1. Get tunnelbroker's certificate
Go to https://ipv4.tunnelbroker.net/. Export the certificate in X.509 Certificate (PEM) format, open it with text editor, copy contents.
2. (Cisco) Configure trustpoint:
cisco(config)#crypto pki trustpoint tunnelbroker
cisco(ca-trustpoint)#enrollment terminal pem
cisco(ca-trustpoint)#revocation-check none
cisco(ca-trustpoint)#enrollment terminal pem
cisco(ca-trustpoint)#revocation-check none
3. Authenticate tunnelbroker's certificate (paste certificate)
cisco(config)#crypto pki authenticate tunnelbroker
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIID8DCCAtigAwIBAgIJAPF6IlDmmdRhMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEQMA4GA1UEBxMHRnJlbW9udDEg
MB4GA1UEChMXSHVycmljYW5lIEVsZWN0cmljLCBMTEMxDTALBgNVBAsTBElQdjYx
GTAXBgNVBAMTEHR1bm5lbGJyb2tlci5uZXQxGjAYBgkqhkiG9w0BCQEWC2lwdjZA
aGUubmV0MB4XDTExMDQyMjE3NDIyMFoXDTIxMDQxOTE3NDIyMFowgZwxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRAwDgYDVQQHEwdGcmVtb250MSAw
HgYDVQQKExdIdXJyaWNhbmUgRWxlY3RyaWMsIExMQzENMAsGA1UECxMESVB2NjEZ
MBcGA1UEAxMQdHVubmVsYnJva2VyLm5ldDEaMBgGCSqGSIb3DQEJARYLaXB2NkBo
ZS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe5nza8zQ/AiT+
ySc4mZYmLMcIrcU3q6ZEwIY5vHg2chzCJGCPQIwtBiexSZ7CWL8/GjdPWs6DoCut
DS6VlGGaRhJd0ppUOB3uZLcqnfY0/d40WpRFm49yAV3fmhQg744BKUz2+V23E3tP
n4UXq507dQ3RmNiZoS/T+DUbt1URXFZDIJmc4vjnYfGQhUzhbWZbC7J5fMFnTFSL
NWNou4drWwcApm4FjPfVr+tdanjGEs8bMGSbXo6BjtStiEy1yJ3QGyZLwuURcMMv
DV06/hc2Nv9MZPUaIPvXmNcSuVvY3MJiD1CiCWVmfiO3h7b5EmIWC+ZpO9L3Mk6/
j/MgWR6jAgMBAAGjMzAxMC8GA1UdEQQoMCaCEHR1bm5lbGJyb2tlci5uZXSCEiou
dHVubmVsYnJva2VyLm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAXMG5ZOeyRCzIEPYP
tZKbr1N0CkiBHf+7bVqUqfifEte6S/edpUdzIzB9Wtt484Dt88cAeg4BH2z+Kx2C
lE9PxtTSMCInZIniuoLhaBP0BiRXEurTYdreFmen/S5cCkffVr+eJGk92lQQAdMr
kyz2kD1NCwCaEp1w9DYltDbfC2v8BSIiEKVvD72VW6E2r7AvW73s3+E3WcWbt6pV
qrKfFH4mKH0BR7nLzm5zduojCvIdH3GjelyLd7lUVR3N8Dz626tOzni/bzHpbH3T
dMlBIl3f7c41wcoFG5zSZf1mvgyOnSlOnNmlxMbnfnrIyIyfYz1L8UWqWZGbxJYH
EXcOrA==
-----END CERTIFICATE-----
Certificate has the following attributes:
