Difference between revisions of "IPv6: Router Ubuntu"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(22 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | [[File:IPv6-router-ubuntu.jpeg|center| | + | [[File:IPv6-router-ubuntu.jpeg|center|400px|thumb]] |
Berikut adalah langkah yang perlu dilakukan untuk membuat sebuah router IPv6 sederhana menggunakan Ubuntu. | Berikut adalah langkah yang perlu dilakukan untuk membuat sebuah router IPv6 sederhana menggunakan Ubuntu. | ||
Line 41: | Line 41: | ||
===Skenario 1: teredo dan Alokasi Stateless untuk LAN lokal=== | ===Skenario 1: teredo dan Alokasi Stateless untuk LAN lokal=== | ||
+ | |||
+ | '''Topology''' | ||
+ | |||
+ | Client --- e1-SERVER-e0 --- Internet | ||
+ | |||
'''GATEWAY / Router ke Internet''' | '''GATEWAY / Router ke Internet''' | ||
+ | |||
+ | Install teredo | ||
+ | |||
+ | sudo su | ||
+ | apt install miredo | ||
+ | /etc/init.d/miredo restart | ||
Install radvd | Install radvd | ||
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
− | ip addr add fec0:1234::dead/64 dev | + | echo 1 > /proc/sys/net/ipv6/conf/default/forwarding |
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/teredo/forwarding | ||
+ | |||
+ | ip addr add fec0:1234::dead/64 dev enp0s8 | ||
+ | ifconfig enp0s8 up | ||
sudo apt install radvd | sudo apt install radvd | ||
Edit /etc/radvd.conf | Edit /etc/radvd.conf | ||
− | interface | + | interface enp0s8 { |
AdvSendAdvert on; | AdvSendAdvert on; | ||
prefix fec0:1234::/64 { | prefix fec0:1234::/64 { | ||
Line 64: | Line 81: | ||
NAT ke IPv6 Global | NAT ke IPv6 Global | ||
− | ip6tables -t nat -A POSTROUTING | + | ip6tables -t nat -A POSTROUTING -o teredo -s fec0:1234::/64 -j MASQUERADE |
+ | '''CLIENT''' | ||
+ | * interface menggunakan IPv6 automatic; IPv4 bisa di matikan. | ||
+ | * edit /etc/resolv.conf | ||
− | + | # nameserver Google IPv6 | |
+ | nameserver 2001:4860:4860::8888 | ||
+ | nameserver 2001:4860:4860::8844 | ||
− | + | ===Skenario 2: 6project dan IPv6 Static LAN lokal=== | |
− | + | '''Topology''' | |
− | |||
− | |||
− | |||
− | + | Client --- e1-SERVER-e0 --- Internet | |
− | + | Alokasi IPv6 dari 6project.org hanya /80, hanya bisa untuk static LAN saja. Tidak bisa untuk yang lain. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
'''GATEWAY / Router ke Internet''' | '''GATEWAY / Router ke Internet''' | ||
+ | sudo su | ||
+ | apt update | ||
+ | apt install openvpn | ||
openvpn --config usernameanda-di-6project.ovpn & | openvpn --config usernameanda-di-6project.ovpn & | ||
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/default/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding | ||
+ | |||
ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0 | ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0 | ||
ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 | ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 | ||
− | ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev | + | ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev enp0s8 |
+ | ifconfig enp0s8 up | ||
ip route add ::/0 dev tun0 | ip route add ::/0 dev tun0 | ||
Line 126: | Line 129: | ||
'''CLIENT''' | '''CLIENT''' | ||
− | ip addr add 2a07:1c44:212:c0ca:87e8:0000::123/81 dev | + | Supaya mudah sebaiknya setup client dilakukan menggunakan fasilitas konfigurasi jaringan yang GUI. Untuk client yang CLI dapat menggunakan perintah di bawah ini, |
+ | |||
+ | ip addr add 2a07:1c44:212:c0ca:87e8:0000::123/81 dev eth0 | ||
ip route add ::/0 via 2a07:1c44:212:c0ca:87e8:0000::dead | ip route add ::/0 via 2a07:1c44:212:c0ca:87e8:0000::dead | ||
Line 132: | Line 137: | ||
ip route add ::/0 dev enp0s3 | ip route add ::/0 dev enp0s3 | ||
+ | |||
+ | |||
+ | Edit /etc/resolv.conf | ||
+ | |||
+ | # nameserver Google IPv6 | ||
+ | nameserver 2001:4860:4860::8888 | ||
+ | nameserver 2001:4860:4860::8844 | ||
+ | |||
Cek | Cek | ||
Line 139: | Line 152: | ||
===Skenario 3: 6project alokasikan DHCPv6 LAN + ndp=== | ===Skenario 3: 6project alokasikan DHCPv6 LAN + ndp=== | ||
+ | |||
+ | Disini alokasi IPv6 dari 6project di alokasikan menggunakan DHCPv6. | ||
