How to Install OpenVPN on IPv6 VPS

Posted on

In this tutorial, we will install OpenVPN on an IPv6 VPS, moreover, we will also make an IPv6 VPS able to connect to both IPv4 and IPv6 networks so that OpenVPN users don’t have to have IPv6.

 

Requirements : Ubuntu 20.04 & IPv6

  1. If you dont have a VPS yet, you can create a free ipv6 VPS on Hax.co.id, Hax’s free VPS is hosted in Singapore so connection may be slow to EU/US except in Asia so use this server for learning only , this is my IPv6:
    2001:470:1:be9:0000:0002:098f:db26
  2. Check this tutorial for how to connect to ipv6 vps
  3. Make sure TUN is already active on your VPS, check it by using this command
    cat /dev/net/tun

    if the result is File descriptor in bad state then you are ready to install openvpn, otherwise, please enable TUN by following this tutorial: How to Enable TUN/TAP on VPS

  4. Let’s start installing OpenVPN

    apt update -y
    apt install curl nano -y
    curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
    chmod 755 openvpn-install.sh
    ./openvpn-install.sh

    Please follow the example below:

    IP address: (just enter here)
    Do you want to enable IPv6 support (NAT)? y
    What port do you want OpenVPN to listen to?  1
    What protocol do you want OpenVPN to use? 2 
    What DNS resolvers do you want to use with the VPN? 1
    Enable compression? n 
    Customize encryption settings? n 
    Press any key to continue (enter)
    
    .....installing......
    
    Client name: hax
    Do you want to protect the configuration file with a password? 1
    

    When the installation is complete, you will see something like below

  5. The generated openvpn configuration will be stored in /root/hax.ovpn
  6. Get your IPv4 and Port by using this tool: IPv4 to access IPv6
    Please remember that in the previous steps we have set the openvpn port is 1194 (TCP) so you have to set the destination is [ipv6]:1194 and the protocol is TCP, for ipv4 port, you can use any port, in this example I am using port 2233 as the image below
  7. Next, return to your VPS then use your favorite editor to modify the configuration
    nano /root/hax.ovpn

    Change remote xxxx:xxxx:xxxx:xxxx 1194 to your IPv4 and port we just created in previous step
    in my case, from

    remote 2001:470:1:be9:0:2:98f:db26 1194

    to

    remote 103.253.24.40 2233

    and please remove these lines

    ignore-unknown-option block-outside-dns
    setenv opt block-outside-dns # Prevent Windows 10 DNS leak
    

    here is my final configuration

  8. Download the openvpn config to you device, you can use any sftp file manager to connect to your VPS and download from /root/ location. Because I’m too lazy to use other application, I just copy the configuration and create new file on my android or pc then paste it there.
    feel free to use any method you like, if you want to follow my method, use this command to show all configuration then block all text from top until bottom

    cat /root/hax.ovpn
  9. Verify your openvpn status and allow traffic forwarding
    netstat -tulpn

    OpenVPN should be there on port 1194

    copy and paste this to your VPS to allow port fowarding

    echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf;
    echo "net.ipv6.conf.all.disable_ipv6=0" >> /etc/sysctl.conf;
    echo "net.ipv6.conf.default.disable_ipv6=0" >> /etc/sysctl.conf;
    echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf;
    sysctl -p

    then run this command to set iptables, please change 2001:470:1:be9:0000 with your IPv6

    ip6tables -A INPUT -p tcp --dport 1194 -j ACCEPT
    ip6tables -A FORWARD -m state --state NEW -i tun0 -o venet0 -s 2001:470:1:be9:0000/64 -j ACCEPT
    ip6tables -A FORWARD -m state --state NEW -i venet0 -o tun0 -d 2001:470:1:be9:0000/64 -j ACCEPT
    ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

     

  10. Everything is set up now, you can try connecting to your IPv6 VPS using OpenVPN Connect

    Here are additional steps to use OpenVPN with SNI
    modify your openvpn’s configuration and add this payload

    http-proxy 194.124.35.115 443
    http-proxy-option CUSTOM-HEADER CONNECT HTTP/1.1
    http-proxy-option CUSTOM-HEADER Host www.tiktok.com
    http-proxy-option CUSTOM-HEADER X-Online-Host www.tiktok.com
    http-proxy-option CUSTOM-HEADER X-Forward-Host www.tiktok.com
    http-proxy-option CUSTOM-HEADER Connection keep-alive

    you can change 194.124.35.115 with your squid proxy, in this example we are using a free squid proxy from https://howdy.id/proxy-server/, in the near future we will write the tutorial how to setup your own squid proxy. Also, change tiktok.com with your real SNI then save it.

    Just for your information, the Hax VPS is currently hosted in Singapore but uses DNS64 from europe so it’s a bit slow/laggy as traffic has to move from Singapore to Europe then to your location so when you test openvpn on your device it might be slow at first but keep patient and wait. we will try to deploy our own DNS64 as soon as possible to avoid this issue later.

     

  11. Testing on Openvpn Connect
See also  How to Install Trojan on IPv6 VPS