In this tutorial, we will install OpenVPN on an IPv6 VPS, moreover, we will also make an IPv6 VPS able to connect to both IPv4 and IPv6 networks so that OpenVPN users don’t have to have IPv6.
Requirements : Ubuntu 20.04 & IPv6
- If you dont have a VPS yet, you can create a free ipv6 VPS on Hax.co.id, Hax’s free VPS is hosted in Singapore so connection may be slow to EU/US except in Asia so use this server for learning only , this is my IPv6:
2001:470:1:be9:0000:0002:098f:db26
- Check this tutorial for how to connect to ipv6 vps
- Make sure TUN is already active on your VPS, check it by using this command
cat /dev/net/tun
if the result is File descriptor in bad state then you are ready to install openvpn, otherwise, please enable TUN by following this tutorial: How to Enable TUN/TAP on VPS
- Let’s start installing OpenVPN
apt update -y apt install curl nano -y curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh chmod 755 openvpn-install.sh ./openvpn-install.sh
Please follow the example below:
IP address: (just enter here) Do you want to enable IPv6 support (NAT)? y What port do you want OpenVPN to listen to? 1 What protocol do you want OpenVPN to use? 2 What DNS resolvers do you want to use with the VPN? 1 Enable compression? n Customize encryption settings? n Press any key to continue (enter) .....installing...... Client name: hax Do you want to protect the configuration file with a password? 1
When the installation is complete, you will see something like below
- The generated openvpn configuration will be stored in /root/hax.ovpn
- Get your IPv4 and Port by using this tool: IPv4 to access IPv6
Please remember that in the previous steps we have set the openvpn port is 1194 (TCP) so you have to set the destination is [ipv6]:1194 and the protocol is TCP, for ipv4 port, you can use any port, in this example I am using port 2233 as the image below
- Next, return to your VPS then use your favorite editor to modify the configuration
nano /root/hax.ovpn
Change remote xxxx:xxxx:xxxx:xxxx 1194 to your IPv4 and port we just created in previous step
in my case, fromremote 2001:470:1:be9:0:2:98f:db26 1194
to
remote 103.253.24.40 2233
and please remove these lines
ignore-unknown-option block-outside-dns setenv opt block-outside-dns # Prevent Windows 10 DNS leak
here is my final configuration
- Download the openvpn config to you device, you can use any sftp file manager to connect to your VPS and download from /root/ location. Because I’m too lazy to use other application, I just copy the configuration and create new file on my android or pc then paste it there.
feel free to use any method you like, if you want to follow my method, use this command to show all configuration then block all text from top until bottomcat /root/hax.ovpn
- Verify your openvpn status and allow traffic forwarding
netstat -tulpn
OpenVPN should be there on port 1194
copy and paste this to your VPS to allow port fowardingecho "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf; echo "net.ipv6.conf.all.disable_ipv6=0" >> /etc/sysctl.conf; echo "net.ipv6.conf.default.disable_ipv6=0" >> /etc/sysctl.conf; echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf; sysctl -p
then run this command to set iptables, please change 2001:470:1:be9:0000 with your IPv6
ip6tables -A INPUT -p tcp --dport 1194 -j ACCEPT ip6tables -A FORWARD -m state --state NEW -i tun0 -o venet0 -s 2001:470:1:be9:0000/64 -j ACCEPT ip6tables -A FORWARD -m state --state NEW -i venet0 -o tun0 -d 2001:470:1:be9:0000/64 -j ACCEPT ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
- Everything is set up now, you can try connecting to your IPv6 VPS using OpenVPN Connect
Here are additional steps to use OpenVPN with SNI
modify your openvpn’s configuration and add this payload
http-proxy 194.124.35.115 443 http-proxy-option CUSTOM-HEADER CONNECT HTTP/1.1 http-proxy-option CUSTOM-HEADER Host www.tiktok.com http-proxy-option CUSTOM-HEADER X-Online-Host www.tiktok.com http-proxy-option CUSTOM-HEADER X-Forward-Host www.tiktok.com http-proxy-option CUSTOM-HEADER Connection keep-alive
you can change 194.124.35.115 with your squid proxy, in this example we are using a free squid proxy from https://howdy.id/proxy-server/, in the near future we will write the tutorial how to setup your own squid proxy. Also, change tiktok.com with your real SNI then save it.
Just for your information, the Hax VPS is currently hosted in Singapore but uses DNS64 from europe so it’s a bit slow/laggy as traffic has to move from Singapore to Europe then to your location so when you test openvpn on your device it might be slow at first but keep patient and wait. we will try to deploy our own DNS64 as soon as possible to avoid this issue later.
- Testing on Openvpn Connect