Hallo. Ich habe auf einem VPS einen OVPN Server laufen. Dort habe ich die Möglichkeit mehrere IPV6 Adressen zu nutzen. Ich würde mich nun gerne auf einen mit dem OVPN verbunden Client über eine IPV6 Adresse mittels SSH verbinden. Auch soll hierfür eine Portweiterleitung zum Client realisiert werden. Leider bekomme ich immer Timeouts. Was ich gemacht habe:
OVPN Server mit IPV6 konfiguriert:
github.com
Server Conf:
port 1194
proto udp6
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "dhcp-option DNS6 2001:4860:4860::8888"
push "dhcp-option DNS6 2001:4860:4860::8844"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_AvwhcTZ2Z4658DQi.crt
key server_AvwhcTZ2Z4658DQi.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
Client Conf:
client
proto udp
explicit-exit-notify
remote 217.160.61.162 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_AvwhcTZ2Z4658DQi name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
...
External Server IP = 2001:8d8:1800:8486::1
Internal OVPN Server IP = fd42:42:42:42::1
Internal OVPN Client IP = fd42:42:42:42::1000
und
sudo ip6tables -F &&
sudo ip6tables -A INPUT -i lo -j ACCEPT &&
sudo ip6tables -A INPUT -m conntrack --ctstate INVALID -j DROP &&
sudo ip6tables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT &&
sudo ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT &&
sudo ip6tables -A INPUT -p ipv6-icmp -j ACCEPT &&
sudo ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT &&
sudo ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT &&
sudo ip6tables -A FORWARD -s 2001:8d8:1800:8486::1 -j ACCEPT &&
sudo ip6tables -A FORWARD -s fd42:42:42:42::1000 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 22 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 25 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 80 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 443 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 587 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 993 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 4190 -j ACCEPT &&
sudo ip6tables -A INPUT -j ACCEPT
Leider ohne Erfolg. Ich bitte verzweifelt um Hilfe. Was fehlt mir?
Vielen Dank.
OVPN Server mit IPV6 konfiguriert:
GitHub - angristan/openvpn-install: Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux. - angristan/openvpn-install
Server Conf:
port 1194
proto udp6
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "dhcp-option DNS6 2001:4860:4860::8888"
push "dhcp-option DNS6 2001:4860:4860::8844"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_AvwhcTZ2Z4658DQi.crt
key server_AvwhcTZ2Z4658DQi.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
Client Conf:
client
proto udp
explicit-exit-notify
remote 217.160.61.162 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_AvwhcTZ2Z4658DQi name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
...
External Server IP = 2001:8d8:1800:8486::1
Internal OVPN Server IP = fd42:42:42:42::1
Internal OVPN Client IP = fd42:42:42:42::1000
und
sudo ip6tables -F &&
sudo ip6tables -A INPUT -i lo -j ACCEPT &&
sudo ip6tables -A INPUT -m conntrack --ctstate INVALID -j DROP &&
sudo ip6tables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT &&
sudo ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT &&
sudo ip6tables -A INPUT -p ipv6-icmp -j ACCEPT &&
sudo ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT &&
sudo ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT &&
sudo ip6tables -A FORWARD -s 2001:8d8:1800:8486::1 -j ACCEPT &&
sudo ip6tables -A FORWARD -s fd42:42:42:42::1000 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 22 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 25 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 80 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 443 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 587 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 993 -j ACCEPT &&
sudo ip6tables -A FORWARD -d fd42:42:42:42::1000 -p tcp --dport 4190 -j ACCEPT &&
sudo ip6tables -A INPUT -j ACCEPT
Leider ohne Erfolg. Ich bitte verzweifelt um Hilfe. Was fehlt mir?
Vielen Dank.