Difference between revisions of "IPv6: OpenVPN: Ubuntu roadwarrior"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 59: | Line 59: | ||
* IPv6 Server : 2001::1/64 | * IPv6 Server : 2001::1/64 | ||
| − | * IPv6 Routed : 2345::/ | + | * IPv6 Routed : 2345::/59 (ada 32 network /64) |
| − | + | Edit server.conf | |
| − | |||
| − | |||
| − | |||
| − | |||
vi /etc/openvpn/server.conf | vi /etc/openvpn/server.conf | ||
| − | + | Tambahkan: | |
| − | server-ipv6 2001 | + | server-ipv6 2001::/64 |
tun-ipv6 | tun-ipv6 | ||
push tun-ipv6 | push tun-ipv6 | ||
| − | ifconfig-ipv6 | + | ifconfig-ipv6 2345::1 2345::2 |
| − | push "route-ipv6 | + | push "route-ipv6 2345::2/64" |
push "route-ipv6 2000::/3" | push "route-ipv6 2000::/3" | ||
| Line 85: | Line 81: | ||
sudo /etc/init.d/openvpn restart | sudo /etc/init.d/openvpn restart | ||
| + | |||
| + | |||
| + | ==Client== | ||
Try to connect your OpenVPN client. | Try to connect your OpenVPN client. | ||
| Line 92: | Line 91: | ||
Test the IPv6 reachability by accessing http://test-ipv6.com/ | Test the IPv6 reachability by accessing http://test-ipv6.com/ | ||
| − | + | Edit /etc/sysctl.conf: | |
| − | |||
net.ipv6.conf.all.forwarding = 1 | net.ipv6.conf.all.forwarding = 1 | ||
Revision as of 09:24, 7 February 2019
sumber: https://blog.apnic.net/2017/06/09/using-openvpn-ipv6/
Aplikasi open source untuk mengimplementasi Virtual Private Network (VPN) yang cukup populer adalah OpenVPN. OpenVPN menggunakan protocol SSL / TLS untuk mempertukarkan kunci. Pada kesempatan ini akan di terangkan cara mengaktifkan OpenVPN untuk IPv6.
Instal OpenVPN
Agar mudah kita menggunakan OpenVPN road warrior installer. Download dan jalankan script untuk instalasi menggunakan perintah
sudo su rm /var/lib/dpkg/lock apt update
cd /usr/local/src wget https://git.io/vpn -O openvpn-install.sh sudo bash openvpn-install.sh
Beberapa informasi yang dibutuhkan
- IP address OpenVPN:
- Public IP address / hostname:
- Protocol UDP / TCP
- Port: 1194 (UDP)
- DNS: Google
- Client name: coba1
Jika OpenVPN serve telah di konfigurasi dan siap pakai. Akan tampak di rules firewall di /etc/rc.local kira-kira
$ cat /etc/rc.local iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 203.0.113.10
Jalankan OpenVPN, ketik
sudo /etc/init.d/openvpn start
Sertifikat client di simpan di home directory,
coba1.ovpn
AKtifkan IPv6
Interface tun0 di server biasanya
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
inet6 fe80::4d06:4709:ba3f:7120 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 288 (288.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Langkah selanjutnya adalah mengaktifkan IPv6.
Misalnya,
- IPv6 Server : 2001::1/64
- IPv6 Routed : 2345::/59 (ada 32 network /64)
Edit server.conf
vi /etc/openvpn/server.conf
Tambahkan:
server-ipv6 2001::/64 tun-ipv6 push tun-ipv6 ifconfig-ipv6 2345::1 2345::2 push "route-ipv6 2345::2/64" push "route-ipv6 2000::/3"
Step 2: Enable IPv6 forwarding:
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
Step 3: Reload OpenVPN Service
sudo /etc/init.d/openvpn restart
Client
Try to connect your OpenVPN client.
From the Tunnelblick log you can verify the IP addresses:
Test the IPv6 reachability by accessing http://test-ipv6.com/
Edit /etc/sysctl.conf:
net.ipv6.conf.all.forwarding = 1
2. Make sure that you route 2001:db8:ee00:abcd::/64 to your OpenVPN Server. I have done this from my Cisco router:
ipv6 route 2001:db8:ee00:abcd::/64 2001:db8:ee00:ee00::10
So you now have native IPv6 and can access all IPv6-enabled services. As a roaming user, it will give you better security.