Tunnel Broker - IP update (Authentication) - Doesnt Work.

Discussion in 'Tomato Firmware' started by Daky, Feb 4, 2014.

  1. Daky

    Daky Network Guru Member

    Hello guys,

    I just created ipv6 tunnel @ he.net.

    Dynamic DNS @ Tomato shibby doesnt work any longer for He.net.

    What i found on their website is:

    Authentication updates

    [January 31, 2014] In order to improve account security, some changes have been made to how tunnel endpoint updates are authenticated.

    Tunnels made after this post now are configured with an "Update Key" (under the "Advanced" tab on the tunnel information page), which is used instead of the general account password when performing automated updates via either the ipv4_end.php or the nic/update (Dyn-alike) mechanisms. Do not MD5() this value before use.

    When an "Update Key" exists, the account password will not work for updates on that tunnel. Existing tunnels can set an "Update Key" to take advantage of this new mechanism.

    Please advise,
    darkknight93 likes this.
  2. lancethepants

    lancethepants Network Guru Member

    Hopefully this will be updated quickly in tomato. They should be aware now that you've posted. You could create your own update script in the mean time, and run it in wanup script section.
  3. Daky

    Daky Network Guru Member

    I hope so too mister.

    Thank you for replying :)

    If i knew how to make it (temp solution), i would, but, i have no idea how to this.

    <-- total noob.

    If somebody can help, thanks in advance! :)
  4. Daky

    Daky Network Guru Member

    any1 could help with temp fix? shibby perhaps? thanks :)
  5. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    I don't really see what the problem is (admittedly I'm using AsusWRT) but the update key is a new tunnel specific password used instead of the account password. If you've set up an 'update key' then that is the password you should enter in the 'password/DDNS key' section and not your original Hurrican Electric tunnelbroker password.
  6. Daky

    Daky Network Guru Member

    Doesn't work like that, just tried.

    Wednesday, February 5, 2014 9:45:12 AM:
    Invalid authentication.
    (1/3: Automatically retrying in 16 minutes)
  7. Daky

    Daky Network Guru Member

  8. lancethepants

    lancethepants Network Guru Member

    The password is currently md5sum, and placed in the url. This new update key should not be md5sumed, so that's why it's not working. I think I'll have a solution in a bit.
  9. lancethepants

    lancethepants Network Guru Member

    This is how I got it to work. I used my curl binary for this, available at http://lancethepants.com/files
    Load it in /jffs if you can. /jffs is dependably up before wanup or init scripts.

    /jffs/curl --insecure -4 https://<USERNAME>:<PASSWORD>@ipv4.tunnelbroker.net/nic/update?hostname=<TUNNEL_ID>
    You can run it manually, and it should return 'good yourip'. If you ip is already set and there is no change needed, it will say 'nochg yourip'.
    Run it manually first to check that it works, then place it in the wanup script area.

    edit: Make sure you've enable ICMP!

    edit: I changed the url. The one I initially put didn't work for me. This one did.
    Last edited: Feb 6, 2014
  10. Daky

    Daky Network Guru Member

    Thanks, i will have to wait for final (new release) from shibby or victek, as, this is a bit complicated for my knowledge :)
    darkknight93 likes this.
  11. Daky

    Daky Network Guru Member

    Who would be the best to talk about this? Who is adding\making changes for DDNS in Tomato?

    Thank you
  12. twentyninehairs

    twentyninehairs Reformed Router Member

    Couple of notes I would like to make about getting this solution working.

    First, the URL required to make this work is given to you under the advanced tab in the tunnel settings. I didn't know exactly what to use for credentials at first, but this really cleared things up.

    Also, curl from entware didn't work because it wasn't compiled with something, I forget what it was. This compilation for my routers processor type did work: http://files.lancethepants.com/Binaries/curl/. I put it in an arbitrary location on the flash drive connected to my router, and simply specified the path to that file without issues.
  13. twentyninehairs

    twentyninehairs Reformed Router Member

    Is the WAN UP script run every time the WAN receives a new DHCP address due to a WAN restart, or something?

    If so, this is a very good solution for me because I'm already using both DNS update config options in the UI anyway.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice