Quick RouterOS script for hurricane electric 6to4 tunnel dynamic updating

If your ISP doesn’t offer IPv6 you may have set up an IPv6 6to4 tunnel using Hurricane Electric’s free ‘tunnelbroker.net‘ service.

To operate the tunnel, tunnelbroker.net requires that you configure an IPv4 endpoint/client IP in their tunnel configuration. Additionally, the Mikrotik RouterOS ‘6to4’ tunnel interface requires this same IPv4 address is (redundantly) entered as the 6to4 interface’s 'local-address' property value. If you are given a dynamic public IP address by your ISP, this is a bit messy!

Here is a quick script (I suggest running it periodically) which will:

    • Use Mikrotik’s Cloud IP service (which obviously must be enabled) to resolve your WAN IP,
    • Check that IP against the local-address value in your 6to4 interface (which is assumed to be the only interface, named ‘sit1’) and
    • If the IPs do not match, will update tunnelbroker.net with your new WAN IP (using their dyn-compatible GET request method) and
    • Update the ‘local-address’ of your 6to4 interface

You can obtain the necessary values (<USERNAME>, <PASSWORD> (which is hashed) and <TUNNELID>) by logging into the tunnelbroker.net website, opening your tunnel details, then clicking the ‘advanced’ tab.

Note that it might be unnecessary to force the cloud IP service to update – I believe it does this every minute anyway.

Something worth noting too is that the endpoint/client IP for the tunnelbroker.net tunnel (ie. your WAN IP) must respond to ICMP pings from tunnelbroker before it can be set up on the tunnelbroker.net website. If you’re blocking ICMP, configuring the tunnel endpoint on the tunnelbroker.net website will just mysteriously fail.

