■設定例config
login password encrypted         # manual
administrator password encrypted # manual

security class 1 on on on
console columns 4096
console prompt [Setting Example]
ip route default gateway tunnel 1
ipv6 prefix 1 ra-prefix@lan2::/▼AFTR側Prefix▼
ipv6 source address selection rule lifetime
ip lan1 address 192.168.100.1/24
ip lan1 proxyarp on
ipv6 lan1 address ra-prefix@lan2▼インターフェースID▼/▼AFTR側Prefix▼
ipv6 lan1 prefix change log on
ipv6 lan1 rtadv send 1 o_flag=on
switch control use lan1 on
ipv6 lan2 secure filter in 200030 200031 200038 200099
ipv6 lan2 secure filter out 200090 dynamic 200080 200081 200082 200083 200084 200098 200099
ipv6 lan2 dhcp service client ir=on
ngn type lan2 ntt
tunnel select 1
 tunnel encapsulation ipip
 tunnel endpoint address ▼AFTR 側 IPv6アドレス▼
 ip tunnel address ▼IPv4固定IPアドレス▼
 ip tunnel mtu 1454
 ip tunnel secure filter in 21 2101 2102 2103 9001 9999 dynamic 11 101 102
 ip tunnel secure filter out 22 9000 dynamic 11 101 102
 ip tunnel nat descriptor 1
 ip tunnel tcp mss limit auto
 tunnel enable 1
ip filter 21 reject-nolog 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.1 * * * *
ip filter 22 reject-nolog * 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.1 * * *
ip filter 2101 pass-log * * udp * 500,4500
ip filter 2102 pass-log * * esp
ip filter 2103 pass ▼管理拠点グローバルIP▼ * tcp * 22,telnet
ip filter 9000 pass * * * * *
ip filter 9001 pass * * icmp * *
ip filter 9999 reject-nolog * * * * *
ip filter dynamic 11 * * ftp syslog=off timeout=3600
ip filter dynamic 12 * * domain syslog=off
ip filter dynamic 13 * * www syslog=off
ip filter dynamic 14 * * smtp syslog=off
ip filter dynamic 15 * * pop3 syslog=off
ip filter dynamic 16 * * submission syslog=off
ip filter dynamic 101 * * udp syslog=off
ip filter dynamic 102 * * tcp syslog=off
nat descriptor backward-compatibility 1
nat descriptor type 1 masquerade
nat descriptor address outer 1 ▼IPv4固定IPアドレス▼
nat descriptor address inner 1 auto
nat descriptor masquerade static 1 1 192.168.100.1 esp
nat descriptor masquerade static 1 2 192.168.100.1 udp 500,4500
nat descriptor masquerade static 1 3 192.168.100.1 tcp 22,telnet
ipsec use on
ipsec auto refresh on
ipv6 filter 200030 pass * * icmp6 * *
ipv6 filter 200031 pass ▼AFTR 側 IPv6アドレス▼ * * * *
ipv6 filter 200038 pass * * udp * 546
ipv6 filter 200090 pass * * * * *
ipv6 filter 200099 reject * * * * *
ipv6 filter dynamic 200080 * * ftp syslog=off
ipv6 filter dynamic 200081 * * domain syslog=off
ipv6 filter dynamic 200082 * * www syslog=off
ipv6 filter dynamic 200083 * * smtp syslog=off
ipv6 filter dynamic 200084 * * pop3 syslog=off
ipv6 filter dynamic 200098 * * tcp syslog=off
ipv6 filter dynamic 200099 * * udp syslog=off
syslog notice on
syslog info on
syslog debug off
telnetd service on
telnetd host 192.168.100.240-192.168.100.254 ▼管理拠点グローバルIP▼
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.100.101-192.168.100.199/24 expire 1:00 maxexpire 12:00
dhcp scope option 1 dns=192.168.100.1
dns host lan1
dns service fallback on
dns server dhcp lan2
dns server select 500000 dhcp lan2 any .
dns private address spoof on
schedule at 1 */* *:19 * ntpdate ntp.nict.jp syslog
schedule at 2 startup * lua emfs:/proxy_script.lua
schedule at 20 startup * telnetd service on
schedule at 21 */* 07:59 * telnetd service off
schedule at 22 */* *:00 * telnetd service on
httpd service on
httpd host 192.168.100.240-192.168.100.254
http revision-down permit off
operation http revision-up permit off
operation external-memory download permit off
external-memory boot permit off
usbhost use off
sd use off
statistics cpu on
statistics memory on
statistics traffic on
statistics flow on
statistics route on
statistics nat on
statistics filter on
sntpd service on
sntpd host lan1
lua use on
set V6KEY_=▼Prefix変更通知ID▼
set V6PASS=▼Prefix変更通知パスワード▼
set V6WAN_=LAN1
embedded file proxy_script.lua <<EOF

-- Param --
UPD_SV = "▼アップデートサーバーのURL▼"
KEY  = os.getenv("V6KEY_")
PASS = os.getenv("V6PASS")
WAN_IF = os.getenv("V6WAN_")
-- IPv6プレフィックスが追加されたときのSYSLOGパターン
LOG_PTN = "Add%s+IPv6%s+prefix.+%(Lifetime%:%s+%d+%)%s+via%s+" .. WAN_IF .. "%s+by"
-- LOG_PTN = "complete%sDAD%sfor%s2405:658[0-7]"
RETRY_INTVL = 10
RETRY_NUM = 10
LOG_LEVEL = "info"
LOG_PFX = "[v6 connect]"
FAIL_MSG = "Notification to DDNS failed. (Retry: %d times remaining)"

function logger(msg)
  rt.syslog(LOG_LEVEL, string.format("%s %s", LOG_PFX,msg))
end

function http_request()
  local count, log, result
  local req_t = {}
  local res_t

  req_t.url = string.format("%s?key=%s&pass=%s", UPD_SV, KEY, PASS)
  req_t.method = "GET"
  count = RETRY_NUM

  while true do
    -- HTTPリクエストを実行
    res_t = rt.httprequest(req_t)
    if res_t.rtn1 then
      logger("Execute notification to DDNS.")
      if res_t.code == 200 then
        result = "SUCCESS"
      else
        result = "FAILURE"
      end
      log = string.format("Notification result is %s.(code=%d, body=%s)",
                          result, res_t.code, res_t.body)
      logger(log)

      break
    end

    -- リクエストに失敗
    count = count - 1
    if count > 0 then
      -- (RETRY_INTVL)秒後、リトライ
      logger(string.format(FAIL_MSG, count))
      rt.sleep(RETRY_INTVL)
    else
      -- リトライ上限を超えたので諦め、 SYSLOGの監視を再開する
      logger("Notification to DDNS failed.")
      break
    end
  end
end


http_request()
while true do
  rtn = rt.syslogwatch(LOG_PTN)
  if rtn then
    http_request()
  end
end

EOF

sshd service on
sshd host 192.168.100.240-192.168.100.254 ▼管理拠点グローバルIP▼
sshd host key generate