console character en.ascii
ip route default gateway tunnel 1
ipv6 route default gateway dhcp lan2
ipv6 prefix 1 dhcp-prefix@lan2::/64
ip lan1 address 172.25.200.1/24
ipv6 lan1 address dhcp-prefix@lan2::1/64
ipv6 lan1 prefix change log on
ipv6 lan1 rtadv send 1 o_flag=on
ipv6 lan1 dhcp service server
lan linkup send-wait-time lan2 5
ipv6 lan2 secure filter in 200030 200031 200038 200039
ipv6 lan2 secure filter out 200099 dynamic 200080 200081 200082 200083 200084 200098 200099
ipv6 lan2 dhcp service client
ngn type lan2 ntt
tunnel select 1
 tunnel encapsulation ipip
 tunnel endpoint address XPAASS-IPV6-TUNNEL-ADDRESS
 ip tunnel secure filter in 200030 200039
 ip tunnel secure filter out 200097 200098 200099 dynamic 200080 200082 200083 200084 200098 200099
 ip tunnel nat descriptor 1
 ip tunnel tcp mss limit auto
 tunnel enable 1
ip filter 200030 pass * 172.25.200.0/24 icmp * *
ip filter 200039 reject * *
ip filter 200097 pass * * icmp * *
ip filter 200098 pass * * tcp * *
ip filter 200099 pass * * udp * *
ip filter dynamic 200080 * * ftp
ip filter dynamic 200082 * * www
ip filter dynamic 200083 * * smtp
ip filter dynamic 200084 * * pop3
ip filter dynamic 200098 * * tcp
ip filter dynamic 200099 * * udp
nat descriptor type 1 masquerade
nat descriptor address outer 1 FIXED-IPV4-ADDRESS
ipv6 filter 200030 pass * * icmp6 * *
ipv6 filter 200031 pass * * 4
ipv6 filter 200038 pass * * udp * 546
ipv6 filter 200039 reject * *
ipv6 filter 200099 pass * * * * *
ipv6 filter dynamic 200080 * * ftp
ipv6 filter dynamic 200081 * * domain
ipv6 filter dynamic 200082 * * www
ipv6 filter dynamic 200083 * * smtp
ipv6 filter dynamic 200084 * * pop3
ipv6 filter dynamic 200098 * * tcp
ipv6 filter dynamic 200099 * * udp
telnetd service off
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 172.25.200.101-172.25.200.150/24
dns host lan1
dns service fallback on
dns server dhcp lan2
dns server select 500000 dhcp lan2 any .
dns private name setup.netvolante.jp
schedule at 1 startup * lua emfs:/xpass_pd.lua
sshd service on
sshd host lan1
sshd host key generate *
sshd encrypt algorithm aes128-ctr aes192-ctr aes256-ctr aes128-cbc aes192-cbc aes256-cbc 3des-cbc
sftpd host lan1
statistics traffic on
embedded file xpass_pd.lua <<EOF
---------------------------------------------------------------
-- Lua script for  Arteria Xpass Fixed IPv4 Service  
---------------------------------------------------------------
-- DDNS Update URL
DDNS_SV = "https://zzzzzzzzz.yyyy.vbbnet.jp/cgi-bin/ddns_api.cgi"
FQDN = "xxxxxxxx.v4v6.xpass.jp"
DDNS_ID = "xxxxxxxx.v4v6.xpass.jp"
DDNS_PASS = "DDNS-PASSWORD"
BASIC_ID = "BASIC-AUTH-ID"
BASIC_PASS = "BASIC-AUTH-PASSWORD"

-- The name of the interface to set the IPv6 address for.
IPv6_IF = "LAN1"

-- SYSLOG message pattern when an IPv6 prefix is updated.
LOG_PTN = "Add%s+IPv6%s+prefix.+%(Lifetime%:%s+%d+%)%s+via%s+" .. IPv6_IF .. "%s+by"

-- The RTX command for checking the new IPv6 address.
SHOW_IP6_CMD = "show ipv6 address " .. string.lower(IPv6_IF)

-- Maximum retry count 
GET_IP6_MAX = 5
RETRY_INTVL = 5
RETRY_NUM = 3
AUTO_INTVL_MIN = 480
AUTO_INTVL_MAX = 600

-- SYSLOG level and prefix
LOG_LEVEL = "info"
LOG_PFX = "[Xpass]"

-- Error message
FAIL_MSG = "Failed to notify the update server. (Remaining notification attempts: %d times.)"

