Difference between revisions of "IPv6: OpenVPN: Ubuntu roadwarrior"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
Jaringan dibuat di GNS3 menggunakan NAT (192.168.122.1), 2 Server 202.x.x.x satu berfungsi sebagai client, satu lagi berfungsi sebagai server. | Jaringan dibuat di GNS3 menggunakan NAT (192.168.122.1), 2 Server 202.x.x.x satu berfungsi sebagai client, satu lagi berfungsi sebagai server. | ||
− | + | ||
− | + | 2222::/64 -- B Client 10.10.10.2 -- 10.10.10.1 A Server ---- NAT 192.168.122.1 | |
− | |||
− | 2222::/64 -- B Client | ||
==Konfigurasi Jaringan== | ==Konfigurasi Jaringan== | ||
Line 17: | Line 15: | ||
===Server A=== | ===Server A=== | ||
− | + | dhclient enp0s3 | |
− | ifconfig | + | ifconfig enp0s8 10.10.10.1 netmask 255.255.255.0 |
− | + | ip addr add 2001::1/64 dev enp0s3 | |
− | ip addr add 2001::1/64 dev | ||
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
Line 30: | Line 27: | ||
===Client B=== | ===Client B=== | ||
− | ifconfig enp0s3 | + | ifconfig enp0s3 10.10.10.2 netmask 255.255.255.0 |
− | |||
ip addr add 2222::1/64 dev enp0s8 | ip addr add 2222::1/64 dev enp0s8 | ||
− | route add default gw | + | route add default gw 10.10.10.1 |
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
Line 65: | Line 61: | ||
$ cat /etc/rc.local | $ cat /etc/rc.local | ||
− | iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | + | # iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT |
− | iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT | + | # iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT |
− | iptables -I INPUT -p udp --dport 1194 -j ACCEPT | + | # iptables -I INPUT -p udp --dport 1194 -j ACCEPT |
− | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to | + | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24-j SNAT --to 10.10.10.1 |
Jalankan OpenVPN, ketik | Jalankan OpenVPN, ketik | ||
Line 74: | Line 70: | ||
sudo /etc/init.d/openvpn start | sudo /etc/init.d/openvpn start | ||
− | Sertifikat client di simpan di home directory, | + | Sertifikat client di simpan di home directory supaya mudah di ambil, |
− | coba1.ovpn | + | mv /root/coba1.ovpn /home/onno/coba1.ovpn |
+ | chmod -Rf 777 /home/onno/coba1.ovpn | ||
+ | chown -Rf onno: /home/onno/coba1.ovpn | ||
==AKtifkan IPv6== | ==AKtifkan IPv6== | ||
Line 96: | Line 94: | ||
* IPv6 Server : 2001::1/64 | * IPv6 Server : 2001::1/64 | ||
− | * IPv6 Routed : | + | * IPv6 Routed : 2222::/59 (ada 32 network /64) |
Edit server.conf | Edit server.conf | ||
Line 104: | Line 102: | ||
Tambahkan: | Tambahkan: | ||
− | server-ipv6 2001::/64 | + | server-ipv6 2001::1/64 |
tun-ipv6 | tun-ipv6 | ||
push tun-ipv6 | push tun-ipv6 | ||
− | ifconfig-ipv6 | + | ifconfig-ipv6 2222::1 2222::2 |
− | push "route-ipv6 | + | push "route-ipv6 2222::2/59" |
push "route-ipv6 2000::/3" | push "route-ipv6 2000::/3" | ||
− | + | Reload OpenVPN Service | |
− | |||
− | |||
− | |||
− | |||
sudo /etc/init.d/openvpn restart | sudo /etc/init.d/openvpn restart | ||
Line 122: | Line 116: | ||
Install openvpn | Install openvpn | ||
+ | |||
+ | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/default/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding | ||
rm /var/lib/dpkg/lock | rm /var/lib/dpkg/lock | ||
Line 132: | Line 131: | ||
Test the IPv6 reachability by accessing http://test-ipv6.com/ | Test the IPv6 reachability by accessing http://test-ipv6.com/ | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==Referensi== | ==Referensi== | ||
Line 149: | Line 138: | ||
==Pranala Menarik== | ==Pranala Menarik== | ||
− | * [[OpenVPN]] | + | * [[OpenVPN: IPv4 /32 single client]] |
− | * [[IPv6]] | + | * [[OpenVPN: IPv4 /32 multi-client]] |
+ | * [[OpenVPN: IPv4 routed LAN]] | ||
+ | * [[OpenVPN: IPv4 routed 2 LAN]] | ||
+ | * [[OpenVPN: IPv6 /128 single client]] | ||
+ | * [[OpenVPN: IPv6 routed LAN]] | ||
+ | * [[OpenVPN: IPv6 routed 2 LAN]] | ||
+ | |||
+ | * [[IPv6: OpenVPN: Ubuntu roadwarrior]] | ||
+ | * [[OpenVPN: Simple Server using Script]] | ||
+ | * [[OpenVPN: Free VPN untuk Ubuntu]] | ||
+ | * [[Instalasi OpenVPN]] | ||
+ | * [[Instalasi OpenVPN Client di Linux]] | ||
+ | * [[Capture Screen Proses Instalasi OpenVPN di Windows]] | ||
+ | * [[Instalasi OpenVPN di Windows]] | ||
+ | * [[WNDW: OpenVPN]] | ||
+ | * [[OpenVPN: Instalasi di Ubuntu 16.04]] | ||
+ | * [[OpenVPN: Instalasi di Ubuntu 18.04]] | ||
+ | * [[OpenVPN: Briding dan Routing]] |
Latest revision as of 08:19, 31 March 2020
sumber: https://blog.apnic.net/2017/06/09/using-openvpn-ipv6/
Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6.