+ | Tapi routing, proxy ndp semua harus di set manual supaya jalan. Sebetulnya mirip dengan static routing saja, tapi alokasi IPv6 via DHCPv6. | ||
+ | |||
'''GATEWAY''' | '''GATEWAY''' | ||
Line 175: | Line 192: | ||
* DHCPv6 tampaknya hanya bisa mengalokasikan /128 harus di bantu RA utk < /128. | * DHCPv6 tampaknya hanya bisa mengalokasikan /128 harus di bantu RA utk < /128. | ||
* Routing tidak di set | * Routing tidak di set | ||
+ | * RA juga tidak berfungsi untuk alokasi < /64, tadi harus di routing di konfigurasi manual. | ||
Line 225: | Line 243: | ||
'''CLIENT''' | '''CLIENT''' | ||
+ | |||
+ | ===PROBELM Skenario: 6Project dan Alokasi Stateless untuk LAN lokal=== | ||
+ | |||
+ | '''CATATAN:''' | ||
+ | * 6project.org hanya mengalokasikan /80 | ||
+ | * /80 tidak bisa dipakai untuk Stateless menggunakan radvd | ||
+ | * radvd aman untuk alokasi /64 atau lebh besar. | ||
+ | |||
+ | |||
+ | '''GATEWAY / Router ke Internet''' | ||
+ | |||
+ | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/default/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding | ||
+ | |||
+ | openvpn --config usernameanda-di-6project.ovpn & | ||
+ | |||
+ | ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0 | ||
+ | ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 | ||
+ | ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev enp0s8 | ||
+ | ip route add 2000::/3 via 2a07:1c44:212:c0ca::1 metric 1 dev tun0 | ||
+ | ip route add 2a07:1c44:212:c0ca:87e8:0000::/81 dev enp0s8 | ||
+ | |||
+ | sudo apt install radvd | ||
+ | |||
+ | Edit /etc/radvd.conf | ||
+ | |||
+ | interface enp0s8 { | ||
+ | AdvSendAdvert on; | ||
+ | AdvDefaultPreference high; | ||
+ | prefix 2a07:1c44:212:c0ca:87e8:0000::/81 { | ||
+ | }; | ||
+ | }; | ||
+ | |||
+ | Restart | ||
+ | |||
+ | /etc/init.d/radvd restart | ||
+ | |||
+ | '''CLIENT''' | ||
+ | |||
+ | echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_from_local | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_from_local | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_from_local | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_defrtr | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_defrtr | ||
+ | echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_defrtr | ||
==Pranala Menarik== | ==Pranala Menarik== | ||
* [[IPv6]] | * [[IPv6]] |
Latest revision as of 06:11, 26 March 2019
Berikut adalah langkah yang perlu dilakukan untuk membuat sebuah router IPv6 sederhana menggunakan Ubuntu.
Akses ke IPv6 Internet
Perhitungan Subnet IPv6
NAT IPv6
Jika dibutuhkan, maka netfilter6 dapat digunakan sebagai NAT IPv6.
IPv6 Masquerading
Seperti layaknya client IPv4, maka client dapat di sembunyikan di belakang router dengan IPv6 masquerading (hide/overlap NAT), seperti
ip6tables -t nat -A POSTROUTING -o tun0 -s fec0::/64 -j MASQUERADE ip6tables -t nat -A POSTROUTING -o teredo -s 2001:0:53aa:64c:20a7:659c:4b0c:e8d7 -j MASQUERADE
IPv6 Destination NAT
Sebuah dedicated IPv6 address global dapat di forward ke internal IPv6 address, seperti,
ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i tun0 -j DNAT --to-destination fec0::5054:ff:fe01:2345
IPv6 Port Forwarding
Sebuah port yang spesifik dapat di forward ke jaringan internal, seperti,
ip6tables -t nat -A PREROUTING -i tun0 -p tcp --dport 8080 -j DNAT --to-destination [fec0::1234]:80
Siapkan OS Ubuntu
Skenario 1: teredo dan Alokasi Stateless untuk LAN lokal
Topology
Client --- e1-SERVER-e0 --- Internet
GATEWAY / Router ke Internet
Install teredo
sudo su apt install miredo /etc/init.d/miredo restart
Install radvd
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding echo 1 > /proc/sys/net/ipv6/conf/teredo/forwarding
ip addr add fec0:1234::dead/64 dev enp0s8 ifconfig enp0s8 up sudo apt install radvd
Edit /etc/radvd.conf
interface enp0s8 { AdvSendAdvert on; prefix fec0:1234::/64 { }; };
Restart
/etc/init.d/radvd restart
NAT ke IPv6 Global
ip6tables -t nat -A POSTROUTING -o teredo -s fec0:1234::/64 -j MASQUERADE
CLIENT
- interface menggunakan IPv6 automatic; IPv4 bisa di matikan.
