Sebelum menggunakan IPv6 pastikan OpenVPN anda sudah bisa terhubung lewat IPv4, ini untuk mempermudah troubleshooting bila ada masalah baik di server ataupun di client.
Kebutuhan untuk eksperimen ini :
1. Server dengan OS Linux (Native/Tunneled IPv6 minimal /112)
2. Client (OS Linux atau Windows 7/10).
Server OpenVPN
Disini kita menggunakan TUN, konfigurasi OpenVPN server (server.conf) sebelum ditambah untuk IPv4
port 1194 proto udp dev tun sndbuf 0 rcvbuf 0 ca ca.crt cert server.crt key server.key dh dh.pem topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 crl-verify /etc/openvpn/easy-rsa/pki/crl.pem push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8"
Tambahkan dibaris paling bawah. Bila anda memiliki /64 IPv6 dari provider anda, /64 juga bisa digunakan disini. Karena menurut saya sangat sia-sia menggunakan /64 maka saya menggunakan subnet yang lebih kecil yaitu /112 (65536 host). Untuk menghitung subnet gunakan aplikasi online yang bertebaran.
server-ipv6 2001:df1:XXX:XXX:XXX::/112 push "route-ipv6 2000::/3"
Edit file /etc/sysctl.conf tambahkan dibaris paling bawah
net.ipv6.conf.all.proxy_ndp=1 net.ipv6.conf.all.forwarding=1
aktifkan perubahan dengan perintah
sysctl -pSetting Client
Di client sendiri tidak perlu ditambah apapun, cukup gunakan yang sudah ada. Di Linux cara untuk konek ke server OpenVPN
su -c "openvpn client.conf"
untuk Windows 10 download openvpn client dari openvpn.net saya menggunakan yang 64 Bit (openvpn-install-2.3.9-I601-x86_64.exe). Copy file configurasi anda (contoh client.conf) ke folder C:\Program Files\OpenVPN\config. Jalankan aplikasi OpenVPN.
Disini kita masih harus manual untuk mengaktifkan IPv6 tersebut. Cek IPv6 yang dimiliki oleh client, di Linux gunakan ifconfig di Windows ipconfig /all. Contoh
Fedora Linux
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.0.2 netmask 255.255.255.0 destination 10.8.0.2 inet6 2001:df1:XXXX:XXXX:XXXX::1000 prefixlen 112 scopeid 0x0<global> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 63537 bytes 46897845 (44.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 61295 bytes 19438143 (18.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Windows 10
Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-53-75-A6-6B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:df1:XXXX:XXXX:7::1004(Preferred) Link-local IPv6 Address . . . . . : fe80::40a3:b66f:342f:d2b7%6(Preferred) IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Monday, December 21, 2015 3:00:45 PM Lease Expires . . . . . . . . . . : Tuesday, December 20, 2016 3:00:45 PM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.8.0.254 DHCPv6 IAID . . . . . . . . . . . : 100728658 DHCPv6 Client DUID. . . . . . . . : 00-01-00-02-1F-04-B1-E9-00-1C-29-45-86-10 DNS Servers . . . . . . . . . . . : 8.8.4.4 8.8.8.8 NetBIOS over Tcpip. . . . . . . . : Enabled
Copy IPv6 tersebut lalu di server OpenVPN jalankan perintah
ip neigh add proxy 2001:df1:XXXX:XXXX:7::1004 dev eth0 ### atau ip neigh add proxy 2001:df1:XXXX:XXXX:7::1000 dev eth0
Percobaan IPv6
Untuk mengetahui IPv6 anda berjalan lancar, buka situs ipv6-test.com
atau situs www.kame.net bila anda mengakses situs tersebut menggunakan IPv6 kura-kuranya akan menari-nari.
bisa juga dengan ping6, di Windows ping -6
$ ping6 -c6 google.com PING google.com(sa-in-x65.1e100.net) 56 data bytes 64 bytes from sa-in-x65.1e100.net: icmp_seq=1 ttl=52 time=32.6 ms 64 bytes from sa-in-x65.1e100.net: icmp_seq=2 ttl=52 time=32.8 ms 64 bytes from sa-in-x65.1e100.net: icmp_seq=3 ttl=52 time=32.5 ms 64 bytes from sa-in-x65.1e100.net: icmp_seq=4 ttl=52 time=32.2 ms 64 bytes from sa-in-x65.1e100.net: icmp_seq=5 ttl=52 time=32.8 ms 64 bytes from sa-in-x65.1e100.net: icmp_seq=6 ttl=52 time=32.9 ms $ ping6 -c6 facebook.com PING facebook.com(edge-star-mini6-shv-07-frc3.facebook.com) 56 data bytes 64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=1 ttl=40 time=279 ms 64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=2 ttl=40 time=280 ms 64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=3 ttl=40 time=279 ms 64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=4 ttl=40 time=279 ms 64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=5 ttl=40 time=279 ms 64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=6 ttl=40 time=279 ms $ ping6 www.kame.net PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=46 time=104 ms 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=46 time=105 ms 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=46 time=104 ms 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=4 ttl=46 time=105 ms 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=5 ttl=46 time=105 ms 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=6 ttl=46 time=104 ms 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=7 ttl=46 time=105 ms