Dynamic he.net IPV6 Tunnel Updates With Fritzbox
TL;DR:
Associate your tunnel with a dynamically updated hostname from a subomain at dns.he.net, use that host for fritzbox’es user-defined dynamic dns feature and hardcode your tunnelid into the “Dynamic DNS provider” url.
The Problem:
Hurricane Electric (he.net) provides excellent free IPv6 tunnels at tunnelbroker.net together with free dns hosting. If you don’t have an account yet, head over there now and open one up. Do it now, you won’t regret it. I’ll wait.
Users of the popular FRITZ!Box home router enjoy some ipv6 support out of the box, i.e. SixXs.net-tunnels can be configured via the gui:
SixXs.net supports a protocol to remotely manage your tunnel endpoint. However, he.net tunnels use the plain 6in4 mechanism, which is designed for static endpoints.
This implies your remote tunnel endpoint is configured to point to one specific ip address at your end, presumably the one you had when you created the tunnel.
This means that whenever your ISP gives you a new ip, your tunnel stops working.
To remedy this, he.net provides a dyndns compatible update mechanism to update your tunnel endpoint remotely. Fritzbox also supports adding user-defined dyndns providers. So the naïve approach is to add he.net’s url into the gui and use the tunnel id as a hostname, like the documentation suggests.
Unfortunately (but very sensibly) fritzbox checks the dns record of the host to be updated before it actually calls the service. This makes perfect sense: Updates are only performed when neccessary. But in our case, the value of the hostname field is not an existing host, it’s the tunnel id. The alternative hostnames (tunnel#.tunnelbroker.net, user-#.tunnel.tserv#.loc#.ipv6.he.net) also do not resolve. This results in the following log message on your fritzbox:
Dynamic DNS error: Dynamic DNS update is disabled until the dynamic DNS registration data are changed.
Dynamic DNS error: The specified domain name cannot be resolved.
The Solution
he.net offers another cool feature: If you host a domain or subdomain on their free dns service at dns.he.net, you can enable dynamic updates for a hostname and have your tunnel endpoint updates set the dns record for that hostname, too! Let’s walk through this:
You can either:
move the dns of the whole domain to dns.he.net by updating the NS-records at your current provider/registrar, or:
use a subdomain and delegate it to dns.he.net. Just create NS records for something like
home.example.compointing to ns2.he.net, ns3.he.net, ns4.he.net and ns5.he.net.
Either way, you should now have a (sub-)domain that you can control via dns.he.net. Create a host in that zone with any ip address and select enable entry for dynamic dns.
Next, in the listing of your domain’s records, click the refresh symbol in this host’s DDNS column:
Generate a key to use for updates to this host:
Save that key, you’ll need it in a minute.
Now head over to tunnelbroker.net, open up your tunnel’s details and select the Advanced tab. Enter the dynamic hostname you configured in the last step and the key you generated.
Now, whenever the tunnel endpoint is updated, the hostname gw.home.example.com will be updated to your router’s ipv4 address as well.
This allows us to use a valid and up-to-date host in the dynamic dns updater of the fritzbox.
Head over to your fritzbox GUI.
Open Internet/Account Information/IPv6, check IPv6 support enabled and Always use a tunnel protocol for the IPv6 connection. Select tunnel protocol 6in4 in Connection Settings, fill in the values from your tunnel details page at tunnelbroker.net and hit Apply.
Now for the hack:
Open Internet/Permit Access/Dynamic DNS, check Use dynamic DNS and select User-defined for Dynamic DNS provider.
Enter the following URL for Update URL, replacing 123456 with the id of your he.net tunnel:
http://ipv4.tunnelbroker.net/nic/update?hostname=123456&myip=<ipaddr>&username=<username>&password=<pass>
Do not replace the placeholders in angle brackets, your fritzbox will do that.
Enter the dynamic host you configured earlier in the Domain name field. This will be used by the fritzbox to check whether the update needs to be performed.
Enter your he.net username and password in the respective fields.
Hit Apply and enjoy an auto updating IPv6 tunnel to hurricane electric.
How does this work?
The dynamic hostname (which is kept in sync by hurricane electric) is used for checking for changes, but the actual update is performed on the tunnel id hardcoded in the Update URL.
Bonus
As a useful side effect, from now on you can always reach your router and any port-forwared services under you own hostname (gw.home.example.com) in your very own domain! How cool is that?
Actually, now that you have IPv6, you don’t really need those pesky port forwards any more: just assign any v6 address you like and use plain internet routing the way it was supposed to work in the first place.
