Heartbeat for Cisco IOS
This script allows a Cisco IOS router to establish a heartbeat tunnel of SixXS IPv6 tunnel broker. It generates a heartbeat containing your tunnel IP address the current unix time and the hashed tunnel passphrase (not your SixXS website password).
Please note that you need an IOS image with "TCL UDP" and "IPv6 Tunneling" feature which is currently supported in 15.1T ADVANCED IP SERVICES.
- Download the tar archive to your router
Router#copy http://pfeiffer.ws/ipv6/heartbeat6.tar flash:
- Extract archive to flash
Router#archive tar /xtract flash:heartbeat6.tar flash:
- Fill in your tunnel parameters. E.g. use copy again to edit heartbeat6.tcl on your workstation.
- Configure the md5 package on the router. Replace the flash:tcllib1.12/md5/ path with the path to the source files.
Router(config)#scripting tcl init flash:tcllib1.12/md5/pkgIndex.tcl
- Configure 6in4 tunnel interface see SixXS FAQ
- Configure a new EEM applet to start the script every minute.
event manager applet RunHeartbeat6 event timer cron name RunHeartbeat6 cron-entry "* * * * *" action 1.0 cli command "enable" action 2.0 cli command "tclsh flash:heartbeat6.tcl"
- Event manager needs two tty lines to execute the script. Use "exec-timeout".
- Test IPv6 connection.
- Debug heartbeat6
Router#debug event manager action cli Router#show logging | include %HA_EM-6-LOG: RunHeartbeat6
Sourcecode (without md5)
# Written by Jakob Pfeiffer <email@example.com> # Version 0.2 (2010-06-10) # Version 0.3 (2011-12-01) - updated to force lowercaseing of $localv6 and note to use the compressed form of IPv6 addresses by Jeroen Massar <firstname.lastname@example.org> # Note: Use the lowercase compressed form of IPv6 addresses as presented on the SixXS pages # These messages are case sensitive due to the MD5 sum calculated over them. package require md5 set localv6 ""; # Your IPv6 (e.g. 2001:db8:ffff:1a2b::2) set password ""; # Tunnel passphrase (see below) set remotev4 ""; # PoP IPv4 (e.g. 192.0.2.1) set remotev6 ""; # PoP IPv6 (e.g. 2001:db8:ffff:1a2b::1) # Sending heartbeat and IPv6 ping every 60 seconds. set hb "HEARTBEAT TUNNEL [string tolower $localv6] sender [clock second]" set hbhash "$hb [string tolower [md5::md5 -hex "$hb $password"]]" puts $hbhash; # Write to std out (debug only). # Open new udp socket. set sock1 [udp_open] fconfigure $sock1 -remote [list $remotev4 3740] puts $sock1 $hbhash; # Write to udp socket. close $sock1 ping ipv6 $remotev6 repeat 1 source $localv6
NOTE: All md5 code is part of the Tcllib. Read the tcllib.sourceforge.net for licensing information
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEABECAAYFAkwRJmIACgkQxH06E8I49zkz0wCeMgaUKX2l+O/NJdU19Wb5t0gF C+gAmwaETD92YXXSQdk+HwQEBQcx6u5M =VVxW -----END PGP SIGNATURE-----
Find out tunnel passphrase
The tunnel passphrase is send to the aiccu client during negotiation. To receive it in clear text you can look in the debug output of AICCU:
- Edit the AICCU configuration file (/etc/aiccu.conf), set 'verbose true' and 'daemonize false', also fill in your user name, password and tunnel.
- Run '/usr/sbin/aiccu autotest'
- The output will now show your password.
(paths depend on where your distro installs it)
You can also find the tunnel passphrase from Sixxs Tunnel info page.
- Log in
- Go User Home
- Click "Tunnel ID (Txxxxx)" from table
- Click "Live Tunnel Status on the PoP"
- You should see the Heartbeat Password on the Heartbeat Information table
Note: If you change the Tunnel type from AICCU to Heartbeat, tunnel password will change. It probably will change after some other changes...