Tinc: Difference between revisions
From charlesreid1
| Line 60: | Line 60: | ||
(The tinc documentation [http://www.tinc-vpn.org/documentation-1.1/Multiple-networks.html#Multiple-networks] also mentions that the network interface that is created will have the same name as the network.) | (The tinc documentation [http://www.tinc-vpn.org/documentation-1.1/Multiple-networks.html#Multiple-networks] also mentions that the network interface that is created will have the same name as the network.) | ||
===On server 1 ( | ===On server 1 (maya)=== | ||
Create a network configuration directory <code>/etc/tinc/</code> | Create a network configuration directory <code>/etc/tinc/</code> | ||
Within that, create a directory with the same name as the network, <code> | Within that, create a directory with the same name as the network, <code>master/</code> | ||
<pre> | <pre> | ||
mkdir -p /etc/tinc/ | mkdir -p /etc/tinc/master/ | ||
cd /etc/tinc/ | cd /etc/tinc/master/ | ||
</pre> | </pre> | ||
Now create a tinc.conf file: | Now create a tinc.conf file: | ||
'''/etc/tinc/ | '''/etc/tinc/master/tinc.conf''' on server "maya" | ||
<pre> | <pre> | ||
# The name of the node, must be unique for the network | # The name of the node, must be unique for the network | ||
Name = | Name = maya | ||
# Either ipv4 or ipv6 | # Either ipv4 or ipv6 | ||
| Line 89: | Line 89: | ||
# Nodes to connect | # Nodes to connect | ||
ConnectTo = | ConnectTo = jupiter | ||
</pre> | </pre> | ||
Now create a tinc-up file: | Now create a tinc-up file: | ||
'''/etc/tinc/ | '''/etc/tinc/master/tinc-up''' on server "maya" | ||
<pre> | <pre> | ||
| Line 101: | Line 101: | ||
</pre> | </pre> | ||
This will result in the server " | This will result in the server "maya" having the VPN IP address 10.25.0.1 | ||
Finally, create a tinc-down file: | Finally, create a tinc-down file: | ||
'''/etc/tinc/ | '''/etc/tinc/master/tinc-down''' on server "maya" | ||
<pre> | <pre> | ||
Revision as of 09:09, 21 January 2018
What is Tinc
Tinc is a mesh-style VPN software that is very lightweight and easier to configure (and more flexible) than OpenVPN. Tinc is not good for large networks, but it's perfect for a small group of servers that simply need to have access to one another.
Installing Tinc
Do it the easy way...
Mac
$ brew install tinc [...snip...] $ which tincd /usr/local/sbin/tincd $ tincd --version tinc version 1.0.33 Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others. See the AUTHORS file for a complete list. tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details.
Debian Linux
On Linux:
$ apt-get install tinc
This will install a daemon called tincd, accessible to the root user only.
$ sudo su [sudo] password for charles: root@jupiter:/home/charles# which tincd /usr/sbin/tincd root@jupiter:/home/charles# tincd --version tinc version 1.0.31 Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others. See the AUTHORS file for a complete list. tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details.
Configuring Tinc
In Tinc you create different named mesh networks. One computer can be a part of multiple networks. Here we set up the network "starwars" to connect servers "vader" and "luke".
(The tinc documentation [1] also mentions that the network interface that is created will have the same name as the network.)
On server 1 (maya)
Create a network configuration directory /etc/tinc/
Within that, create a directory with the same name as the network, master/
mkdir -p /etc/tinc/master/ cd /etc/tinc/master/
Now create a tinc.conf file:
/etc/tinc/master/tinc.conf on server "maya"
# The name of the node, must be unique for the network Name = maya # Either ipv4 or ipv6 AddressFamily = any # Use TAP Device = /dev/net/tun # Put Tinc in TAP mode Mode = switch # Nodes to connect ConnectTo = jupiter
Now create a tinc-up file:
/etc/tinc/master/tinc-up on server "maya"
#!/bin/sh ifconfig $INTERFACE 10.25.0.1 netmask 255.255.0.0
This will result in the server "maya" having the VPN IP address 10.25.0.1
Finally, create a tinc-down file:
/etc/tinc/master/tinc-down on server "maya"
#!/bin/sh ifconfig $INTERFACE down
Make the up/down files executable:
chmod +x tinc-*
On server 2 (luke)
Start by creating a folder with the same name as the network:
mkdir -p /etc/tinc/starwars/ cd /etc/tinc/starwars/
/etc/tinc/starwars/tinc.conf on server "luke"
# The name of the node, must be unique for the network Name = luke # Either ipv4 or ipv6 AddressFamily = any # Use TAP Device = /dev/net/tun # Put Tinc in TAP mode Mode = switch # Nodes to connect ConnectTo = vader
Now create a tinc-up file:
/etc/tinc/starwars/tinc-up on server "luke"
#!/bin/sh ifconfig $INTERFACE 10.25.0.2 netmask 255.255.0.0
This will result in the server "luke" having the VPN IP address 10.25.0.2
Finally, create a tinc-down file:
/etc/tinc/starwars/tinc-down on server "luke"
#!/bin/sh ifconfig $INTERFACE down
Make the tinc-* files executable:
chmod +x tinc-*
Notes
https://silvenga.com/deploy-a-tinc-mesh-vpn-running-tap/
http://www.allsundry.com/2011/04/10/tinc-better-than-openvpn/
All the setup you need:
In /etc/netname/tinc.conf: Name = host1 ConnectTo = host2 In /etc/netname/tinc-up ifconfig $INTERFACE 192.168.XX.1 netmask 255.255.0.0 # Generate keypairs for host tincd -n netname -K # Create file for this host. Prepend to /etc/netname/hosts/host1 Address = host1.full.domain.com Subnet = 192.168.XX.0/24
Flags
 |
OpenVPN a tool for creating and connecting to virtual private networks.
Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS
|
|
br0wsing the web an0nymously the anonymity-encryption-privacy-firewall sandwich required to successfully hide your identity and browse anonymously online.
Pi Hole Pi Hole uses a Raspberry Pi as an intermediate sinkhole for "extra" traffic, trackers, scripts, etc. The Tools Tor · Privoxy · SSH · Stunnel · OpenVPN · Proxychains
You · Your Browser · Content Filter · Traffic Encryption · Traffic Location Anonymization
|