OpenVPN: IPv6 /128 single client: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older edit
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
 
(20 intermediate revisions by the same user not shown)
Line 5: Line 5:




  CLIENT 1 ------- HOST A ---------------- HOST B --------- CLIENT 2
  CLIENT 1 ------- HOST A ---------------- HOST B
                   ovpn server            ovpn client
                   ovpn server            ovpn client
 
                  2345::1/64




Line 14: Line 14:


  OS : Ubuntu 18.04
  OS : Ubuntu 18.04
  IP : 192.168.0.239/24
  IP : 192.168.0.239/24   (IP public)
  hostname : vpnserver
  hostname : vpnserver


Line 21: Line 21:


  OS : Ubuntu 18.04
  OS : Ubuntu 18.04
IP : 192.168.0.237/24
==Instal & Konfigurasi OpenVPN Server==
Download script openvpn-install dari github
sudo su
apt install openssh-server openvpn
cd /usr/local/src
wget https://git.io/vpn -O openvpn-install.sh
bash openvpn-install.sh
Jawab pertanyaan:
IP address: 192.168.0.239
Public IP address / hostname: vpnserver
Protocol [1-2]: 1 -- UDP
Port: 1194
DNS [1-5]: 1
Client name: client
Press any key to continue...  <ENTER>
Maka akan tampak file client.ovpn, di
/root/client.ovpn
Install openssh-server di client, copykan client.ovpn ke client
scp client.ovpn root@192.168.0.237:
Reboot
shutdown -r now
Cek kondisi jaringan
ifconfig
Akan muncul interface tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fe80::eaaa:77ed:ba02:748  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 288 (288.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
==Konfigurasi IPv6 Server==
Edit
vi /etc/openvpn/server.conf
Tambahkan
server-ipv6 2001:db8:0:123::/64
push tun-ipv6
ifconfig-ipv6 2001:db8:0:123::1 2001:db8:0:123::2
push "route-ipv6 2001:db8:0:abc::/64"
push "route-ipv6 2000::/3"




Line 108: Line 43:
Akan keluar kira-kira
Akan keluar kira-kira


  Sat Feb 16 08:24:44 2019 Unrecognized option or missing or extra parameter(s) in client.ovpn:14: block-outside-dns (2.4.4)
  ..
Sat Feb 16 08:24:44 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
  ..
Sat Feb 16 08:24:44 2019 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
  Sun Mar 10 18:58:24 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Feb 16 08:24:44 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  Sun Mar 10 18:58:24 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Feb 16 08:24:44 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  Sun Mar 10 18:58:24 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Feb 16 08:24:44 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.239:1194
  Sun Mar 10 18:58:24 2019 ROUTE_GATEWAY 192.168.0.222/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:3f:39:70
Sat Feb 16 08:24:44 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Mar 10 18:58:24 2019 GDG6: remote_host_ipv6=n/a
Sat Feb 16 08:24:44 2019 UDP link local: (not bound)
  Sun Mar 10 18:58:24 2019 ROUTE6: default_gateway=UNDEF
Sat Feb 16 08:24:44 2019 UDP link remote: [AF_INET]192.168.0.239:1194
Sun Mar 10 18:58:24 2019 TUN/TAP device tun0 opened
  Sat Feb 16 08:24:44 2019 TLS: Initial packet from [AF_INET]192.168.0.239:1194, sid=5ece0ce6 888b9e5b
  Sun Mar 10 18:58:24 2019 TUN/TAP TX queue length set to 100
Sat Feb 16 08:24:44 2019 VERIFY OK: depth=1, CN=ChangeMe
  Sun Mar 10 18:58:24 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
  Sat Feb 16 08:24:44 2019 VERIFY KU OK
  Sun Mar 10 18:58:24 2019 /sbin/ip link set dev tun0 up mtu 1500
Sat Feb 16 08:24:44 2019 Validating certificate extended key usage
  Sun Mar 10 18:58:24 2019 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Sat Feb 16 08:24:44 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
  Sun Mar 10 18:58:24 2019 /sbin/ip -6 addr add 2345::1000/64 dev tun0
Sat Feb 16 08:24:44 2019 VERIFY EKU OK
Sun Mar 10 18:58:24 2019 /sbin/ip route add 192.168.0.105/32 dev enp0s3
Sat Feb 16 08:24:44 2019 VERIFY OK: depth=0, CN=server
  Sun Mar 10 18:58:24 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sat Feb 16 08:24:44 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
  Sun Mar 10 18:58:24 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sat Feb 16 08:24:44 2019 [server] Peer Connection Initiated with [AF_INET]192.168.0.239:1194
  Sun Mar 10 18:58:24 2019 add_route_ipv6(2000::/3 -> 2345::1 metric -1) dev tun0
Sat Feb 16 08:24:45 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Mar 10 18:58:24 2019 /sbin/ip -6 route add 2000::/3 dev tun0
Sat Feb 16 08:24:45 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.0.222,route-gateway  10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM '
Sun Mar 10 18:58:24 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: timers and/or timeouts modified
  Sun Mar 10 18:58:24 2019 Initialization Sequence Completed
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: --ifconfig/up options modified
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: route options modified
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: route-related options modified
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: peer-id set
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: data channel crypto options modified
Sat Feb 16 08:24:45 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
  Sat Feb 16 08:24:45 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
  Sat Feb 16 08:24:45 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
  Sat Feb 16 08:24:45 2019 ROUTE_GATEWAY 192.168.0.222/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:16:69:ed
  Sat Feb 16 08:24:45 2019 TUN/TAP device tun0 opened
  Sat Feb 16 08:24:45 2019 TUN/TAP TX queue length set to 100
  Sat Feb 16 08:24:45 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
  Sat Feb 16 08:24:45 2019 /sbin/ip link set dev tun0 up mtu 1500
  Sat Feb 16 08:24:45 2019 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
  Sat Feb 16 08:24:45 2019 /sbin/ip route add 192.168.0.239/32 dev enp0s3
  Sat Feb 16 08:24:45 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
  Sat Feb 16 08:24:45 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
  Sat Feb 16 08:24:45 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
  Sat Feb 16 08:24:45 2019 Initialization Sequence Completed  


