidfile}”`
TST_RUN=`ps -p ${SYSBCKPID} | grep ${SYSBCKPID}`
if [ -z “${TST_RUN}” ]; then
rm ${pidfile}
else
“`basename $0` is already running [${pidfile}]”
exit 10
fi
fi
echo $$ > ${pidfile}

## trap and delete temp files ##
trap “rm ${pidfile}; exit 20” SIGHUP SIGINT SIGTERM

#################

#
## check for prerequisites
#
if [ ! -x $WHICH_CMD ];then
echo “${DAT} ==> Which isn’t installed. Aborting..” >> ${LOG_FILE}
rm ${pidfile}
exit 255
fi

if [ ! -x $SUDO_CMD ]; then
echo “${DAT} ==> Sudo isn’t installed. Aborting..” >> ${LOG_FILE}
rm ${pidfile}
exit 255
fi

if [ ! -x $SSH_CMD ]; then
echo “${DAT} ==> SSH isn’t installed. Aborting..” >> ${LOG_FILE}
rm ${pidfile}
exit 255
fi

if [ ! -x $AWK_CMD ]; then
echo “${DAT} ==> Awk isn’t installed. Aborting..” >> ${LOG_FILE}
rm ${pidfile}
exit 255
fi

if [ ! -x $GREP_CMD ]; then
echo “${DAT} ==> Grep isn’t installed. Aborting..” >> ${LOG_FILE}
rm ${pidfile}
exit 255
fi

if [ ! -x $CUT_CMD ]; then
echo “${DAT} ==> Cut isn’t installed. Aborting..” >> ${LOG_FILE}
rm ${pidfile}
exit 255
fi

if [ ! -x $CUT_CMD ]; then
echo “${DAT} ==> Cut isn’t installed. Aborting..” >> ${LOG_FILE}
rm ${pidfile}
exit 255
fi

#
# test for public key authentication
#
echo -e “${DAT} –> Key Test” >> ${LOG_FILE}

SSH_TEST_CMD=$($SUDO_CMD $SSH_CMD -p${SSH_PORT} -6 -o BatchMode=yes $FG_USERNAME@$FG_IPV6 exit)

#SSH_TEST_CMD=$(cat ${SSH_KEY} | $SUDO_CMD $SSH_CMD -i/dev/stdin -p${SSH_PORT} -6 -o BatchMode=yes $FG_USERNAME@$FG_IPV6 exit) >> ${LOG_FILE}

if [ $? -ne 0 ]; then
echo “${DAT} ==> Unable to logon to $FG_USERNAME@$FG_IPV6 using public key authentication. Aborting..” >> ${LOG_FILE}
rm ${pidfile}
exit 255
fi

#
# obtain the external IP from the backup interface of the FG firewall
#
if [ ! -z “${FG_BACKUP_INT}” ]; then
BACKUP_PUBLIC_IP=`$SUDO_CMD $SSH_CMD -p${SSH_PORT} -6 -o BatchMode=yes $FG_USERNAME@$FG_IPV6 fnsysctl ifconfig $FG_BACKUP_INT | $GREP_CMD ‘inet addr:’ | $CUT_CMD -d: -f2 | $AWK_CMD ‘{ print $1}’`

if [ “$BACKUP_PUBLIC_IP” ]; then
CURRENT_PUBLIC_IP=$BACKUP_PUBLIC_IP
fi

fi

#
# obtain the external IP from the primary interface of the FG firewall
#
PRIMARY_PUBLIC_IP=`$SUDO_CMD $SSH_CMD -p${SSH_PORT} -6 -o BatchMode=yes $FG_USERNAME@$FG_IPV6 fnsysctl ifconfig $FG_PRIMARY_INT | $GREP_CMD ‘inet addr:’ | $CUT_CMD -d: -f2 | $AWK_CMD ‘{ print $1}’`

#echo -e “${DAT} –> Live Access” >> ${LOG_FILE}

if [ “$PRIMARY_PUBLIC_IP” ]; then
CURRENT_PUBLIC_IP=$PRIMARY_PUBLIC_IP
fi

if [ “$CURRENT_PUBLIC_IP” ]; then

curl “https://${HE_USERNAME}:${HE_PASSWORD}@ipv4.tunnelbroker.net/nic/update?hostname=${HE_IPV6_TUN}&myip=${CURRENT_PUBLIC_IP}”
curl “https://ipv4.tunnelbroker.net/nic/update?username=${HE_USERNAME}&password=${HE_PASSWORD}&hostname=${HE_IPV6_TUN}&myip=${CURRENT_PUBLIC_IP}”

echo -e “${DAT} ==> ${CURRENT_PUBLIC_IP}\n” >> ${LOG_FILE}

rm ${pidfile}
exit 0

else

rm ${pidfile}
exit 1

fi

(748)

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.