Difference between revisions of "IPv6: Router Ubuntu"

From OnnoWiki
Jump to navigation Jump to search
Line 69: Line 69:
  
  
===Skenario 2: 6Project dan Alokasi Stateless untuk LAN lokal===
 
 
'''GATEWAY / Router ke Internet'''
 
 
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
 
echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
 
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding
 
echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding
 
 
openvpn --config usernameanda-di-6project.ovpn &
 
 
ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0
 
ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0
 
ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev enp0s8
 
ip route add 2000::/3 via 2a07:1c44:212:c0ca::1 metric 1 dev tun0
 
ip route add 2a07:1c44:212:c0ca:87e8:0000::/81 dev enp0s8
 
 
sudo apt install radvd
 
 
Edit /etc/radvd.conf
 
 
interface enp0s8 {
 
        AdvSendAdvert on;
 
        AdvDefaultPreference high;
 
        prefix 2a07:1c44:212:c0ca:87e8:0000::/81 {
 
        };
 
};
 
 
Restart
 
 
/etc/init.d/radvd restart
 
 
'''CLIENT'''
 
 
echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra
 
echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra
 
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra
 
echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_from_local
 
echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_from_local
 
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_from_local
 
echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_defrtr
 
echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_defrtr
 
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_defrtr
 
  
 
===Skenario 2: 6project dan IPv6 Static LAN lokal===
 
===Skenario 2: 6project dan IPv6 Static LAN lokal===
Line 233: Line 189:
  
 
'''CLIENT'''
 
'''CLIENT'''
 +
 +
 +
===PROBELM Skenario: 6Project dan Alokasi Stateless untuk LAN lokal===
 +
 +
'''CATATAN:'''
 +
* 6project.org hanya mengalokasikan /80
 +
* /80 tidak bisa dipakai untuk Stateless menggunakan radvd
 +
* radvd aman untuk alokasi /64 atau lebh besar.
 +
 +
 +
'''GATEWAY / Router ke Internet'''
 +
 +
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 +
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
 +
echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
 +
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding
 +
echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding
 +
 +
openvpn --config usernameanda-di-6project.ovpn &
 +
 +
ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0
 +
ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0
 +
ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev enp0s8
 +
ip route add 2000::/3 via 2a07:1c44:212:c0ca::1 metric 1 dev tun0
 +
ip route add 2a07:1c44:212:c0ca:87e8:0000::/81 dev enp0s8
 +
 +
sudo apt install radvd
 +
 +
Edit /etc/radvd.conf
 +
 +
interface enp0s8 {
 +
        AdvSendAdvert on;
 +
        AdvDefaultPreference high;
 +
        prefix 2a07:1c44:212:c0ca:87e8:0000::/81 {
 +
        };
 +
};
 +
 +
Restart
 +
 +
/etc/init.d/radvd restart
 +
 +
'''CLIENT'''
 +
 +
echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra
 +
echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra
 +
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra
 +
echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_from_local
 +
echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_from_local
 +
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_from_local
 +
echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_defrtr
 +
echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_defrtr
 +
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_defrtr
 +
 +
  
 
==Pranala Menarik==
 
==Pranala Menarik==
  
 
* [[IPv6]]
 
* [[IPv6]]

Revision as of 06:47, 6 February 2019

IPv6-router-ubuntu.jpeg

Berikut adalah langkah yang perlu dilakukan untuk membuat sebuah router IPv6 sederhana menggunakan Ubuntu.


Akses ke IPv6 Internet

Perhitungan Subnet IPv6


NAT IPv6

Jika dibutuhkan, maka netfilter6 dapat digunakan sebagai NAT IPv6.

IPv6 Masquerading

Seperti layaknya client IPv4, maka client dapat di sembunyikan di belakang router dengan IPv6 masquerading (hide/overlap NAT), seperti

ip6tables -t nat -A POSTROUTING -o tun0 -s fec0::/64 -j MASQUERADE
ip6tables -t nat -A POSTROUTING -o teredo -s 2001:0:53aa:64c:20a7:659c:4b0c:e8d7 -j MASQUERADE

IPv6 Destination NAT

Sebuah dedicated IPv6 address global dapat di forward ke internal IPv6 address, seperti,

ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i tun0 -j DNAT --to-destination fec0::5054:ff:fe01:2345

IPv6 Port Forwarding

Sebuah port yang spesifik dapat di forward ke jaringan internal, seperti,

ip6tables -t nat -A PREROUTING -i tun0 -p tcp --dport 8080 -j DNAT --to-destination [fec0::1234]:80

Siapkan OS Ubuntu

Skenario 1: teredo dan Alokasi Stateless untuk LAN lokal

GATEWAY / Router ke Internet

Install radvd

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 
ip addr add fec0:1234::dead/64 dev enp0s3
sudo apt install radvd

