Cara Menginstal OpenVPN di IPv6 VPS

Oleh admin Diposting di18 September 2021

Dalam tutorial ini, kita akan menginstal OpenVPN pada VPS IPv6, selain itu, kita juga akan membuat VPS IPv6 dapat terhubung ke jaringan IPv4 dan IPv6 sehingga pengguna OpenVPN tidak harus memiliki IPv6.

 

Persyaratan: Ubuntu 20.04 & IPv6

1. Jika Anda belum memiliki VPS, Anda dapat membuat VPS ipv6 gratis di Hax.co.id, VPS gratis Hax di-host di Singapura sehingga koneksi mungkin lambat ke UE/AS kecuali di Asia jadi gunakan server ini hanya untuk belajar , ini adalah IPv6 saya:
   2001: 470 : 1 :be9: 0000 : 0002 :098f:db26
2. Periksa tutorial ini untuk cara menghubungkan ke ipv6 vps
3. Pastikan TUN sudah aktif di VPS Anda, periksa dengan menggunakan perintah ini
   kucing / dev / net / tun

   jika hasilnya File descriptor dalam keadaan bad maka anda sudah siap untuk menginstal openvpn, jika tidak silahkan aktifkan TUN dengan mengikuti tutorial ini : Cara Mengaktifkan TUN/TAP di VPS

4. Let’s start installing OpenVPN
   
   apt update -y

   apt install curl nano -y

   curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh

   chmod 755 openvpn-install.sh

   ./openvpn-install.sh

   Please follow the example below:

   IP address: (just enter here)

   Do you want to enable IPv6 support (NAT)? y

   What port do you want OpenVPN to listen to? 1

   What protocol do you want OpenVPN to use? 2

   What DNS resolvers do you want to use with the VPN? 1

   Enable compression? n

   Customize encryption settings? n

   Press any key to continue (enter)

   .....installing......

   Client name: hax

   Do you want to protect the configuration file with a password? 1

   

   When the installation is complete, you will see something like below
   

5. The generated openvpn configuration will be stored in /root/hax.ovpn
   
6. Get your IPv4 and Port by using this tool: IPv4 to access IPv6
   Please remember that in the previous steps we have set the openvpn port is 1194 (TCP) so you have to set the destination is [ipv6]:1194 and the protocol is TCP, for ipv4 port, you can use any port, in this example I am using port 2233 as the image below
   
7. Next, return to your VPS then use your favorite editor to modify the configuration
   nano /root/hax.ovpn

   Change remote xxxx:xxxx:xxxx:xxxx 1194 to your IPv4 and port we just created in previous step
   in my case, from

   remote 2001:470:1:be9:0:2:98f:db26 1194

   to

   remote 103.253.24.40 2233

   and please remove these lines

   ignore-unknown-option block-outside-dns

   setenv opt block-outside-dns # Prevent Windows 10 DNS leak

   here is my final configuration

   

8. Download the openvpn config to you device, you can use any sftp file manager to connect to your VPS and download from /root/ location. Because I’m too lazy to use other application, I just copy the configuration and create new file on my android or pc then paste it there.
   feel free to use any method you like, if you want to follow my method, use this command to show all configuration then block all text from top until bottom
   cat /root/hax.ovpn
9. Verify your openvpn status and allow traffic forwarding
   netstat -tulpn

   OpenVPN should be there on port 1194
   
   copy and paste this to your VPS to allow port fowarding

   echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf;

   echo "net.ipv6.conf.all.disable_ipv6=0" >> /etc/sysctl.conf;

   echo "net.ipv6.conf.default.disable_ipv6=0" >> /etc/sysctl.conf;

   echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf;

   sysctl -p

   then run this command to set iptables, please change 2001:470:1:be9:0000 with your IPv6

   ip6tables -A INPUT -p tcp --dport 1194 -j ACCEPT

   ip6tables -A FORWARD -m state --state NEW -i tun0 -o venet0 -s 2001:470:1:be9:0000/64 -j ACCEPT

   ip6tables -A FORWARD -m state --state NEW -i venet0 -o tun0 -d 2001:470:1:be9:0000/64 -j ACCEPT

   ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    

10. Everything is set up now, you can try connecting to your IPv6 VPS using OpenVPN Connect

    Here are additional steps to use OpenVPN with SNI
    modify your openvpn’s configuration and add this payload
    

    http-proxy 194.124.35.115 443

    http-proxy-option CUSTOM-HEADER CONNECT HTTP/1.1

    http-proxy-option CUSTOM-HEADER Host www.tiktok.com

    http-proxy-option CUSTOM-HEADER X-Online-Host www.tiktok.com

    http-proxy-option CUSTOM-HEADER X-Forward-Host www.tiktok.com

    http-proxy-option CUSTOM-HEADER Connection keep-alive

    you can change 194.124.35.115 with your squid proxy, in this example we are using a free squid proxy from https://howdy.id/proxy-server/, in the near future we will write the tutorial how to setup your own squid proxy. Also, change tiktok.com with your real SNI then save it.

    Just for your information, the Hax VPS is currently hosted in Singapore but uses DNS64 from europe so it’s a bit slow/laggy as traffic has to move from Singapore to Europe then to your location so when you test openvpn on your device it might be slow at first but keep patient and wait. we will try to deploy our own DNS64 as soon as possible to avoid this issue later.

     

11. Testing on Openvpn Connect