IPv6: OpenVPN: Ubuntu roadwarrior

From OnnoWiki
Revision as of 10:12, 9 February 2019 by Onnowpurbo (talk | contribs) (→‎Client)
Jump to navigation Jump to search

sumber: https://blog.apnic.net/2017/06/09/using-openvpn-ipv6/


Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6.

Instal OpenVPN

Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah 

sudo su
rm /var/lib/dpkg/lock
apt update

cd /usr/local/src
wget https://git.io/vpn -O openvpn-install.sh
sudo bash openvpn-install.sh

Beberapa informasi yang dibutuhkan

  • IP address OpenVPN:
  • Public IP address / hostname:
  • Protocol UDP / TCP
  • Port: 1194 (UDP)
  • DNS: Google
  • Client name: coba1

Jika OpenVPN serve telah di konfigurasi dan siap pakai. Akan tampak di rules firewall di /etc/rc.local kira-kira 

$ cat /etc/rc.local
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 203.0.113.10

Jalankan OpenVPN, ketik 

sudo /etc/init.d/openvpn start

Sertifikat client di simpan di home directory, 

coba1.ovpn

AKtifkan IPv6

Interface tun0 di server biasanya 

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fe80::4d06:4709:ba3f:7120  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 288 (288.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Langkah selanjutnya adalah mengaktifkan IPv6.

Misalnya,

  • IPv6 Server : 2001::1/64
  • IPv6 Routed : 2345::/59 (ada 32 network /64)

Edit server.conf 

vi /etc/openvpn/server.conf

Tambahkan: 

server-ipv6 2001::/64
tun-ipv6
push tun-ipv6
ifconfig-ipv6 2345::1 2345::2
push "route-ipv6 2345::2/59"
push "route-ipv6 2000::/3"

Step 2: Enable IPv6 forwarding: 

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

Step 3: Reload OpenVPN Service 

sudo /etc/init.d/openvpn restart

Client

Install openvpn 

rm /var/lib/dpkg/lock
apt update
apt install openvpn

Download file .ovpn client. Coba sambungkan 

openvpn --config coba1.ovpn

Test the IPv6 reachability by accessing http://test-ipv6.com/

Edit /etc/sysctl.conf: 

net.ipv6.conf.all.forwarding = 1

2. Make sure that you route 2001:db8:ee00:abcd::/64 to your OpenVPN Server. I have done this from my Cisco router:

ipv6 route 2001:db8:ee00:abcd::/64 2001:db8:ee00:ee00::10

So you now have native IPv6 and can access all IPv6-enabled services. As a roaming user, it will give you better security.

Referensi

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=IPv6:_OpenVPN:_Ubuntu_roadwarrior&oldid=55258"