Difference between revisions of "IPv6: OpenVPN: Ubuntu roadwarrior"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| (13 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6. | Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6. | ||
| − | == | + | ==Contoh Topology== |
| + | |||
| + | Jaringan dibuat di GNS3 menggunakan NAT (192.168.122.1), 2 Server 202.x.x.x satu berfungsi sebagai client, satu lagi berfungsi sebagai server. | ||
| + | |||
| + | |||
| + | 2222::/64 -- B Client 10.10.10.2 -- 10.10.10.1 A Server ---- NAT 192.168.122.1 | ||
| + | |||
| + | ==Konfigurasi Jaringan== | ||
| + | |||
| + | ===Server A=== | ||
| + | |||
| + | dhclient enp0s3 | ||
| + | ifconfig enp0s8 10.10.10.1 netmask 255.255.255.0 | ||
| + | ip addr add 2001::1/64 dev enp0s3 | ||
| + | |||
| + | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/default/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding | ||
| + | |||
| + | ===Client B=== | ||
| + | |||
| + | ifconfig enp0s3 10.10.10.2 netmask 255.255.255.0 | ||
| + | ip addr add 2222::1/64 dev enp0s8 | ||
| + | route add default gw 10.10.10.1 | ||
| + | |||
| + | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/default/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding | ||
| + | |||
| + | ==Server: Instalasi OpenVPN== | ||
Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah | Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah | ||
| Line 28: | Line 61: | ||
$ cat /etc/rc.local | $ cat /etc/rc.local | ||
| − | iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | + | # iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT |
| − | iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT | + | # iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT |
| − | iptables -I INPUT -p udp --dport 1194 -j ACCEPT | + | # iptables -I INPUT -p udp --dport 1194 -j ACCEPT |
| − | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to | + | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24-j SNAT --to 10.10.10.1 |
Jalankan OpenVPN, ketik | Jalankan OpenVPN, ketik | ||
| Line 37: | Line 70: | ||
sudo /etc/init.d/openvpn start | sudo /etc/init.d/openvpn start | ||
| − | Sertifikat client di simpan di home directory, | + | Sertifikat client di simpan di home directory supaya mudah di ambil, |
| − | coba1.ovpn | + | mv /root/coba1.ovpn /home/onno/coba1.ovpn |
| + | chmod -Rf 777 /home/onno/coba1.ovpn | ||
| + | chown -Rf onno: /home/onno/coba1.ovpn | ||
==AKtifkan IPv6== | ==AKtifkan IPv6== | ||
| Line 59: | Line 94: | ||
* IPv6 Server : 2001::1/64 | * IPv6 Server : 2001::1/64 | ||
| − | * IPv6 Routed : | + | * IPv6 Routed : 2222::/59 (ada 32 network /64) |
Edit server.conf | Edit server.conf | ||
| Line 67: | Line 102: | ||
Tambahkan: | Tambahkan: | ||
| − | server-ipv6 2001::/64 | + | server-ipv6 2001::1/64 |
tun-ipv6 | tun-ipv6 | ||
push tun-ipv6 | push tun-ipv6 | ||
| − | ifconfig-ipv6 | + | ifconfig-ipv6 2222::1 2222::2 |
| − | push "route-ipv6 | + | push "route-ipv6 2222::2/59" |
push "route-ipv6 2000::/3" | push "route-ipv6 2000::/3" | ||
| − | + | Reload OpenVPN Service | |
| − | |||
| − | |||
| − | |||
| − | |||
sudo /etc/init.d/openvpn restart | sudo /etc/init.d/openvpn restart | ||
| − | |||
==Client== | ==Client== | ||
| − | + | Install openvpn | |
| − | + | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | |
| + | echo 1 > /proc/sys/net/ipv6/conf/default/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding | ||
| + | echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding | ||
| − | + | rm /var/lib/dpkg/lock | |
| + | apt update | ||
| + | apt install openvpn | ||
| − | + | Download file .ovpn client. Coba sambungkan | |
| − | + | openvpn --config coba1.ovpn | |
| − | + | Test the IPv6 reachability by accessing http://test-ipv6.com/ | |
| − | |||
| − | |||
| − | |||
| − | |||
==Referensi== | ==Referensi== | ||
| Line 107: | Line 138: | ||
==Pranala Menarik== | ==Pranala Menarik== | ||
| − | * [[OpenVPN]] | + | * [[OpenVPN: IPv4 /32 single client]] |
| − | * [[IPv6]] | + | * [[OpenVPN: IPv4 /32 multi-client]] |
| + | * [[OpenVPN: IPv4 routed LAN]] | ||
| + | * [[OpenVPN: IPv4 routed 2 LAN]] | ||
| + | * [[OpenVPN: IPv6 /128 single client]] | ||
| + | * [[OpenVPN: IPv6 routed LAN]] | ||
| + | * [[OpenVPN: IPv6 routed 2 LAN]] | ||
| + | |||
| + | * [[IPv6: OpenVPN: Ubuntu roadwarrior]] | ||
| + | * [[OpenVPN: Simple Server using Script]] | ||
| + | * [[OpenVPN: Free VPN untuk Ubuntu]] | ||
| + | * [[Instalasi OpenVPN]] | ||
| + | * [[Instalasi OpenVPN Client di Linux]] | ||
| + | * [[Capture Screen Proses Instalasi OpenVPN di Windows]] | ||
| + | * [[Instalasi OpenVPN di Windows]] | ||
| + | * [[WNDW: OpenVPN]] | ||
| + | * [[OpenVPN: Instalasi di Ubuntu 16.04]] | ||
| + | * [[OpenVPN: Instalasi di Ubuntu 18.04]] | ||
| + | * [[OpenVPN: Briding dan Routing]] | ||
Latest revision as of 08:19, 31 March 2020
sumber: https://blog.apnic.net/2017/06/09/using-openvpn-ipv6/
Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6.