Contoh Topology
Jaringan dibuat di GNS3 menggunakan NAT (192.168.122.1), 2 Server 202.x.x.x satu berfungsi sebagai client, satu lagi berfungsi sebagai server.
2222::/64 -- B Client 10.10.10.2 -- 10.10.10.1 A Server ---- NAT 192.168.122.1
Konfigurasi Jaringan
Server A
dhclient enp0s3 ifconfig enp0s8 10.10.10.1 netmask 255.255.255.0 ip addr add 2001::1/64 dev enp0s3
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
Client B
ifconfig enp0s3 10.10.10.2 netmask 255.255.255.0 ip addr add 2222::1/64 dev enp0s8 route add default gw 10.10.10.1
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
Server: Instalasi OpenVPN
Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah
sudo su rm /var/lib/dpkg/lock apt update
cd /usr/local/src wget https://git.io/vpn -O openvpn-install.sh sudo bash openvpn-install.sh
Beberapa informasi yang dibutuhkan
- IP address OpenVPN:
- Public IP address / hostname:
- Protocol UDP / TCP
- Port: 1194 (UDP)
- DNS: Google
- Client name: coba1
Jika OpenVPN serve telah di konfigurasi dan siap pakai. Akan tampak di rules firewall di /etc/rc.local kira-kira
$ cat /etc/rc.local # iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT # iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24-j SNAT --to 10.10.10.1
Jalankan OpenVPN, ketik
sudo /etc/init.d/openvpn start
Sertifikat client di simpan di home directory supaya mudah di ambil,
mv /root/coba1.ovpn /home/onno/coba1.ovpn chmod -Rf 777 /home/onno/coba1.ovpn chown -Rf onno: /home/onno/coba1.ovpn
AKtifkan IPv6
Interface tun0 di server biasanya
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1 inet6 fe80::4d06:4709:ba3f:7120 prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6 bytes 288 (288.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Langkah selanjutnya adalah mengaktifkan IPv6.
Misalnya,
- IPv6 Server : 2001::1/64
- IPv6 Routed : 2222::/59 (ada 32 network /64)
Edit server.conf
vi /etc/openvpn/server.conf
Tambahkan:
server-ipv6 2001::1/64 tun-ipv6 push tun-ipv6 ifconfig-ipv6 2222::1 2222::2 push "route-ipv6 2222::2/59" push "route-ipv6 2000::/3"
Reload OpenVPN Service
sudo /etc/init.d/openvpn restart
Client
Install openvpn
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding
rm /var/lib/dpkg/lock apt update apt install openvpn
Download file .ovpn client. Coba sambungkan
openvpn --config coba1.ovpn
Test the IPv6 reachability by accessing http://test-ipv6.com/
Referensi
Pranala Menarik
- OpenVPN: IPv4 /32 single client
- OpenVPN: IPv4 /32 multi-client
- OpenVPN: IPv4 routed LAN
- OpenVPN: IPv4 routed 2 LAN
- OpenVPN: IPv6 /128 single client
- OpenVPN: IPv6 routed LAN
- OpenVPN: IPv6 routed 2 LAN
- IPv6: OpenVPN: Ubuntu roadwarrior
- OpenVPN: Simple Server using Script
- OpenVPN: Free VPN untuk Ubuntu
- Instalasi OpenVPN
- Instalasi OpenVPN Client di Linux
- Capture Screen Proses Instalasi OpenVPN di Windows
- Instalasi OpenVPN di Windows
- WNDW: OpenVPN
- OpenVPN: Instalasi di Ubuntu 16.04
- OpenVPN: Instalasi di Ubuntu 18.04
- OpenVPN: Briding dan Routing