Fingerprint MD5: 1128B641 08E7E271 B2FFB7FF 91411952
Fingerprint SHA1: 9EB44F27 6BCE5EF6 5D9D38CC A9252276 4318075C
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported
4. Construct your tunnel source update URL.
https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=MD5PASS&user_id=USERID&tunnel_id=GTUNID
Substitute MD5PASS, USERID and GTUNID with appropriate values:
MD5PASS is the MD5 hash of your password
md5 -dPassword
DC647EB65E6711E155375218212B3964
md5 utility for Windows: http://www.fourmilab.ch/md5/
DC647EB65E6711E155375218212B3964
md5 utility for Windows: http://www.fourmilab.ch/md5/
USERID is your Tunnel Broker's userid (check your Hurricane Electric Free IPv6 Tunnel Broker account's main page)
GTUNID = Tunnel ID, obtain it from your tunnel settings (Login to your Hurricane Electric Free IPv6 Tunnel Broker account)
Sample URL: https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=DC647EB65E6711E155375218212B3964&user_id=123457890abcd1234567890abcd12345&tunnel_id=12345
5. Configure ddns
cisco(config)#ip ddns update method tunnelbroker
cisco(DDNS-update-method)#HTTP
cisco(DDNS-HTTP)#add https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=DC647EB65E6711E155375218212B3964&user_id=123457890abcd1234567890abcd12345&tunnel_id=12345
cisco(DDNS-update-method)#HTTP
cisco(DDNS-HTTP)#add https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=DC647EB65E6711E155375218212B3964&user_id=123457890abcd1234567890abcd12345&tunnel_id=12345
Hint: use Ctrl-V to enter "?" in the URL
cisco(DDNS-HTTP)#exit
cisco(DDNS-update-method)#interval maximum 28 0 0 0
cisco(DDNS-update-method)#exit
cisco(config)#int tunnel 0
cisco(config-if)#ip ddns update tunnelbroker
cisco(config-if)#end
cisco(DDNS-update-method)#interval maximum 28 0 0 0
cisco(DDNS-update-method)#exit
cisco(config)#int tunnel 0
cisco(config-if)#ip ddns update tunnelbroker
cisco(config-if)#end
Resulting config
crypto pki trustpoint tunnelbroker enrollment terminal pem revocation-check none ! crypto pki certificate chain tunnelbroker certificate ca 00F17A2250E699D461 308203F0 308202D8 A0030201 02020900 F17A2250 E699D461 300D0609 2A864886 F70D0101 05050030 819C310B 30090603 55040613 02555331 13301106 03550408 130A4361 6C69666F 726E6961 3110300E 06035504 07130746 72656D6F 6E743120 301E0603 55040A13 17487572 72696361 6E652045 6C656374 7269632C 204C4C43 310D300B 06035504 0B130449 50763631 19301706 03550403 13107475 6E6E656C 62726F6B 65722E6E 6574311A 30180609 2A864886 F70D0109 01160B69 70763640 68652E6E 6574301E 170D3131 30343232 31373432 32305A17 0D323130 34313931 37343232 305A3081 9C310B30 09060355 04061302 55533113 30110603 55040813 0A43616C 69666F72 6E696131 10300E06 03550407 13074672 656D6F6E 74312030 1E060355 040A1317 48757272 6963616E 6520456C 65637472 69632C20 4C4C4331 0D300B06 0355040B 13044950 76363119 30170603 55040313 1074756E 6E656C62 726F6B65 722E6E65 74311A30 1806092A 864886F7 0D010901 160B6970 76364068 652E6E65 74308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100DEE6 7CDAF334 3F0224FE C9273899 96262CC7 08ADC537 ABA644C0 8639BC78 36721CC2 24608F40 8C2D0627 B1499EC2 58BF3F1A 374F5ACE 83A02BAD 0D2E9594 619A4612 5DD29A54 381DEE64 B72A9DF6 34FDDE34 5A94459B 8F72015D DF9A1420 EF8E0129 4CF6F95D B7137B4F 9F8517AB 9D3B750D D198D899 A12FD3F8 351BB755 115C5643 20999CE2 F8E761F1 90854CE1 6D665B0B B2797CC1 674C548B 356368BB 876B5B07 00A66E05 8CF7D5AF EB5D6A78 C612CF1B 30649B5E 8E818ED4 AD884CB5 C89DD01B 264BC2E5 1170C32F 0D5D3AFE 173636FF 4C64F51A 20FBD798 D712B95B D8DCC262 0F50A209 65667E23 B787B6F9 1262160B E6693BD2 F7324EBF 8FF32059 1EA30203 010001A3 33303130 2F060355 1D110428 30268210 74756E6E 656C6272 6F6B6572 2E6E6574 82122A2E 74756E6E 656C6272 6F6B6572 2E6E6574 300D0609 2A864886 F70D0101 05050003 82010100 5CC1B964 E7B2442C C810F60F B5929BAF 53740A48 811DFFBB 6D5A94A9 F89F12D7 BA4BF79D A5477323 307D5ADB 78F380ED F3C7007A 0E011F6C FE2B1D82 944F4FC6 D4D23022 276489E2 BA82E168 13F40624 5712EAD3 61DADE16 67A7FD2E 5C0A47DF 56BF9E24 693DDA54 1001D32B 932CF690 3D4D0B00 9A129D70 F43625B4 36DF0B6B FC052222 10A56F0F BD955BA1 36AFB02F 5BBDECDF E13759C5 9BB7AA55 AAB29F14 7E26287D 0147B9CB CE6E7376 EA230AF2 1D1F71A3 7A5C8B77 B954551D CDF03CFA DBAB4ECE 78BF6F31 E96C7DD3 74C94122 5DDFEDCE 35C1CA05 1B9CD265 FD66BE0C 8E9D294E 9CD9A5C4 C6E77E7A C8C88C9F 633D4BF1 45AA5991 9BC49607 11770EAC quit ! ip ddns update method tunnelbroker HTTP add add https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=DC647EB65E6711E155375218212B3964&user_id=123457890abcd1234567890abcd12345&tunnel_id=12345 interval maximum 1 0 0 0 ! interface Tunnel0 ip ddns update tunnelbroker
No comments:
Post a Comment