IPv6: OpenVPN: Ubuntu roadwarrior
sumber: https://blog.apnic.net/2017/06/09/using-openvpn-ipv6/
Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6.
Contoh Topology
Jaringan dibuat di GNS3 menggunakan NAT (192.168.122.1), 2 Server 202.x.x.x satu berfungsi sebagai client, satu lagi berfungsi sebagai server.
192.168.122.1 (NAT)
|
|
2222::/64 -- B Client 202.0.0.2 -- 202.0.0.1 A Server -- 2001::/64
Konfigurasi Jaringan
Server A
ifconfig enp0s3 192.168.122.100 netmask 255.255.255.0 ifconfig enp0s3:2 202.0.0.1 netmask 255.255.255.0 route add default gw 192.168.122.1 ip addr add 2001::1/64 dev enp0s8
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
Client B
ifconfig enp0s3 192.168.122.200 netmask 255.255.255.0 ifconfig enp0s3:2 202.0.0.2 netmask 255.255.255.0 ip addr add 2222::1/64 dev enp0s8 route add default gw 192.168.122.1
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s3/forwarding echo 1 > /proc/sys/net/ipv6/conf/enp0s8/forwarding echo 1 > /proc/sys/net/ipv6/conf/tun0/forwarding
Server: Instalasi OpenVPN
Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah
sudo su rm /var/lib/dpkg/lock apt update
cd /usr/local/src wget https://git.io/vpn -O openvpn-install.sh sudo bash openvpn-install.sh
Beberapa informasi yang dibutuhkan
- IP address OpenVPN:
- Public IP address / hostname:
- Protocol UDP / TCP
- Port: 1194 (UDP)
- DNS: Google
- Client name: coba1
Jika OpenVPN serve telah di konfigurasi dan siap pakai. Akan tampak di rules firewall di /etc/rc.local kira-kira
$ cat /etc/rc.local # iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT # iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24-j SNAT --to 202.0.0.1
Jalankan OpenVPN, ketik
sudo /etc/init.d/openvpn start
Sertifikat client di simpan di home directory,
coba1.ovpn
AKtifkan IPv6
Interface tun0 di server biasanya
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
inet6 fe80::4d06:4709:ba3f:7120 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 288 (288.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Langkah selanjutnya adalah mengaktifkan IPv6.
Misalnya,
- IPv6 Server : 2001::1/64
- IPv6 Routed : 2345::/59 (ada 32 network /64)
Edit server.conf
vi /etc/openvpn/server.conf
Tambahkan:
server-ipv6 2001::/64 tun-ipv6 push tun-ipv6 ifconfig-ipv6 2345::1 2345::2 push "route-ipv6 2345::2/59" push "route-ipv6 2000::/3"
Step 2: Enable IPv6 forwarding:
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
Step 3: Reload OpenVPN Service
sudo /etc/init.d/openvpn restart
Client
Install openvpn
rm /var/lib/dpkg/lock apt update apt install openvpn
Download file .ovpn client. Coba sambungkan
openvpn --config coba1.ovpn
Test the IPv6 reachability by accessing http://test-ipv6.com/
Edit /etc/sysctl.conf:
net.ipv6.conf.all.forwarding = 1
2. Make sure that you route 2001:db8:ee00:abcd::/64 to your OpenVPN Server. I have done this from my Cisco router:
ipv6 route 2001:db8:ee00:abcd::/64 2001:db8:ee00:ee00::10
So you now have native IPv6 and can access all IPv6-enabled services. As a roaming user, it will give you better security.