Contoh Topology
Jaringan dibuat di GNS3 menggunakan NAT (192.168.122.1), 2 Server 202.x.x.x satu berfungsi sebagai client, satu lagi berfungsi sebagai server.
2222::/64 -- B Client 10.10.10.2 -- 10.10.10.1 A Server ---- NAT 192.168.122.1
Konfigurasi Jaringan
Server A
dhclient enp0s3 ifconfig enp0s8 10.10.10.1 netmask 255.255.255.0 ip addr add 2001::1/64 dev enp0s3
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
Client B
ifconfig enp0s3 10.10.10.2 netmask 255.255.255.0 ip addr add 2222::1/64 dev enp0s8 route add default gw 10.10.10.1
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
Server: Instalasi OpenVPN
Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah
sudo su rm /var/lib/dpkg/lock apt update
cd /usr/local/src wget https://git.io/vpn -O openvpn-install.sh sudo bash openvpn-install.sh
Beberapa informasi yang dibutuhkan
- IP address OpenVPN:
- Public IP address / hostname:
- Protocol UDP / TCP
- Port: 1194 (UDP)
- DNS: Google
- Client name: coba1
Jika OpenVPN serve telah di konfigurasi dan siap pakai. Akan tampak di rules firewall di /etc/rc.local kira-kira
$ cat /etc/rc.local # iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT # iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24-j SNAT --to 10.10.10.1
Jalankan OpenVPN, ketik
sudo /etc/init.d/openvpn start
Sertifikat client di simpan di home directory supaya mudah di ambil,
mv /root/coba1.ovpn /home/onno/coba1.ovpn chmod -Rf 777 /home/onno/coba1.ovpn chown -Rf onno: /home/onno/coba1.ovpn
AKtifkan IPv6
Interface tun0 di server biasanya
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
inet6 fe80::4d06:4709:ba3f:7120 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 288 (288.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Langkah selanjutnya adalah mengaktifkan IPv6.
Misalnya,
- IPv6 Server : 2001::1/64
- IPv6 Routed : 2222::/59 (ada 32 network /64)
Edit server.conf
vi /etc/openvpn/server.conf
Tambahkan:
server-ipv6 2001::1/64 tun-ipv6 push tun-ipv6 ifconfig-ipv6 2222::1 2222::2 push "route-ipv6 2222::2/59" push "route-ipv6 2000::/3"
Reload OpenVPN Service
sudo /etc/init.d/openvpn restart
Client
Install openvpn
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding
rm /var/lib/dpkg/lock apt update apt install openvpn
Download file .ovpn client. Coba sambungkan
openvpn --config coba1.ovpn
Test the IPv6 reachability by accessing http://test-ipv6.com/
Referensi
Pranala Menarik
- OpenVPN: IPv4 /32 single client
- OpenVPN: IPv4 /32 multi-client
- OpenVPN: IPv4 routed LAN
- OpenVPN: IPv4 routed 2 LAN
- OpenVPN: IPv6 /128 single client
- OpenVPN: IPv6 routed LAN
- OpenVPN: IPv6 routed 2 LAN
- IPv6: OpenVPN: Ubuntu roadwarrior
- OpenVPN: Simple Server using Script
- OpenVPN: Free VPN untuk Ubuntu
- Instalasi OpenVPN
- Instalasi OpenVPN Client di Linux
- Capture Screen Proses Instalasi OpenVPN di Windows
- Instalasi OpenVPN di Windows
- WNDW: OpenVPN
- OpenVPN: Instalasi di Ubuntu 16.04
- OpenVPN: Instalasi di Ubuntu 18.04
- OpenVPN: Briding dan Routing