Tinc: Difference between revisions
From charlesreid1
| Line 59: | Line 59: | ||
(The tinc documentation [http://www.tinc-vpn.org/documentation-1.1/Multiple-networks.html#Multiple-networks] also mentions that the network interface that is created will have the same name as the network.) | (The tinc documentation [http://www.tinc-vpn.org/documentation-1.1/Multiple-networks.html#Multiple-networks] also mentions that the network interface that is created will have the same name as the network.) | ||
Configuration files that are needed: | |||
* tinc.conf to specify name of this machine and name of machine being connected to | |||
* tinc-up to instruct how to bring up the VPN network interface and what IP address to use | |||
* tinc-down to instruct how to bring down the VPN network interface | |||
These config files should go in: | |||
* <code>/etc/tinc</code> on linux (using aptitude tinc) | |||
* <code>/usr/local/etc/tinc</code> on mac (using homebrew tinc) | |||
===On server 1 (maya, mac os x)=== | ===On server 1 (maya, mac os x)=== | ||
Revision as of 09:13, 21 January 2018
What is Tinc
Tinc is a mesh-style VPN software that is very lightweight and easier to configure (and more flexible) than OpenVPN. Tinc is not good for large networks, but it's perfect for a small group of servers that simply need to have access to one another.
Installing Tinc
Do it the easy way...
Mac
$ brew install tinc [...snip...] $ which tincd /usr/local/sbin/tincd $ tincd --version tinc version 1.0.33 Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others. See the AUTHORS file for a complete list. tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details.
Debian Linux
On Linux:
$ apt-get install tinc
This will install a daemon called tincd, accessible to the root user only.
$ sudo su [sudo] password for charles: root@jupiter:/home/charles# which tincd /usr/sbin/tincd root@jupiter:/home/charles# tincd --version tinc version 1.0.31 Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others. See the AUTHORS file for a complete list. tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details.
Configuring Tinc
In Tinc you create different named mesh networks. One computer can be a part of multiple networks. Here we set up the network "starwars" to connect servers "vader" and "luke".
(The tinc documentation [1] also mentions that the network interface that is created will have the same name as the network.)
Configuration files that are needed:
- tinc.conf to specify name of this machine and name of machine being connected to
- tinc-up to instruct how to bring up the VPN network interface and what IP address to use
- tinc-down to instruct how to bring down the VPN network interface
These config files should go in:
/etc/tincon linux (using aptitude tinc)/usr/local/etc/tincon mac (using homebrew tinc)
On server 1 (maya, mac os x)
Following are instructions used to set up tinc on Maya, a Mac OS X laptop, using the homebrew-installed tinc.
Create a network configuration directory /usr/local/etc/tinc/
Within that, create a directory with the same name as the network, master/
mkdir -p /usr/local/etc/tinc/master/ cd /usr/local/etc/tinc/master/
Now create a tinc.conf file:
/usr/local/etc/tinc/master/tinc.conf on server "maya"
# The name of the node, must be unique for the network Name = maya # Either ipv4 or ipv6 AddressFamily = any # Use TAP Device = /dev/net/tun # Put Tinc in TAP mode Mode = switch # Nodes to connect ConnectTo = jupiter
Now create a tinc-up file:
/usr/local/etc/tinc/master/tinc-up on server "maya"
#!/bin/sh ifconfig $INTERFACE 10.25.0.1 netmask 255.255.0.0
This will result in the server "maya" having the VPN IP address 10.25.0.1
Finally, create a tinc-down file:
/usr/local/etc/tinc/master/tinc-down on server "maya"
#!/bin/sh ifconfig $INTERFACE down
Make the up/down files executable:
chmod +x tinc-*
On server 2 (jupiter, debian linux)
Following are the configuration steps taken on Jupiter, a Debian Linux server.
Start by creating a folder with the same name as the network:
mkdir -p /etc/tinc/master/ cd /etc/tinc/master/
/etc/tinc/master/tinc.conf on server "jupiter"
# The name of the node, must be unique for the network Name = jupiter # Either ipv4 or ipv6 AddressFamily = any # Use TAP Device = /dev/net/tun # Put Tinc in TAP mode Mode = switch # Nodes to connect ConnectTo = maya
Now create a tinc-up file:
/etc/tinc/master/tinc-up on server "jupiter"
#!/bin/sh ifconfig $INTERFACE 10.25.0.2 netmask 255.255.0.0
This will result in the server "jupiter" having the VPN IP address 10.25.0.2
Finally, create a tinc-down file:
/etc/tinc/master/tinc-down on server "jupiter"
#!/bin/sh ifconfig $INTERFACE down
Make the tinc-* files executable:
chmod +x tinc-*
Notes
https://silvenga.com/deploy-a-tinc-mesh-vpn-running-tap/
http://www.allsundry.com/2011/04/10/tinc-better-than-openvpn/
All the setup you need:
In /etc/netname/tinc.conf: Name = host1 ConnectTo = host2 In /etc/netname/tinc-up ifconfig $INTERFACE 192.168.XX.1 netmask 255.255.0.0 # Generate keypairs for host tincd -n netname -K # Create file for this host. Prepend to /etc/netname/hosts/host1 Address = host1.full.domain.com Subnet = 192.168.XX.0/24
Flags
 |
OpenVPN a tool for creating and connecting to virtual private networks.
Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS
|
|
br0wsing the web an0nymously the anonymity-encryption-privacy-firewall sandwich required to successfully hide your identity and browse anonymously online.
Pi Hole Pi Hole uses a Raspberry Pi as an intermediate sinkhole for "extra" traffic, trackers, scripts, etc. The Tools Tor · Privoxy · SSH · Stunnel · OpenVPN · Proxychains
You · Your Browser · Content Filter · Traffic Encryption · Traffic Location Anonymization
|