Difference between revisions of "IPv6: OpenVPN: Ubuntu roadwarrior"

Latest revision as of 08:19, 31 March 2020

sumber: https://blog.apnic.net/2017/06/09/using-openvpn-ipv6/

Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6.

Contoh Topology

Jaringan dibuat di GNS3 menggunakan NAT (192.168.122.1), 2 Server 202.x.x.x satu berfungsi sebagai client, satu lagi berfungsi sebagai server.

2222::/64 -- B Client 10.10.10.2 --  10.10.10.1 A Server  ---- NAT 192.168.122.1

Konfigurasi Jaringan

Server A

dhclient enp0s3
ifconfig enp0s8 10.10.10.1 netmask 255.255.255.0
ip addr add 2001::1/64 dev enp0s3

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding
echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding
echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding

Client B

ifconfig enp0s3 10.10.10.2 netmask 255.255.255.0
ip addr add 2222::1/64 dev enp0s8
route add default gw 10.10.10.1

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding
echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding
echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding

Server: Instalasi OpenVPN

Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah

sudo su
rm /var/lib/dpkg/lock
apt update

cd /usr/local/src
wget https://git.io/vpn -O openvpn-install.sh
sudo bash openvpn-install.sh

Beberapa informasi yang dibutuhkan

IP address OpenVPN:
Public IP address / hostname:
Protocol UDP / TCP
Port: 1194 (UDP)
DNS: Google
Client name: coba1

Jika OpenVPN serve telah di konfigurasi dan siap pakai. Akan tampak di rules firewall di /etc/rc.local kira-kira

$ cat /etc/rc.local
# iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
# iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24-j SNAT --to 10.10.10.1

Jalankan OpenVPN, ketik

sudo /etc/init.d/openvpn start

Sertifikat client di simpan di home directory supaya mudah di ambil,

mv /root/coba1.ovpn /home/onno/coba1.ovpn
chmod -Rf 777 /home/onno/coba1.ovpn
chown -Rf onno: /home/onno/coba1.ovpn

AKtifkan IPv6

Interface tun0 di server biasanya

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fe80::4d06:4709:ba3f:7120  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 288 (288.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Langkah selanjutnya adalah mengaktifkan IPv6.

Misalnya,

IPv6 Server : 2001::1/64
IPv6 Routed : 2222::/59 (ada 32 network /64)

Edit server.conf

vi /etc/openvpn/server.conf

Tambahkan:

server-ipv6 2001::1/64
tun-ipv6
push tun-ipv6
ifconfig-ipv6 2222::1 2222::2
push "route-ipv6 2222::2/59"
push "route-ipv6 2000::/3"

Reload OpenVPN Service

sudo /etc/init.d/openvpn restart

Client

Install openvpn

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding
echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding

rm /var/lib/dpkg/lock
apt update
apt install openvpn

Download file .ovpn client. Coba sambungkan

openvpn --config coba1.ovpn

Test the IPv6 reachability by accessing http://test-ipv6.com/

Referensi

https://blog.apnic.net/2017/06/09/using-openvpn-ipv6/