- edit /etc/resolv.conf
# nameserver Google IPv6 nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844
Skenario 2: 6project dan IPv6 Static LAN lokal
Topology
Client --- e1-SERVER-e0 --- Internet
Alokasi IPv6 dari 6project.org hanya /80, hanya bisa untuk static LAN saja. Tidak bisa untuk yang lain.
GATEWAY / Router ke Internet
sudo su apt update apt install openvpn openvpn --config usernameanda-di-6project.ovpn &
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev enp0s8 ifconfig enp0s8 up ip route add ::/0 dev tun0
Flush firewall
ip6tables -t nat -F ip6tables -F
CLIENT
Supaya mudah sebaiknya setup client dilakukan menggunakan fasilitas konfigurasi jaringan yang GUI. Untuk client yang CLI dapat menggunakan perintah di bawah ini,
ip addr add 2a07:1c44:212:c0ca:87e8:0000::123/81 dev eth0 ip route add ::/0 via 2a07:1c44:212:c0ca:87e8:0000::dead
atau
ip route add ::/0 dev enp0s3
Edit /etc/resolv.conf
# nameserver Google IPv6 nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844
Cek
dig aaaa ipv6.google.com ping6 ipv6.google.com
Skenario 3: 6project alokasikan DHCPv6 LAN + ndp
Disini alokasi IPv6 dari 6project di alokasikan menggunakan DHCPv6. Tapi routing, proxy ndp semua harus di set manual supaya jalan. Sebetulnya mirip dengan static routing saja, tapi alokasi IPv6 via DHCPv6.
GATEWAY
Aktifkan neighbor discovery proxy (ndp)
echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp echo 1 > /proc/sys/net/ipv6/conf/tun0/proxy_ndp echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding
Lakukan proxy ke masing2 IPv6 client, misalnya
openvpn --config XXXX.ovpn ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8::1/81 dev enp0s3 ip route add ::/0 dev tun0 ip route add 2a07:1c44:212:c0ca:87e8::/81 enp0s3
ip -6 neigh add proxy 2a07:1c44:212:c0ca:87e8::22 dev tun0
CLIENT
ip addr add 2a07:1c44:212:c0ca:87e8::22/81 dev enp0s3 ip route add ::/0 via 2a07:1c44:212:c0ca:87e8::1 dev enp0s3
dig aaaa ipv6.google.com ping ipv6.google.com
PROBLEM Skenario: 6project alokasikan DHCPv6 LAN
CATATAN:
- DHCPv6 tampaknya hanya bisa mengalokasikan /128 harus di bantu RA utk < /128.
- Routing tidak di set
- RA juga tidak berfungsi untuk alokasi < /64, tadi harus di routing di konfigurasi manual.
openvpn --config usernameanda-di-6project.ovpn &
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 ip route add ::/0 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8::1/81 dev enp0s3
DHCPv6 server
apt install isc-dhcp-server
Edit /etc/dhcp/dhcpd6.conf
default-lease-time 600; max-lease-time 7200; subnet6 2a07:1c44:212:c0ca:87e8::/81 { range6 2a07:1c44:212:c0ca:87e8::1000 2a07:1c44:212:c0ca:87e8::3000; range6 2a07:1c44:212:c0ca:87e8::/81 temporary; prefix6 2a07:1c44:212:c0ca:87e8::1000 2a07:1c44:212:c0ca:87e8::3000 /81; }
chmod -Rf 777 /var/lib/dhcp/ chown -Rf nobody: /var/lib/dhcp/ dhcpd -6 -cf /etc/dhcp/dhcpd6.conf
Aktifkan radvd
sudo apt install radvd
Edit /etc/radvd.conf
interface enp0s3 { AdvSendAdvert on; prefix 2a07:1c44:212:c0ca:87e8::/81 { }; };
Flush firewall
ip6tables -t nat -F ip6tables -F
CLIENT
PROBELM Skenario: 6Project dan Alokasi Stateless untuk LAN lokal
CATATAN:
- 6project.org hanya mengalokasikan /80
- /80 tidak bisa dipakai untuk Stateless menggunakan radvd
- radvd aman untuk alokasi /64 atau lebh besar.
GATEWAY / Router ke Internet
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding
openvpn --config usernameanda-di-6project.ovpn &
ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev enp0s8 ip route add 2000::/3 via 2a07:1c44:212:c0ca::1 metric 1 dev tun0 ip route add 2a07:1c44:212:c0ca:87e8:0000::/81 dev enp0s8
sudo apt install radvd
Edit /etc/radvd.conf
interface enp0s8 { AdvSendAdvert on; AdvDefaultPreference high; prefix 2a07:1c44:212:c0ca:87e8:0000::/81 { }; };
Restart
/etc/init.d/radvd restart
CLIENT
echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_from_local echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_from_local echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_from_local echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra_defrtr echo 1 > /proc/sys/net/ipv6/conf/default/accept_ra_defrtr echo 1 > /proc/sys/net/ipv6/conf/enp0s3/accept_ra_defrtr