Tinc: Difference between revisions
From charlesreid1
No edit summary |
|||
| Line 56: | Line 56: | ||
==Configuring Tinc== | ==Configuring Tinc== | ||
In Tinc you create different named mesh networks. One computer can be a part of multiple networks. Here we set up the network "starwars" to connect servers "vader" and "luke". | |||
===On server 1 (vader)=== | |||
Create a network configuration directory <code>/etc/tinc/</code> | |||
Now create a tinc.conf file: | |||
'''/etc/tinc/tinc.conf''' on server "vader" | |||
<pre> | |||
# The name of the node, must be unique for the network | |||
Name = vader | |||
# Either ipv4 or ipv6 | |||
AddressFamily = any | |||
# Use TAP | |||
Device = /dev/net/tun | |||
# Put Tinc in TAP mode | |||
Mode = switch | |||
# Nodes to connect | |||
ConnectTo = luke | |||
</pre> | |||
Now create a tinc-up file: | |||
'''/etc/tinc/tinc-up''' on server "vader" | |||
<pre> | |||
#!/bin/sh | |||
ifconfig $INTERFACE 10.25.0.1 netmask 255.255.0.0 | |||
</pre> | |||
This will result in the server "vader" having the VPN IP address 10.25.0.1 | |||
Finally, create a tinc-down file: | |||
'''/etc/tinc/tinc-down''' on server "vader" | |||
<pre> | |||
#!/bin/sh | |||
ifconfig $INTERFACE down | |||
</pre> | |||
===On server 2 (luke)=== | |||
'''/etc/tinc/tinc.conf''' on server "luke" | |||
<pre> | |||
# The name of the node, must be unique for the network | |||
Name = luke | |||
# Either ipv4 or ipv6 | |||
AddressFamily = any | |||
# Use TAP | |||
Device = /dev/net/tun | |||
# Put Tinc in TAP mode | |||
Mode = switch | |||
# Nodes to connect | |||
ConnectTo = vader | |||
</pre> | |||
Now create a tinc-up file: | |||
'''/etc/tinc/tinc-up''' on server "luke" | |||
<pre> | |||
#!/bin/sh | |||
ifconfig $INTERFACE 10.25.0.2 netmask 255.255.0.0 | |||
</pre> | |||
This will result in the server "luke" having the VPN IP address 10.25.0.2 | |||
Finally, create a tinc-down file: | |||
'''/etc/tinc/tinc-down''' on server "luke" | |||
<pre> | |||
#!/bin/sh | |||
ifconfig $INTERFACE down | |||
</pre> | |||
==Notes== | ==Notes== | ||
Revision as of 22:11, 20 January 2018
What is Tinc
Tinc is a mesh-style VPN software that is very lightweight and easier to configure (and more flexible) than OpenVPN. Tinc is not good for large networks, but it's perfect for a small group of servers that simply need to have access to one another.
Installing Tinc
Do it the easy way...
Mac
$ brew install tinc [...snip...] $ which tincd /usr/local/sbin/tincd $ tincd --version tinc version 1.0.33 Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others. See the AUTHORS file for a complete list. tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details.
Debian Linux
On Linux:
$ apt-get install tinc
This will install a daemon called tincd, accessible to the root user only.
$ sudo su [sudo] password for charles: root@jupiter:/home/charles# which tincd /usr/sbin/tincd root@jupiter:/home/charles# tincd --version tinc version 1.0.31 Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others. See the AUTHORS file for a complete list. tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details.
Configuring Tinc
In Tinc you create different named mesh networks. One computer can be a part of multiple networks. Here we set up the network "starwars" to connect servers "vader" and "luke".
On server 1 (vader)
Create a network configuration directory /etc/tinc/
Now create a tinc.conf file:
/etc/tinc/tinc.conf on server "vader"
# The name of the node, must be unique for the network Name = vader # Either ipv4 or ipv6 AddressFamily = any # Use TAP Device = /dev/net/tun # Put Tinc in TAP mode Mode = switch # Nodes to connect ConnectTo = luke
Now create a tinc-up file:
/etc/tinc/tinc-up on server "vader"
#!/bin/sh ifconfig $INTERFACE 10.25.0.1 netmask 255.255.0.0
This will result in the server "vader" having the VPN IP address 10.25.0.1
Finally, create a tinc-down file:
/etc/tinc/tinc-down on server "vader"
#!/bin/sh ifconfig $INTERFACE down
On server 2 (luke)
/etc/tinc/tinc.conf on server "luke"
# The name of the node, must be unique for the network Name = luke # Either ipv4 or ipv6 AddressFamily = any # Use TAP Device = /dev/net/tun # Put Tinc in TAP mode Mode = switch # Nodes to connect ConnectTo = vader
Now create a tinc-up file:
/etc/tinc/tinc-up on server "luke"
#!/bin/sh ifconfig $INTERFACE 10.25.0.2 netmask 255.255.0.0
This will result in the server "luke" having the VPN IP address 10.25.0.2
Finally, create a tinc-down file:
/etc/tinc/tinc-down on server "luke"
#!/bin/sh ifconfig $INTERFACE down
Notes
https://silvenga.com/deploy-a-tinc-mesh-vpn-running-tap/
http://www.allsundry.com/2011/04/10/tinc-better-than-openvpn/
All the setup you need:
In /etc/netname/tinc.conf: Name = host1 ConnectTo = host2 In /etc/netname/tinc-up ifconfig $INTERFACE 192.168.XX.1 netmask 255.255.0.0 # Generate keypairs for host tincd -n netname -K # Create file for this host. Prepend to /etc/netname/hosts/host1 Address = host1.full.domain.com Subnet = 192.168.XX.0/24
Flags
 |
OpenVPN a tool for creating and connecting to virtual private networks.
Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS
|
|
br0wsing the web an0nymously the anonymity-encryption-privacy-firewall sandwich required to successfully hide your identity and browse anonymously online.
Pi Hole Pi Hole uses a Raspberry Pi as an intermediate sinkhole for "extra" traffic, trackers, scripts, etc. The Tools Tor · Privoxy · SSH · Stunnel · OpenVPN · Proxychains
You · Your Browser · Content Filter · Traffic Encryption · Traffic Location Anonymization
|