Jaranguda

Belajar Mengajar

OpenVPN dengan IPv6 di Linux Server

Last Updated on By Leave a Comment

Sebelum menggunakan IPv6 pastikan OpenVPN anda sudah bisa terhubung lewat IPv4, ini untuk mempermudah troubleshooting bila ada masalah baik di server ataupun di client.

Kebutuhan untuk eksperimen ini :
1. Server dengan OS Linux (Native/Tunneled IPv6 minimal /112)
2. Client (OS Linux atau Windows 7/10).

Server OpenVPN

Disini kita menggunakan TUN, konfigurasi OpenVPN server (server.conf) sebelum ditambah untuk IPv4

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"

Tambahkan dibaris paling bawah. Bila anda memiliki /64 IPv6 dari provider anda, /64 juga bisa digunakan disini. Karena menurut saya sangat sia-sia menggunakan /64 maka saya menggunakan subnet yang lebih kecil yaitu /112 (65536 host). Untuk menghitung subnet gunakan aplikasi online yang bertebaran.

server-ipv6 2001:df1:XXX:XXX:XXX::/112
push "route-ipv6 2000::/3"

Edit file /etc/sysctl.conf tambahkan dibaris paling bawah

net.ipv6.conf.all.proxy_ndp=1
net.ipv6.conf.all.forwarding=1

aktifkan perubahan dengan perintah

sysctl -p

Setting Client

Di client sendiri tidak perlu ditambah apapun, cukup gunakan yang sudah ada. Di Linux cara untuk konek ke server OpenVPN

su -c "openvpn client.conf"

untuk Windows 10 download openvpn client dari openvpn.net saya menggunakan yang 64 Bit (openvpn-install-2.3.9-I601-x86_64.exe). Copy file configurasi anda (contoh client.conf) ke folder C:\Program Files\OpenVPN\config. Jalankan aplikasi OpenVPN.
openvpn ipv6 windows10

Disini kita masih harus manual untuk mengaktifkan IPv6 tersebut. Cek IPv6 yang dimiliki oleh client, di Linux gunakan ifconfig di Windows ipconfig /all. Contoh
Fedora Linux

tun0: flags=4305  mtu 1500
        inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
        inet6 2001:df1:XXXX:XXXX:XXXX::1000  prefixlen 112  scopeid 0x0
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 63537  bytes 46897845 (44.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 61295  bytes 19438143 (18.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Windows 10

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-53-75-A6-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:df1:XXXX:XXXX:7::1004(Preferred)
   Link-local IPv6 Address . . . . . : fe80::40a3:b66f:342f:d2b7%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, December 21, 2015 3:00:45 PM
   Lease Expires . . . . . . . . . . : Tuesday, December 20, 2016 3:00:45 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.8.0.254
   DHCPv6 IAID . . . . . . . . . . . : 100728658
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-02-1F-04-B1-E9-00-1C-29-45-86-10
   DNS Servers . . . . . . . . . . . : 8.8.4.4
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Copy IPv6 tersebut lalu di server OpenVPN jalankan perintah

ip neigh add proxy 2001:df1:XXXX:XXXX:7::1004 dev eth0
### atau
ip neigh add proxy 2001:df1:XXXX:XXXX:7::1000 dev eth0

Percobaan IPv6

Untuk mengetahui IPv6 anda berjalan lancar, buka situs ipv6-test.com

dual stack openvpn
IPv4 + IPv6

atau situs www.kame.net bila anda mengakses situs tersebut menggunakan IPv6 kura-kuranya akan menari-nari.

Kura Kura Menari
www.kame.net

bisa juga dengan ping6, di Windows ping -6

$ ping6 -c6 google.com
PING google.com(sa-in-x65.1e100.net) 56 data bytes
64 bytes from sa-in-x65.1e100.net: icmp_seq=1 ttl=52 time=32.6 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=2 ttl=52 time=32.8 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=3 ttl=52 time=32.5 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=4 ttl=52 time=32.2 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=5 ttl=52 time=32.8 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=6 ttl=52 time=32.9 ms
 
$ ping6 -c6 facebook.com
PING facebook.com(edge-star-mini6-shv-07-frc3.facebook.com) 56 data bytes
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=1 ttl=40 time=279 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=2 ttl=40 time=280 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=3 ttl=40 time=279 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=4 ttl=40 time=279 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=5 ttl=40 time=279 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=6 ttl=40 time=279 ms
 
$ ping6 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=46 time=104 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=46 time=105 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=46 time=104 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=4 ttl=46 time=105 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=5 ttl=46 time=105 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=6 ttl=46 time=104 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=7 ttl=46 time=105 ms

Last Updated on 10 May 2016 by

Tulisan menarik lainnya

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *