birds like wires

Search

Tunnelbroker and Dynamic IPs

Change of plan! While the details provided here are accurate and may well be useful if you’re configuring ddclient, I found issues updating my DNS information this way. So I opted for something much simpler, which I’ve written up here.

My shiny new router, which I’m hoping to write a proper article about soon, supports IPv6 tunnelling. IPv6 is going to become increasingly important over the next decade, as we’re running out of IPv4 (the ones that look like 208.67.220.220) addresses to give to all of the devices out there. Internet service providers are going to need to pick up the pace of handing these out, but in the meantime for those that don’t (such as BT) there are tunnelling services.

An IPv6 tunnelling service does basically what it sounds like; shoves your IPv4 traffic through a tunnel so that it pops out of the other end with a valid IPv6 address. You can then access services that only use IPv6… okay, that’s not many right now, but hey – you’re future proof! There are a few different providers out there, but I use Tunnelbroker. If your router supports it, you can configure the entry point to the tunnel from the details Tunnelbroker provide and pow! You’re accessing IPv6 sites.

Well, kind of.

Dynamic IP

The trouble is that internet traffic is two-way. It wouldn’t be much use if it wasn’t. So, say that you send out a request for a site, and that site has an IPv6 address; your router knows it can handle that through the IPv6 tunnel, so it sends the request out that way. The server running the site you’re after receives the request and the data heads backs into the tunnel – but now Tunnelbroker needs to know where your end of the tunnel should point. How else is it going to get the data back to you?

If you’ve got a static IP address, no problems – just pop it into the configuration screen on Tunnelbroker and you’re off. But if, like most folk, you have a dynamic address that changes on the whim of your ISP, you’ve got one more hoop to jump through.

I found the documentation a little patchy at this point, but there’s actually a fairly straightforward solution… In the same way that you would update dynamic DNS information so you can contact devices behind a varying IP, you can do the exact same thing with Tunnelbroker. In fact, they’ve even implemented a DynDNS-style updating URL that you can point an client to!

ddclient

I use the DNS-O-Matic to update multiple services of IP address changes, but there’s no support in there for Hurricane Electric’s Tunnelbroker. So I sacked off their client and decided to do it properly; with ddclient, a dynamic DNS updater written in Perl.

You get far more configurability with ddclient and it’s very mature, and you can add as many services as you like that support any of the multiple protocols baked into it. The most commonly used protocol is dyndns2, which is the one we need for Tunnelbroker. Of course, ddclient wasn’t written with OS X specifically in mind and it doesn’t come with a launchd script. Never mind. We’ll make one.

Installation

This is a piece of cake. First of all, fetch yourself a copy of ddclient. To keep things as vanilla as possible, most of this is identical to the process in the README that’s provided. Decompress it and then:

sudo -s
cd <location_of_ddclient>
cp ddclient /usr/sbin/
chmod +x /usr/sbin/ddclient
mkdir /etc/ddclient
mkdir -p /var/cache/ddclient

That’s everything in place except for the config file and our launch script.

Configuration

For the settings, tweak this and save it as /etc/ddclient/ddclient.conf:

######################################################################
##
## ddclient.conf
##
######################################################################

daemon=0                                                # check every x seconds.  Or don't if it's 0.
syslog=yes                                              # log update msgs to syslog.
mail=root                                               # mail all msgs to root.
mail-failure=root                                       # mail failed update msgs to root.
pid=/var/run/ddclient.pid                               # record PID in file.
ssl=yes                                                 # use ssl-support.  Works with ssl-library.

##
## DNS-O-Matic
##
use=web, web=myip.dnsomatic.com
server=updates.dnsomatic.com,      \
protocol=dyndns2,                  \
login=<login_name>,                    \
password=<password>                  \
all.dnsomatic.com

##
## Tunnelbroker
##
use=web, web=myip.dnsomatic.com
server=ipv4.tunnelbroker.net/nic/update,      \
protocol=dyndns2,                             \
login=<login_name>,                            \
password=<password>                            \
<ID_of_your_tunnel>

Obviously lose the DNS-O-Matic stuff if you’re not using that service, and anything in <> brackets needs to be modified. You can find your tunnel ID number under the Tunnel Details on Tunnelbroker; it’s a six-digit number.

We’re not going to be putting ddclient into daemon mode, because launchd is going to handle running it every 5 minutes: so make sure that daemon=0 stays in the config file.

You then need to:

sudo chmod 600 /etc/ddclient/ddclient.conf

Or you’ll get an error when ddclient starts up. To give things a test, take a look at the output you get from:

ddclient -daemon=0 -noquiet -debug
Execution

Here’s where things vary from the norm if you’re a Linux user. As I just mentioned, on OS X we’re not going to leave ddclient running the whole time, but rather use launchd to trigger it every 5 minutes. This is done with this little .plist file, which you should save as /Library/LaunchDaemons/com.ddclient.update.plist:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.ddclient.update</string>
  <key>ProgramArguments</key>
  <array>
    <string>/usr/sbin/ddclient</string>
    <string>-file</string>
    <string>/etc/ddclient/ddclient.conf</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
  <key>StartInterval</key>
  <integer>300</integer>
</dict>
</plist>

It should be pretty self-explanatory. Then you need to run:

rm /var/cache/ddclient/ddclient.cache
launchctl load /Library/LaunchDaemons/com.ddclient.update.plist

This will clear the cache and put things under launchd’s control. Have a look in Console.app and search for ddclient to see if things are working correctly. Hopefully they are and you’ve not got a snazzy updater for your tunnel!