OpenVPN: IPv6 /128 single client

From OnnoWiki
Jump to: navigation, search

sumber: https://www.ostechnix.com/easiest-way-install-configure-openvpn-server-linux/


Topology

CLIENT 1 ------- HOST A ---------------- HOST B
                 ovpn server             ovpn client
                 2345::1/64


Host A akan berfungsi sebagai OpenVPN Server.

OS : Ubuntu 18.04
IP : 192.168.0.239/24   (IP public)
hostname : vpnserver


Host B akan berfungsi sebagai OpenVPN client

OS : Ubuntu 18.04


Konfigurasi OpenVPN Client

Pastikan openvpn terinstalsi

sudo su
apt install openssh-server openvpn

Edit /etc/hosts isi dengan nama OpenVPN server

192.168.0.239 vpnserver


Jalankan OpenVPN client

cd ~
sudo su
openvpn --config client.ovpn

Akan keluar kira-kira

..
..
Sun Mar 10 18:58:24 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Mar 10 18:58:24 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Mar 10 18:58:24 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Mar 10 18:58:24 2019 ROUTE_GATEWAY 192.168.0.222/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:3f:39:70
Sun Mar 10 18:58:24 2019 GDG6: remote_host_ipv6=n/a
Sun Mar 10 18:58:24 2019 ROUTE6: default_gateway=UNDEF
Sun Mar 10 18:58:24 2019 TUN/TAP device tun0 opened
Sun Mar 10 18:58:24 2019 TUN/TAP TX queue length set to 100
Sun Mar 10 18:58:24 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sun Mar 10 18:58:24 2019 /sbin/ip link set dev tun0 up mtu 1500
Sun Mar 10 18:58:24 2019 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Sun Mar 10 18:58:24 2019 /sbin/ip -6 addr add 2345::1000/64 dev tun0
Sun Mar 10 18:58:24 2019 /sbin/ip route add 192.168.0.105/32 dev enp0s3
Sun Mar 10 18:58:24 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sun Mar 10 18:58:24 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sun Mar 10 18:58:24 2019 add_route_ipv6(2000::/3 -> 2345::1 metric -1) dev tun0
Sun Mar 10 18:58:24 2019 /sbin/ip -6 route add 2000::/3 dev tun0
Sun Mar 10 18:58:24 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Mar 10 18:58:24 2019 Initialization Sequence Completed

Perhatikan di bagian agak bawah terlihat ada beberapa setup IPv6. Selanjutnya cek Interface, akan muncul tun0 yang ada IPv6-nya

ifconfig
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
        inet6 fe80::8872:a14c:5076:40b5  prefixlen 64  scopeid 0x20<link>
        inet6 2345::1000  prefixlen 64  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 4837  bytes 5672472 (5.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3898  bytes 324037 (324.0 KB)
        TX errors 0  dropped 106 overruns 0  carrier 0  collisions 0

Perhatikan IPv4 address keluarga 10.8.0.0/16 dan ada IPv6 address sesuai dengan settingan yang ada di OpenVPN Server. Selanjutnya cek sambungan menggunakan IPv6,

ping -I tun0 2345::1

Sample output:

PING 2345::1(2345::1) from 2345::1000 tun0: 56 data bytes
64 bytes from 2345::1: icmp_seq=1 ttl=64 time=0.610 ms
64 bytes from 2345::1: icmp_seq=2 ttl=64 time=0.692 ms
64 bytes from 2345::1: icmp_seq=3 ttl=64 time=0.582 ms
64 bytes from 2345::1: icmp_seq=4 ttl=64 time=0.603 ms
64 bytes from 2345::1: icmp_seq=5 ttl=64 time=0.625 ms
64 bytes from 2345::1: icmp_seq=6 ttl=64 time=0.625 ms
^C
--- 2345::1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5110ms
rtt min/avg/max/mdev = 0.582/0.622/0.692/0.046 ms

Cek routing

ip -6 route show

Pastikan ada routing ke IPv6 address

2345::/64 dev enp0s3 proto kernel metric 100 pref medium
2345::/64 dev tun0 proto kernel metric 256 pref medium
2000::/3 dev tun0 metric 1024 pref medium
fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium

Referensi

Pranala Menarik