Juniper SRX und IPv6 mit tunnelbroker.net und dynamischer IP Adresse

Ich habe meinen Linux Router zu Hause gegen eine Juniper SRX100 getauscht. Und plötzlich war mein IPv6 weg. Der Linux Router hat das ganz brav per SIXXS und AICCU bereit gestellt, die Juniper kann kein AICCU. Gestern abend habe ich mich dann endlich mal rangesetzt und IPv6 und dyndns zu Hause wieder zum Laufen bekommen.
Jetzt erstmal als config-dump, später mehr Details. Die passenden Skripte finden sich hier (Disclaimer: Scripte schamlos aus dem Juniper Forum geklaut und editiert, YMMV, you have been warned).

system {
    services {
        apply-macro dyndns-client1 {
            hostname yourhostname
            password yourpassword;
            type dyndns;
            username yourusername;
        }   
        apply-macro tunnelbroker-1 {
            password yourpassword;
            tunnelid yourtunnelid;
            username youruserid;
        }  
}

security {
    flow {
        tcp-mss {
        all-tcp {
            mss 1280;
        }
        }
    }
}

interfaces {
   ip-0/0/0 {
        unit 0 {
            tunnel {
                source localip;
                destination tunnelbroker-ip;
                path-mtu-discovery;
            }   
            family inet6 {
                address youripv6address;
            }
        }
    }
   pp0 {
       unit 0 {
          family inet {
              filter {
             input fix-v6v4-tunnel;
              } 
      }
       }
   }
   vlan {
       unit 0 {
           family inet6 {
               address YOURIPV6NETWORK::1/64;
       }
       }
   }
}

protocols {
    router-advertisement {
        interface vlan.0 {
            prefix YOURV6PREFIX;;
        }   
    }
}
event-options {
    policy dsl-up {
        events SYSTEM;
        attributes-match {
            SYSTEM.message matches "EVENT Add";
        }   
        then {
            event-script dyn-dns-update.xslt;
            event-script tunnelbroker-net.xslt;
            event-script update-tunnel.slax;
        }   
    }   
    event-script {
        file dyn-dns-update.xslt;
        file tunnelbroker-net.xslt;
        file update-tunnel.slax;
    }   
}
routing-options {
    rib inet6.0 {
        static {
            route ::/0 next-hop 2001:470:1f08:1e6c::1;
        }   
    }  
}
firewall {
    family inet {
        filter fix-v6v4-tunnel {
            term 1 {
                from {
                    destination-address {
                        216.66.80.26/32;
                    }
                    protocol 41;
                }
                then packet-mode;
            }
            term 2 {
                from {
                    source-address {
                        216.66.80.26/32;
                    }
                    protocol 41;
                }
                then packet-mode;
            }
            term 3 {
                then accept;
            }
        }
    }
}
This entry was posted by Falk Stern on Wednesday, November 23. 2011 at 09:41. You can leave a response, or trackback from your own blog.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Markdown format allowed