Edit /etc/radvd.conf

interface enp0s3 {
        AdvSendAdvert on;
        prefix fec0:1234::/64 {
        };
};

Restart

/etc/init.d/radvd restart

NAT ke IPv6 Global

ip6tables -t nat -A POSTROUTING -i enp3s0 -o teredo -s fec0:1234::/64 -j MASQUERADE



Skenario 2: 6project dan IPv6 Static LAN lokal

GATEWAY / Router ke Internet

openvpn --config usernameanda-di-6project.ovpn &
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 
ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0
ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0
ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev enp0s3
ip route add ::/0 dev tun0


Flush firewall

ip6tables -t nat -F
ip6tables -F

CLIENT

ip addr add 2a07:1c44:212:c0ca:87e8:0000::123/81 dev enp0s3
ip route add ::/0 via 2a07:1c44:212:c0ca:87e8:0000::dead

atau

ip route add ::/0 dev enp0s3

Cek

dig aaaa ipv6.google.com
ping6 ipv6.google.com

Skenario 3: 6project alokasikan DHCPv6 LAN + ndp

GATEWAY

Aktifkan neighbor discovery proxy (ndp)

echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
echo 1 > /proc/sys/net/ipv6/conf/tun0/proxy_ndp
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding

Lakukan proxy ke masing2 IPv6 client, misalnya

openvpn --config XXXX.ovpn
ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0
ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0
ip addr add 2a07:1c44:212:c0ca:87e8::1/81 dev enp0s3
ip route add ::/0 dev tun0
ip route add 2a07:1c44:212:c0ca:87e8::/81 enp0s3
ip -6 neigh add proxy 2a07:1c44:212:c0ca:87e8::22 dev tun0

CLIENT

ip addr add 2a07:1c44:212:c0ca:87e8::22/81 dev enp0s3
ip route add ::/0 via 2a07:1c44:212:c0ca:87e8::1 dev enp0s3
dig aaaa ipv6.google.com
ping ipv6.google.com

PROBLEM Skenario: 6project alokasikan DHCPv6 LAN

CATATAN:

  • DHCPv6 tampaknya hanya bisa mengalokasikan /128 harus di bantu RA utk < /128.
  • Routing tidak di set


openvpn --config usernameanda-di-6project.ovpn &
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 
ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0
ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0
ip route add ::/0 dev tun0
ip addr add 2a07:1c44:212:c0ca:87e8::1/81 dev enp0s3

DHCPv6 server

apt install isc-dhcp-server

Edit /etc/dhcp/dhcpd6.conf

default-lease-time 600;
max-lease-time 7200;
subnet6 2a07:1c44:212:c0ca:87e8::/81 {
        range6 2a07:1c44:212:c0ca:87e8::1000 2a07:1c44:212:c0ca:87e8::3000;
        range6 2a07:1c44:212:c0ca:87e8::/81 temporary;
        prefix6 2a07:1c44:212:c0ca:87e8::1000 2a07:1c44:212:c0ca:87e8::3000 /81;
}
chmod -Rf 777 /var/lib/dhcp/
chown -Rf nobody: /var/lib/dhcp/
dhcpd -6 -cf /etc/dhcp/dhcpd6.conf

Aktifkan radvd

sudo apt install radvd

Edit /etc/radvd.conf

interface enp0s3 {
        AdvSendAdvert on;
        prefix 2a07:1c44:212:c0ca:87e8::/81 {
        };
};



Flush firewall

ip6tables -t nat -F
ip6tables -F


CLIENT


PROBELM Skenario: 6Project dan Alokasi Stateless untuk LAN lokal

CATATAN:

  • 6project.org hanya mengalokasikan /80
  • /80 tidak bisa dipakai untuk Stateless menggunakan radvd
  • radvd aman untuk alokasi /64 atau lebh besar.


GATEWAY / Router ke Internet

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding
echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding
openvpn --config usernameanda-di-6project.ovpn &
ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0
ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0
ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev enp0s8
ip route add 2000::/3 via 2a07:1c44:212:c0ca::1 metric 1 dev tun0
ip route add 2a07:1c44:212:c0ca:87e8:0000::/81 dev enp0s8
sudo apt install radvd

Edit /etc/radvd.conf

interface enp0s8 {
        AdvSendAdvert on;
        AdvDefaultPreference high;
        prefix 2a07:1c44:212:c0ca:87e8:0000::/81 {
        };
};

Restart

/etc/init.d/radvd restart

CLIENT

echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_from_local 
echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_from_local 
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_from_local
echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_defrtr 
echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_defrtr 
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_defrtr


Pranala Menarik