Dengan IPv6 terbuka pada modem Maxis Fiber. Kite boleh listen port ipv6 pada Ras Pi. Lepas nie aku akan membuat penulisan seperti nota sahaja.
Link PiVPN: https://www.pivpn.io/
Dapatkan free dynamic DNS: https://dynv6.com/
Jom! Aku ajar...
Cara mudah untuk install di Ras Pi, gunakan cmd:
::: INSTALLATION :::
crontab
script: reconnect.bash (auto force interface up)
script: dynv6.sh
/etc/openvpn/server.conf
* Untuk connect ke VPN nie, laptop/hp korang kene install OpenVPN
** Wajib open wifi / data korang dapat ipv6, sebab server nie listen dekat udp6
Connected je, korang bleh akses router, NAS..ape2 je laa dalam Network dirumah!
/!\ VPN gune Ras Pi nie, jgn harap laa laju..tp boleh laa dlm 12mbps dan secure kan connection korang bila connected ke open wifi tue. Nak laju ko remove nie dekat server.conf, tp ip ko xkan ikut umah la:
Tapi remove nie, local network pon xdpt usik..sama je
/!\ Lepas connected ke PiVPN, ko akan keluar dgn IP internet yang sama dirumah, tanpa IPv6, yang nie aku xsetel lagi..free2 nnt laa godek balik..
Baca openvpn performance on the pi: https://www.hackviking.com/single-board-computers/openvpn-performance-on-the-pi/
Link PiVPN: https://www.pivpn.io/
Dapatkan free dynamic DNS: https://dynv6.com/
Jom! Aku ajar...
Cara mudah untuk install di Ras Pi, gunakan cmd:
::: INSTALLATION :::
curl -L https://install.pivpn.io | bash
crontab
* * * * * /opt/wifi-tools/reconnect.bash
*/5 * * * * /home/pi/run-dns.sh
script: reconnect.bash (auto force interface up)
#!/bin/bash
if ifconfig eth0 | grep -q "inet 192" ; then
echo "eth0 is up" > /dev/null 2>&1
else
ifup --force eth0
fi
script: run-dns.shtoken=letak-token-sini /home/pi/dynv6.sh hostname-sini eth0
script: dynv6.sh
#!/bin/sh -e
hostname=$1
device=$2
file=$HOME/.dynv6.addr6
[ -e $file ] && old=`cat $file`
if [ -z "$hostname" -o -z "$token" ]; then
echo "Usage: token=<your-authentication-token> [netmask=64] $0 your-name.dynv6.net [device]"
exit 1
fi
if [ -z "$netmask" ]; then
netmask=128
fi
if [ -n "$device" ]; then
device="dev $device"
fi
address=$(ip -6 addr list scope global $device | grep -v " fd" | sed -n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1)
if [ -e /usr/bin/curl ]; then
bin="curl -fsS"
elif [ -e /usr/bin/wget ]; then
bin="wget -O-"
else
echo "neither curl nor wget found"
exit 1
fi
if [ -z "$address" ]; then
echo "no IPv6 address found"
exit 1
fi
# address with netmask
current=$address/$netmask
if [ "$old" = "$current" ]; then
echo "IPv6 address unchanged"
exit
fi
# send addresses to dynv6
$bin "http://dynv6.com/api/update?hostname=$hostname&ipv6=$current&token=$token"
$bin "http://ipv4.dynv6.com/api/update?hostname=$hostname&ipv4=auto&token=$token"
# save current address
echo $current > $file
/etc/openvpn/server.conf
dev tun
proto udp6
port port-sini
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/vpn-server_512523c1-c453-41df-87b3-3df30dcb9d0a.crt
key /etc/openvpn/easy-rsa/pki/private/vpn-server_512523c1-c453-41df-87b3-3df30dcb9d0a.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway 10.0.1.1"
client-to-client
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
##### IPV6 by The Tech Guy
server-ipv6 2001:xxx:xxx:xxx::/64
tun-ipv6
push tun-ipv6
ifconfig-ipv6 2001:xxx:xxx:xxx::1 2001:xxx:xxx:xxx::2
push "route-ipv6 2001:xxx:xxx:xxx::/64"
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
* Untuk connect ke VPN nie, laptop/hp korang kene install OpenVPN
** Wajib open wifi / data korang dapat ipv6, sebab server nie listen dekat udp6
Connected je, korang bleh akses router, NAS..ape2 je laa dalam Network dirumah!
/!\ VPN gune Ras Pi nie, jgn harap laa laju..tp boleh laa dlm 12mbps dan secure kan connection korang bila connected ke open wifi tue. Nak laju ko remove nie dekat server.conf, tp ip ko xkan ikut umah la:
push "redirect-gateway 10.0.1.1"
push "redirect-gateway ipv6"
Tapi remove nie, local network pon xdpt usik..sama je
/!\ Lepas connected ke PiVPN, ko akan keluar dgn IP internet yang sama dirumah, tanpa IPv6, yang nie aku xsetel lagi..free2 nnt laa godek balik..
Baca openvpn performance on the pi: https://www.hackviking.com/single-board-computers/openvpn-performance-on-the-pi/
No comments:
Post a Comment