OpenVPN: IPv6 /128 single client

From OnnoWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

sumber: https://www.ostechnix.com/easiest-way-install-configure-openvpn-server-linux/


Topology

CLIENT 1 ------- HOST A ---------------- HOST B
                 ovpn server             ovpn client
                 2345::1/64


Host A akan berfungsi sebagai OpenVPN Server. 

OS : Ubuntu 18.04
IP : 192.168.0.239/24   (IP public)
hostname : vpnserver


Host B akan berfungsi sebagai OpenVPN client 

OS : Ubuntu 18.04


Konfigurasi OpenVPN Client

Pastikan openvpn terinstalsi 

sudo su
apt install openssh-server openvpn

Edit /etc/hosts isi dengan nama OpenVPN server 

192.168.0.239 vpnserver


Jalankan OpenVPN client 

cd ~
sudo su
openvpn --config client.ovpn

Akan keluar kira-kira 

..
..
Sun Mar 10 18:58:24 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Mar 10 18:58:24 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Mar 10 18:58:24 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Mar 10 18:58:24 2019 ROUTE_GATEWAY 192.168.0.222/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:3f:39:70
Sun Mar 10 18:58:24 2019 GDG6: remote_host_ipv6=n/a
Sun Mar 10 18:58:24 2019 ROUTE6: default_gateway=UNDEF
Sun Mar 10 18:58:24 2019 TUN/TAP device tun0 opened
Sun Mar 10 18:58:24 2019 TUN/TAP TX queue length set to 100
Sun Mar 10 18:58:24 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sun Mar 10 18:58:24 2019 /sbin/ip link set dev tun0 up mtu 1500
Sun Mar 10 18:58:24 2019 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Sun Mar 10 18:58:24 2019 /sbin/ip -6 addr add 2345::1000/64 dev tun0
Sun Mar 10 18:58:24 2019 /sbin/ip route add 192.168.0.105/32 dev enp0s3
Sun Mar 10 18:58:24 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sun Mar 10 18:58:24 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sun Mar 10 18:58:24 2019 add_route_ipv6(2000::/3 -> 2345::1 metric -1) dev tun0
Sun Mar 10 18:58:24 2019 /sbin/ip -6 route add 2000::/3 dev tun0
Sun Mar 10 18:58:24 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Mar 10 18:58:24 2019 Initialization Sequence Completed

Perhatikan di bagian agak bawah terlihat ada beberapa setup IPv6. Selanjutnya cek Interface, akan muncul tun0 yang ada IPv6-nya 

ifconfig

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
        inet6 fe80::8872:a14c:5076:40b5  prefixlen 64  scopeid 0x20<link>
        inet6 2345::1000  prefixlen 64  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 4837  bytes 5672472 (5.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3898  bytes 324037 (324.0 KB)
        TX errors 0  dropped 106 overruns 0  carrier 0  collisions 0

Perhatikan IPv4 address keluarga 10.8.0.0/16 dan ada IPv6 address sesuai dengan settingan yang ada di OpenVPN Server. Selanjutnya cek sambungan menggunakan IPv6, 

ping -I tun0 2345::1

Sample output: 

PING 2345::1(2345::1) from 2345::1000 tun0: 56 data bytes
64 bytes from 2345::1: icmp_seq=1 ttl=64 time=0.610 ms
64 bytes from 2345::1: icmp_seq=2 ttl=64 time=0.692 ms
64 bytes from 2345::1: icmp_seq=3 ttl=64 time=0.582 ms
64 bytes from 2345::1: icmp_seq=4 ttl=64 time=0.603 ms
64 bytes from 2345::1: icmp_seq=5 ttl=64 time=0.625 ms
64 bytes from 2345::1: icmp_seq=6 ttl=64 time=0.625 ms
^C
--- 2345::1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5110ms
rtt min/avg/max/mdev = 0.582/0.622/0.692/0.046 ms

Cek routing 

ip -6 route show

Pastikan ada routing ke IPv6 address 

2345::/64 dev enp0s3 proto kernel metric 100 pref medium
2345::/64 dev tun0 proto kernel metric 256 pref medium
2000::/3 dev tun0 metric 1024 pref medium
fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium

Referensi

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=OpenVPN:_IPv6_/128_single_client&oldid=60661"