Cek interface, akan muncul tun0
Perhatikan di bagian agak bawah terlihat ada beberapa setup IPv6. Selanjutnya cek Interface, akan muncul tun0 yang ada IPv6-nya


  ifconfig
  ifconfig
Line 157: Line 71:
  tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
  tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
         inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
         inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
         inet6 fe80::28c4:3e38:2497:e12a prefixlen 64  scopeid 0x20<link>
         inet6 fe80::8872:a14c:5076:40b5 prefixlen 64  scopeid 0x20<link>
        inet6 2345::1000  prefixlen 64  scopeid 0x0<global>
         unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
         unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
         RX packets 51 bytes 11522 (11.5 KB)
         RX packets 4837 bytes 5672472 (5.6 MB)
         RX errors 0  dropped 0  overruns 0  frame 0
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 134 bytes 43524 (43.5 KB)
         TX packets 3898 bytes 324037 (324.0 KB)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
         TX errors 0  dropped 106 overruns 0  carrier 0  collisions 0


Cek sambungan
Perhatikan IPv4 address keluarga 10.8.0.0/16 dan ada IPv6 address sesuai dengan settingan yang ada di OpenVPN Server. Selanjutnya cek sambungan menggunakan IPv6,


  ping -c3 10.8.0.1
  ping -I tun0 2345::1


Sample output:
Sample output:


  PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
  PING 2345::1(2345::1) from 2345::1000 tun0: 56 data bytes
  64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=0.539 ms
  64 bytes from 2345::1: icmp_seq=1 ttl=64 time=0.610 ms
  64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=1.17 ms
64 bytes from 2345::1: icmp_seq=2 ttl=64 time=0.692 ms
  64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=0.921 ms
  64 bytes from 2345::1: icmp_seq=3 ttl=64 time=0.582 ms
   
64 bytes from 2345::1: icmp_seq=4 ttl=64 time=0.603 ms
  --- 10.8.0.1 ping statistics ---
  64 bytes from 2345::1: icmp_seq=5 ttl=64 time=0.625 ms
  3 packets transmitted, 3 received, 0% packet loss, time 2007ms
64 bytes from 2345::1: icmp_seq=6 ttl=64 time=0.625 ms
  rtt min/avg/max/mdev = 0.539/0.878/1.176/0.264 ms
  ^C
  --- 2345::1 ping statistics ---
  6 packets transmitted, 6 received, 0% packet loss, time 5110ms
  rtt min/avg/max/mdev = 0.582/0.622/0.692/0.046 ms


Cek routing
Cek routing


  route -n
  ip -6 route show
 
Sample output
 
Kernel IP routing table
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
0.0.0.0        10.8.0.1        128.0.0.0      UG    0      0        0 tun0


Pastikan ada routing ke IPv6 address


Anda sudah tersambung ke VPN dengan IP 10.8.0.0/24
2345::/64 dev enp0s3 proto kernel metric 100 pref medium
2345::/64 dev tun0 proto kernel metric 256 pref medium
2000::/3 dev tun0 metric 1024 pref medium
fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium


==Referensi==
==Referensi==
Line 198: Line 115:
==Pranala Menarik==
==Pranala Menarik==


* [[OpenVPN]]
* [[OpenVPN: IPv4 /32 single client]]
* [[IPv6]]
* [[OpenVPN: IPv4 /32 multi-client]]
* [[OpenVPN: IPv4 routed LAN]]
* [[OpenVPN: IPv4 routed 2 LAN]]
* [[OpenVPN: IPv6 /128 single client]]
* [[OpenVPN: IPv6 routed LAN]]
* [[OpenVPN: IPv6 routed 2 LAN]]
 
