IPv6 – Setting up a connection to a Tunnel Broker (Part 4) DDNS

The next part of setting up a connection to a Tunnel Broker we will deal with is keeping the connection up. There is a little bit of housekeeping that we should do before getting started. One thing that I find in a lot of routers that I come across and am guilty of is not getting the clock in timesync as often as I should. In this installment, we will be dealing with automatically reconfiguring your IP6to4 tunnel when the ip address at your end changes because of the DHCP lease replacement process from your ISP.
!
! The first two lines help your logs and debugs a little easier to ready by
! inserting the current date/time at the front of each line
!
service timestamps debug datetime localtime
service timestamps log datetime localtime
!
! This lines will be needed for DDNS to have a chance at working
! Change this to your domain name
!
ip domain-name mydomain.com
!
! You can use any DNS system you want I usually go with OpenDNS
! as I found them to be very fast and responsive
!
ip name-server 208.67.222.222
ip name-server 208.67.220.220
!
! As a matter of best practice, I use this command to make sure
! that the NTP query goes out the right port
!
ntp source FastEthernet1
!
! I put at least two different time servers in my config
! Check http://www.pool.ntp.org/en/ for the ones for your area
! The prefer keyword selects the one you want to be the primary
!
ntp server 0.north-america.pool.ntp.org prefer
ntp server 1.north-america.pool.ntp.org
!
! Make sure you have the right timezone set as well
!
clock timezone CST -6
clock summer-time CDT recurring
!
!
! The first step we need to take is to setup the cert from Hurricane Electric
! You will need this because they do their DDNS update via HTTPS
!
crypto pki trustpoint HE_tunnelbroker
enrollment terminal pem
revocation-check none
!
crypto pki certificate chain HE_tunnelbroker
certificate ca 01
308202E7 30820250 02010130 0D06092A 864886F7 0D010105 05003081 BB312430
22060355 0407131B 56616C69 43657274 2056616C 69646174 696F6E20 4E657477
6F726B31 17301506 0355040A 130E5661 6C694365 72742C20 496E632E 31353033
06035504 0B132C56 616C6943 65727420 436C6173 73203220 506F6C69 63792056
616C6964 6174696F 6E204175 74686F72 69747931 21301F06 03550403 13186874
74703A2F 2F777777 2E76616C 69636572 742E636F 6D2F3120 301E0609 2A864886
F70D0109 01161169 6E666F40 76616C69 63657274 2E636F6D 301E170D 39393036
32363030 31393534 5A170D31 39303632 36303031 3935345A 3081BB31 24302206
03550407 131B5661 6C694365 72742056 616C6964 6174696F 6E204E65 74776F72
6B311730 15060355 040A130E 56616C69 43657274 2C20496E 632E3135 30330603
55040B13 2C56616C 69436572 7420436C 61737320 3220506F 6C696379 2056616C
69646174 696F6E20 41757468 6F726974 79312130 1F060355 04031318 68747470
3A2F2F77 77772E76 616C6963 6572742E 636F6D2F 3120301E 06092A86 4886F70D
01090116 11696E66 6F407661 6C696365 72742E63 6F6D3081 9F300D06 092A8648
86F70D01 01010500 03818D00 30818902 818100CE 3A71CAE5 ABC85992 55D7ABD8
740EF9EE D9F65547 5965470E 0555DCEB 98363C5C 535DD330 CF38ECBD 4189ED25
4209246B 0A5EB37C DD522D4C E6D4D67D 5A59A965 D449132D 244D1C50 6FB5C185
543BFE71 E4D35C42 F980E091 1A0A5B39 3667F33F 557C1B3F B45F6473 34E3B412
BF8764F8 DA12FF37 27C1B343 BBEF7B6E 2E69F702 03010001 300D0609 2A864886
F70D0101 05050003 8181003B 7F506F6F 50949949 6238381F 4BF8A5C8 3EA78281
F62BC7E8 C5CEE83A 1082CB18 008E4DBD A8587FA1 7900B5BB E98DAF41 D90F34EE
218119A0 324928F4 C48E56D5 5233FD50 D57E996C 03E4C94C FCCB6CAB 66B34A21
8CE5B50C 323E10B2 CC6CA1DC 9A984C02 5BF3CEB9 9EA5720E 4AB73F3C E61668F8
BEED744C BC5BD562 1F43DD
quit
!
ip ddns update method HE_Tunnel
HTTP
add https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID
! (Replace USERNAME, PASSWORD and TUNNELID with the values you use with
! Hurricane Electric
! This next line is good one to have. How low you need to set this will
! be a bit of trail and error The longer the update interval, the longer
! the tunnel will be down before Hurricane Electric knows about your WAN
! IP has changed. The starting value I use is 2 hours.
interval maximum 0 2 0 0
!
! Put this on your WAN Port to make it active
!
Int fa1
ip ddns update HE_Tunnel
ip ddns update hostname IPv6_Tunnel
!
Once you have this in place, you can do a debug ip ddns update to watch the ddns update traffic between your router and the Tunnel Broker for any errors.

I ran into one problem putting in the https lines with the embedded ? on line. Had to put the following lines into a text file –

ip ddns update method HE_Tunnel
HTTP
add https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID
interval maximum 0 2 0 0

Since I was using a MacBook Pro, none of my normal tricks worked. I found a Mac app called Plain Text Editor and created the text file. I tftp’d it to the router into the flash memory. I then did copy filename system:running-config to merge the file into the running config.

Here is what you should see see when doing a debug ip ddns update and all goes well –

.Feb 3 20:10:51: HTTPDNSUPD: DATA END, Status is Response data recieved, successfully
.Feb 3 20:10:51: HTTPDNSUPD: Call returned SUCCESS, update of IPv6_Tunnel.mydomain.com <=> 172.28.141.149 succeeded
.Feb 3 20:10:51: DYNDNSUPD: Another update completed (outstanding=0, total=0)
.Feb 3 20:10:51: HTTPDNSUPD: Clearing all session 3 info

Send to Kindle
This entry was posted in Blog Entries and tagged . Bookmark the permalink.