tunnelbroker ps1 script

1. # PowerShell script to build/rebuild a 6in4 (IPv6-in-IPv4) tunnel with
2. # Hurricane Electric Free IPv6 Tunnel Broker (https://tunnelbroker.net/)
3. # based on https://github.com/snobu/v6ToGo/blob/master/v6ToGo.ps1
4. # (Script using deprecated Tunnel Client Endpoint Update APIs
5. # check https://forums.he.net/index.php?topic=3153.0 for more Details)
6. # based on https://tunnelbroker.net ->Tunnel Details
7. #  -> Example Configurations Tab -> Windows 10 selection
8.  
9. # Set strict mode to latest version (>=2.0)
10. # Ensure that programming best practices are followed (e.g. prohibit uninitialized variables)
11. Set-StrictMode -Version Latest
12.  
13. # Pre-run check: Checks the minimal version of Windows PowerShell
14. #Requires -Version 4.0
15. Write-Output "This Script requires PowerShell Version >= 4.0"
16. Write-Output "You are running PowerShell $($PSVersionTable.PSEdition) Version $($PSVersionTable.PSVersion)"
17.  
18. # Variables Initialization
19. [bool]$PowerShell = $false
20. [bool]$PowerShellCore = $false
21. [bool]$PowerShell_ISE = $false
22. [bool]$Administrator = $false
23.  
24. # Checks the runtime environment of the script
25. if ((($host.name -eq 'ConsoleHost') -XOR ($host.name -like 'Visual Studio*')) -AND ($PSVersionTable.PSEdition -ne "Core")){
26.     $PowerShell = $true
27.     Write-Verbose "Running PowerShell=$($PowerShell)"
28. }
29. elseif ((($host.name -eq 'ConsoleHost') -XOR ($host.name -like 'Visual Studio*')) -AND ($PSVersionTable.PSEdition -eq "Core")){
30.     $PowerShellCore = $true
31.     Write-Verbose "Running PowerShell Core=$($PowerShellCore)"
32.         if ($IsWindows) {
33.             Write-Output  "System is running on PowerShell $($PSVersionTable.PSEdition) on platform $($PSVersionTable.Platform)=Win32NT(Windows). Script started."
34.             }
35.         else{
36.             throw "System is not running PowerShell on $($PSVersionTable.PSEdition) on platform $($PSVersionTable.Platform)!=Win32NT(Windows). Script execution aborted."
37.         }
38. }
39. elseif ($host.name -eq 'Windows Powershell ISE Host') {
40.     $PowerShell_ISE = $true
41.     Write-Verbose "Running PowerShell ISE=$($PowerShell_ISE)"
42. }
43. else {  
44.         Write-Warning  "Unknown PowerShell runtime environment"
45. }
46.  
47. # Check if we are currently running the runtime environment with elevated privileges as administrator.
48. if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)){
49.     $Administrator = $true
50. }
51. else {
52.     $Administrator = $false
53. }
54.  
55. # Check if we are currently running Windows PowerShell with elevated privileges as administrator.
56. # If not it is self-elevating while preserving the working directory.
57. if (($PowerShell -eq $true) -AND ($Administrator -eq $false)){
58.     Write-Warning  "Running Windows PowerShell without admin rights! Restarting PowerShell with admin rights!!!"
59.     Start-Process PowerShell -Verb RunAs "-NoProfile -ExecutionPolicy Bypass -Command `"cd '$pwd'; & '$PSCommandPath';`"";
60.     Exit
61. }
62. # Check if we are currently running PowerShell Core with elevated privileges as administrator.
63. # If not it is self-elevating while preserving the working directory.
64. if (($PowerShellCore -eq $true) -AND ($Administrator -eq $false)){
65.     Write-Warning  "Running PowerShell Core without admin rights! Restarting PowerShell Core with admin rights!!!"
66.     Start-Process pwsh -Verb RunAs "-NoProfile -ExecutionPolicy Bypass -Command `"cd '$pwd'; & '$PSCommandPath';`"";
67.     Exit
68. }
69. # Write-Host "PS Core: If you see this, the Exit didn't work..."
70.  
71. # Check if we are currently running PowerShell ISE with elevated privileges as administrator.
72. # If not it is self-elevating and starting PowerShell_ISE with the current Script.
73. # Though you have to re-run the script manually.
74. if (($PowerShell_ISE -eq $true) -AND ($Administrator -eq $false)) {
75.     Write-Warning "Running script in PowerShell ISE without admin rights! Restarting PowerShell ISE with admin rights!!!"
76.     Write-Warning "Please re-run script manually."
77.     Start-Process PowerShell_ISE -Verb RunAs "-NoProfile -File $PSCommandPath"
78.     Exit
79. }
80. #Write-Host "ISE: If you see this, the Exit didn't work..."
81.  
82. # Windows PowerShell ISE doesn't like netsh/netsh.exe, we'll fix that:
83. if ($PowerShell_ISE -eq $true) {
84.     $psUnsupportedConsoleApplications.Remove("netsh")
85.     $psUnsupportedConsoleApplications.Remove("netsh.exe")
86. }
87.  
88. #++++++++++++++++++++++++++Adjust your configuration here+++++++++++++++++++++++
89. # Please configure $USERNAME, $UPDATEKEY_OR_PASSWORD, $TUNNEL_ID,
90. # $ServerIPv4Address, $ServerIPv6Address & $ClientIPv6Address
91. # according to your tunnelbroker.net IPv6 Tunnel configuration.