* [[IPv6: OpenVPN: Ubuntu roadwarrior]]
* [[OpenVPN: Simple Server using Script]]
* [[OpenVPN: Free VPN untuk Ubuntu]]
* [[Instalasi OpenVPN]]
* [[Instalasi OpenVPN Client di Linux]]
* [[Capture Screen Proses Instalasi OpenVPN di Windows]]
* [[Instalasi OpenVPN di Windows]]
* [[WNDW: OpenVPN]]
* [[OpenVPN: Instalasi di Ubuntu 16.04]]
* [[OpenVPN: Instalasi di Ubuntu 18.04]]
* [[OpenVPN: Briding dan Routing]]

Latest revision as of 01:18, 31 March 2020

sumber: https://www.ostechnix.com/easiest-way-install-configure-openvpn-server-linux/


Topology

CLIENT 1 ------- HOST A ---------------- HOST B
                 ovpn server             ovpn client
                 2345::1/64


Host A akan berfungsi sebagai OpenVPN Server. 

OS : Ubuntu 18.04
IP : 192.168.0.239/24   (IP public)
hostname : vpnserver


Host B akan berfungsi sebagai OpenVPN client 

OS : Ubuntu 18.04


Konfigurasi OpenVPN Client

Pastikan openvpn terinstalsi 

sudo su
apt install openssh-server openvpn

Edit /etc/hosts isi dengan nama OpenVPN server 

192.168.0.239 vpnserver


Jalankan OpenVPN client 

cd ~
sudo su
openvpn --config client.ovpn

Akan keluar kira-kira 

..
..
Sun Mar 10 18:58:24 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Mar 10 18:58:24 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Mar 10 18:58:24 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Mar 10 18:58:24 2019 ROUTE_GATEWAY 192.168.0.222/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:3f:39:70
Sun Mar 10 18:58:24 2019 GDG6: remote_host_ipv6=n/a
Sun Mar 10 18:58:24 2019 ROUTE6: default_gateway=UNDEF
Sun Mar 10 18:58:24 2019 TUN/TAP device tun0 opened
Sun Mar 10 18:58:24 2019 TUN/TAP TX queue length set to 100
Sun Mar 10 18:58:24 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sun Mar 10 18:58:24 2019 /sbin/ip link set dev tun0 up mtu 1500
Sun Mar 10 18:58:24 2019 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Sun Mar 10 18:58:24 2019 /sbin/ip -6 addr add 2345::1000/64 dev tun0
Sun Mar 10 18:58:24 2019 /sbin/ip route add 192.168.0.105/32 dev enp0s3
Sun Mar 10 18:58:24 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sun Mar 10 18:58:24 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sun Mar 10 18:58:24 2019 add_route_ipv6(2000::/3 -> 2345::1 metric -1) dev tun0
Sun Mar 10 18:58:24 2019 /sbin/ip -6 route add 2000::/3 dev tun0
Sun Mar 10 18:58:24 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Mar 10 18:58:24 2019 Initialization Sequence Completed

Perhatikan di bagian agak bawah terlihat ada beberapa setup IPv6. Selanjutnya cek Interface, akan muncul tun0 yang ada IPv6-nya 

ifconfig

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
        inet6 fe80::8872:a14c:5076:40b5  prefixlen 64  scopeid 0x20<link>
        inet6 2345::1000  prefixlen 64  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 4837  bytes 5672472 (5.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3898  bytes 324037 (324.0 KB)
        TX errors 0  dropped 106 overruns 0  carrier 0  collisions 0

Perhatikan IPv4 address keluarga 10.8.0.0/16 dan ada IPv6 address sesuai dengan settingan yang ada di OpenVPN Server. Selanjutnya cek sambungan menggunakan IPv6, 

ping -I tun0 2345::1

Sample output: 

PING 2345::1(2345::1) from 2345::1000 tun0: 56 data bytes
64 bytes from 2345::1: icmp_seq=1 ttl=64 time=0.610 ms
64 bytes from 2345::1: icmp_seq=2 ttl=64 time=0.692 ms
64 bytes from 2345::1: icmp_seq=3 ttl=64 time=0.582 ms
64 bytes from 2345::1: icmp_seq=4 ttl=64 time=0.603 ms
64 bytes from 2345::1: icmp_seq=5 ttl=64 time=0.625 ms
64 bytes from 2345::1: icmp_seq=6 ttl=64 time=0.625 ms
^C
--- 2345::1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5110ms
rtt min/avg/max/mdev = 0.582/0.622/0.692/0.046 ms

Cek routing 

ip -6 route show

Pastikan ada routing ke IPv6 address 

2345::/64 dev enp0s3 proto kernel metric 100 pref medium
2345::/64 dev tun0 proto kernel metric 256 pref medium
2000::/3 dev tun0 metric 1024 pref medium
fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium

Referensi

Pranala Menarik

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=OpenVPN:_IPv6_/128_single_client&oldid=60661"