Tag Archives: OpenVPN

Enable IPv6 in OpenVPN

08 Tuesday Nov 2016

Posted by in My Work, Tutorial

Leave a comment

Tags

,

In my earlier post (OpenVPN in Ubuntu 14.04) I have gone through the steps to install OpenVPN in Ubuntu; that was only for IPv4. To enable IPv6 in OpenVPN do the followings:

OpenVPN Server IP : 2001:df2:ee00:ee00::10/64

2001:df2:ee00:abcd::/64 has been routed to the OpenVPN server host. That mean users connected via OpenVPN will get one prefix from 2001:df2:ee00:abcd::/64 block.

Step 1: We need to edit OpenVPN configuration file and enable IPv6 tunnel service

vi /etc/openvpn/server.conf

Add the following :

server-ipv6 2001:0df2:ee00:abcd::/64
tun-ipv6
push tun-ipv6
ifconfig-ipv6 2001:0df2:ee00:abcd::1 2001:0df2:ee00:abcd::2
push "route-ipv6 2001:0df2:ee00:ee00::2/64"
push "route-ipv6 2000::/3"

Step 2: Enable IPv6 forwarding:

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

Step 3: Reload OpenVPN Service

/etc/init.d/openvpn restart

Try connect your OpenVPN client. Test the IPv6 reachablity by accessing http://test-ipv6.com/

Note:
1. To make IPv6 forwarding persistent remember, in /etc/sysctl.conf uncomment:
net.ipv6.conf.all.forwarding = 1

2. Make sure that you route 2001:df2:ee00:abcd::/64 to you OpenVPN Server. I have done this from my cisco router

ipv6 route 2001:df2:ee00:abcd::/64 2001:df2:ee00:ee00::10

OpenVPN in Ubuntu 14.04

15 Thursday Sep 2016

Posted by in My Work

1 Comment

Tags

, , ,

The quickest way to install OpenVPN in Ubuntu 14.04:

1. Download the initial script:

$ wget https://git.io/vpn -O openvpn-install.sh

2. Run the command

$ sudo bash openvpn-install.sh

You need to define the external IP address on which you will run the service

a.External IP address on which you will run the service

b. Port No

c. DNS you want to use

To get the public IP you can try the following command:

dig TXT +short o-o.myaddr.l.google.com @ns1.google.com

It will create necessary certificates and also create the first client.

That is all. Your OpenVPN server has been configured and ready to use. You can see added firewall rules /etc/rc.local file:

$ cat /etc/rc.local
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 202.125.97.10

Type the following command start the OpenVPN service:

$ sudo /etc/init.d/openvpn start

The client certificate will be stored in the home directory.

fakrul-apnic.ovpn

To connect from MacOSX, you can use TunnelBlick which is available at https://tunnelblick.net

screen-shot-2016-09-15-at-4-52-37-pm

To add new client run the openvpn-install.sh script. Choose option 1 to add new client and certificate will be store in home folder.