Difference between revisions of "IPv6: OpenVPN: Ubuntu roadwarrior"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 2: | Line 2: | ||
| − | + | Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6. | |
| − | + | ==Instal OpenVPN== | |
| − | + | Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah | |
| − | + | sudo su | |
| + | cd /usr/local/src | ||
| + | wget https://git.io/vpn -O openvpn-install.sh | ||
| + | sudo bash openvpn-install.sh | ||
| − | |||
| − | |||
You need to define the external IP address on which you will run the service: | You need to define the external IP address on which you will run the service: | ||
Revision as of 08:30, 7 February 2019
sumber: https://blog.apnic.net/2017/06/09/using-openvpn-ipv6/
Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6.
Instal OpenVPN
Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah
sudo su cd /usr/local/src wget https://git.io/vpn -O openvpn-install.sh sudo bash openvpn-install.sh
You need to define the external IP address on which you will run the service:
a. External IP address on which you will run the service b. Port No c. DNS you want to use
This will create the necessary certificates and create the first client.
That’s it. Your OpenVPN server has been configured and is ready to use. You can see the added firewall rules /etc/rc.local file:
$ cat /etc/rc.local iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 203.0.113.10
Type the following command to start the OpenVPN service:
$ sudo /etc/init.d/openvpn start
The client certificate will be stored in the home directory.
fakrul-apnic.ovpn
To connect from MacOSX, you can use TunnelBlick.
To add a new client, run the openvpn-install.sh script. Choose option 1 to add a new client and the certificate will be stored in the home folder.
B. Enable IPv6
Now let’s enable IPv6. For the configuration I am using IP 2001:db8:ee00:ee00::10/64 for the VPN server.
2001:db8:ee00:abcd::/64 has been routed to the OpenVPN server host. That mean users connected via OpenVPN will get an address from 2001:db8:ee00:abcd::/64
Step 1: We need to edit the OpenVPN configuration file and enable IPv6 tunnel service
vi /etc/openvpn/server.conf
Add the following:
server-ipv6 2001:0db8:ee00:abcd::/64 tun-ipv6 push tun-ipv6 ifconfig-ipv6 2001:0db8:ee00:abcd::1 2001:0db8:ee00:abcd::2 push "route-ipv6 2001:0db8:ee00:ee00::2/64" push "route-ipv6 2000::/3"
Step 2: Enable IPv6 forwarding:
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
Step 3: Reload OpenVPN Service
sudo /etc/init.d/openvpn restart
Try to connect your OpenVPN client.
From the Tunnelblick log you can verify the IP addresses:
Test the IPv6 reachability by accessing http://test-ipv6.com/
Note: 1. To make IPv6 forwarding persistent, remember to uncomment in /etc/sysctl.conf:
net.ipv6.conf.all.forwarding = 1
2. Make sure that you route 2001:db8:ee00:abcd::/64 to your OpenVPN Server. I have done this from my Cisco router:
ipv6 route 2001:db8:ee00:abcd::/64 2001:db8:ee00:ee00::10
So you now have native IPv6 and can access all IPv6-enabled services. As a roaming user, it will give you better security.