92. # Please configure additionally your desired $TUNNELNAME
93. #
94. # Your tunnelbroker.net username
95. $USERNAME = ""
96. #
97. # Tunnel specific authentication key (Update Key. See Tunnel Details
98. # -> Advanced tab on the tunnel information page)
99. # if one is set, otherwise your tunnelbroker.net password.
100. $UPDATEKEY_OR_PASSWORD = ""
101. #
102. # Your Numeric Tunnel ID (unique identifier for your tunnel. See Tunnel Details
103. # -> IPv6 Tunnel tab on the tunnel information page)
104. $TUNNEL_ID = ""
105. #
106. # Update URL
107. # Used to update the listed tunnel's client endpoint to the IP address making the update request.
108. $URL = "https://ipv4.tunnelbroker.net/nic/update?username=$USERNAME&password=$UPDATEKEY_OR_PASSWORD&hostname=$TUNNEL_ID"
109. #
110. # IPv6 Tunnel Endpoints:
111. # See Tunnel Details
112. # -> IPv6 Tunnel tab ->IPv6 Tunnel Endpoints section on the tunnel information page)
113. # Server IPv4 Address
114. # This is the IPv4 endpoint of your Tunnel Server.
115. $ServerIPv4Address = "X.X.X.X"
116. # Server IPv6 Address
117. # This is the IPv6 endpoint of your Tunnel on our Tunnel Server.(/64 allocation)
118. $ServerIPv6Address = "2001:470:XXXX:YYYY::1"
119. # Client IPv6 Endpoint
120. # This is the IPv6 address that identifies your side of the tunnel.
121. # It will be what is homed on your endpoint device.
122. # We utilize a /64 for this because of RFC 3627.
123. $ClientIPv6Address = "2001:470:XXXX:YYYY::2"
124. #
125. # Friendly name to use for interface in Windows
126. $TUNNELNAME = "IPv6Tunnel"
127. #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
128.  
129. Write-Output 'Contacting tunnelbroker.net to check your Client IPv4 Endpoint'
130. $response = Invoke-WebRequest -UseBasicParsing $URL | Select-Object -Expand Content
131. if ($response -match "ERROR") {
132.     throw $response
133. }
134.  
135. # Get connected interface to v4 Internet
136. # This is the IPv4 address that tunnel is pointing to.
137. # It should be your publicly facing and accessible address.
138. # If you are behind a firewall most likely this is the WAN or INTERNET address.
139. $ClientIPv4Address = $(Get-NetIPConfiguration |
140.     Where-Object { $_.NetProfile.IPv4Connectivity -eq 'Internet' }).IPV4Address[0].IPAddress
141.  
142. # Disable 6to4
143. Write-Output "Disable 6to4 tunnel adapter: "
144. netsh interface 6to4 set state disabled
145. # Disable Teredo
146. Write-Output "Disable Teredo tunnel adapter: "
147. netsh interface teredo set state disabled
148. # Disable isatap
149. Write-Output "Disable isatap tunnel adapter: "
150. netsh interface isatap set state disabled
151.  
152. Write-Output ("Removing existing IPv6 tunnel IPv6 Address: " + $TUNNELNAME)
153. netsh interface ipv6 delete address interface=$TUNNELNAME address=$ClientIPv6Address
154. Write-Output ("Removing existing IPv6 tunnel interface: " + $TUNNELNAME)
155. netsh interface ipv6 delete interface $TUNNELNAME
156.  
157. Write-Output ("Creating tunnel interface " + $TUNNELNAME)
158. Write-Output ("Your Client IPv4 Address: " + $ClientIPv4Address +
159.     "`n" + "Remote Server IPv4 Address: " + $ServerIPv4Address)
160. Write-Output ("Your Client IPv6 Address: " + $ClientIPv6Address +
161.     "`n" + "Remote Server IPv6 Address: " + $ServerIPv6Address)    
162. netsh interface ipv6 add v6v4tunnel interface=$TUNNELNAME localaddress=$ClientIPv4Address remoteaddress=$ServerIPv4Address
163. netsh interface ipv6 add address interface=$TUNNELNAME address=$ClientIPv6Address
164.  
165. Write-Output "Disable IPv6 forwarding"
166. netsh interface ipv6 set interface $TUNNELNAME forwarding=disabled
167. Write-Output "Enable IPv6 forwarding"
168. netsh interface ipv6 set interface $TUNNELNAME forwarding=enabled
169.  
170. Write-Output ("Removing existing default route (::/0) for $TUNNELNAME")
171. netsh interface ipv6 delete route prefix=::/0 interface=$TUNNELNAME nexthop=$ServerIPv6Address
172. Write-Output ("Creating default route (::/0) for $TUNNELNAME with a next-hop address of $ServerIPv6Address")
173. netsh interface ipv6 add route prefix=::/0 interface=$TUNNELNAME nexthop=$ServerIPv6Address
174.  
175. # Opened admin PowerShell waits for a key press and doesn't close automatically.
176. # used if the script is running in PowerShell
177. if (($PowerShell -eq $true) -OR ($PowerShellCore -eq $true)) {
178.     Write-Output "Press any key to close this shell..."
179.     $null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
180. }
181. # used if the script is running in PowerShell ISE
182. if ($PowerShell_ISE -eq $true) {
183.     Read-Host "Press ENTER key to close this PowerShell ISE shell..."
184.     # Cleanup-add netsh and netsh.exe again to $psUnsupportedConsoleApplications
185.     $psUnsupportedConsoleApplications.Add("netsh")
186.     $psUnsupportedConsoleApplications.Add("netsh.exe")
187. }
188.