----------------------------------------
-- The function getting new IPv6 prefix-
----------------------------------------
function get_addr(pfx)
  local rtn, str, i, t, id, addr

  for i = 1, GET_IP6_MAX do
    -- check the new IPv6 prefix address
    rtn, str = rt.command(SHOW_IP6_CMD .. " | grep " .. pfx)

    -- When the status is tentative, wait and check again.
    if rtn then
      if str then
        t = str:match("tentative")
        if t == nil then
          break
        end
      end
    end

    if i >= GET_IP6_MAX then
    -- Exceed the maximum retry count, the process will end.
      return
    end
    rt.sleep(2)
  end

  -- Generate an IPv6 address from an interface ID and prefix.
  id = str:match(pfx .. "(.-)/(%d+)")
  addr = pfx .. id

  return addr
end

----------------------------------------
--  Outputs a SYSLOG message          --
----------------------------------------
function logger(msg)
  rt.syslog(LOG_LEVEL, string.format("%s %s", LOG_PFX, msg))
end

----------------------------------------
-- Main Entry                         --
----------------------------------------
local rtn, str, count, log, result, sleep_time, pfx, addr, return_watch
local req_t = {}
local res_t

math.randomseed(os.time())

-- Monitoring loop
while true do

  addr = nil
  return_watch = 0

  -- Monitoring SYSLOG messages
  rtn, str = rt.syslogwatch(LOG_PTN)

  -- Message pattern matched
  if rtn > 0 then

    rt.sleep(2)

    -- Getting the new IPv6 prefix and address
    pfx = str[1]:match("Add%s+IPv6%s+prefix%s+(.-)::/(%d+)")
    addr = get_addr(pfx)

    if addr ~= nil then

      while true do

        -- Set the retry count
        count = RETRY_NUM

        while true do
          -- DDNS update message
          req_t = {
            url = string.format("%s\?d=%s&p=%s&a=%s&u=%s", DDNS_SV, FQDN, DDNS_PASS, addr, DDNS_ID),
            method = "GET",
            auth_type = "basic",
            auth_name = BASIC_ID,
            auth_pass = BASIC_PASS
          }

          -- Issue HTTP request
          res_t = rt.httprequest(req_t)

          log = string.format("An update request message was sent to the DDNS update server. (IPv6 Addrress : %s)", addr)
          logger(log)

          -- Message sent successfully
          if res_t.rtn1 then

            -- Logging the update results
            if res_t.code == 200 then
              result = "Update succeeded."
            else
              result = "Update failed."
            end

            log = string.format("%s (result code : %d)", result, res_t.code)
            logger(log)

            -- Exit the monitoring loop
            if res_t.code == 200 then
              break
            end
          end

          -- Update request failed.
          count = count - 1
          if count > 0 then
            -- Retry after (RETRY_INTVL) sec.

            logger(string.format(FAIL_MSG, count))
            rt.sleep(RETRY_INTVL)

          else
            -- The maximum number of retries has been reached, 
            -- so the attempt will be stopped and SYSLOG monitoring will resume.

            logger("Failed to update.")
            return_watch = 1
            break
          end

        end

        if return_watch == 1 then
          break
        end

        -- Monitoring a SYSLOG message periodically
        sleep_time = math.random(AUTO_INTVL_MIN, AUTO_INTVL_MAX)
        rtn, str = rt.syslogwatch(LOG_PTN, 1, sleep_time)

        -- Matched the pattern
        if rtn > 0 then
          rt.sleep(2)

          -- Getting the new prefix from the matched pattern string
          pfx = str[1]:match("Add%s+IPv6%s+prefix%s+(.-)::/(%d+)")
          addr = get_addr(pfx)

          if addr == nil then
            logger("A new IPv6 address could not be obtained. The update process was aborted.")
            break
          end
        end

      end

    else
      logger("A new IPv6 address could not be obtained. The update process was aborted.")

    end
  end
end
EOF