Opened 4 years ago

Last modified 4 years ago

#16905 new defect

tunnelbroker endpoint update

Reported by: huzheyi Owned by: developers
Priority: response-needed Milestone: Chaos Calmer 15.05
Component: packages Version: Trunk
Keywords: 6in4, tunnelbroker Cc:


It seems that tunnelbroker endpoint updater is no longer available.
the /lib/netifd/proto/ defines the update url as$username&password=$password&hostname=$tunnelid

I manually use wget with this url, and it comes out:
Username/Password Authentication Failed.

no matter I use my username or my userID(the one like tb51000000.380000..)
no matter I set an update key or not

And I found the forum of HE which says the update url begins with https.
So I installed a wget with ssl, and use it with para --no-check-certificate.

the conclusion is only the url below is AVAILABLE.(username is username not userID)


Next I try to modify like below:

 local url="https://$username:$$tunnelid"
                local try=0                                                                                                 
                local max=3                                                                                                 
                while [ $((++try)) -le $max ]; do                                                                           
                        ( exec wget --no-check-certificate -qO/dev/null "$url" 2>/dev/null ) &                                                     
                        local pid=$!                                                                                        
                        ( sleep 5; kill $pid 2>/dev/null ) &                                                                
                        wait $pid && break                                                                                  

but it makes no sense even I reboot my device or renew a 6in4 WAN configuration.

Attachments (0)

Change History (4)

comment:1 Changed 4 years ago by jow

The original update url as defined in works, I just tested it again on my PC.
There are a number of pitfalls though, especially if you migrate from an older configuration:

a) both http:// and https:// work, so this is not the reason
b) instead of the md5 userid you now need to pass the plain username
c) for newly allocated tunnels you must not use your account password but the "Update Key" which you can find in the "Advanced" tab of your tunnel detail page

The current problem of the script is that it produces an md5sum of your "option password" while /nic/update expects the account password or update key in plain text.

You can evade that problem by specifying "option updatekey <your-update-key-or-account-password>".
I will remove the redundant md5 hashing from now.

comment:2 Changed 4 years ago by jow

MD5 hashing removed in r41358.

Please retest after ensuring that "option username" is set to your plain username and that "option password" is set to your updatekey if it is specified in the advanced tunnel properties. If your tunnel does not have an updatekey set then specify your account password instead.

comment:3 Changed 4 years ago by jow

  • Priority changed from normal to response-needed

comment:4 Changed 4 years ago by huzheyi

that's really strange
when I manually type


with plain username and updatekey, it comes out Username/Password Authentication Failed.

BUT it works after I modify my /etc/config/network as jow said, set "option username" to plain username and change "option password" to "option updatekey", with the original

Thanks a lot.

BTW, it seems LUCI should update something.

Add Comment

Modify Ticket

as new .

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.