Tinc: Difference between revisions

Revision as of 09:11, 21 January 2018

What is Tinc

Tinc is a mesh-style VPN software that is very lightweight and easier to configure (and more flexible) than OpenVPN. Tinc is not good for large networks, but it's perfect for a small group of servers that simply need to have access to one another.

Installing Tinc

Do it the easy way...

Mac

$ brew install tinc

[...snip...]

$ which tincd
/usr/local/sbin/tincd

$ tincd --version
tinc version 1.0.33
Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others.
See the AUTHORS file for a complete list.

tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,
and you are welcome to redistribute it under certain conditions;
see the file COPYING for details.

Debian Linux

On Linux:

$ apt-get install tinc

This will install a daemon called tincd, accessible to the root user only.

$ sudo su
[sudo] password for charles:

root@jupiter:/home/charles# which tincd
/usr/sbin/tincd

root@jupiter:/home/charles# tincd --version
tinc version 1.0.31
Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others.
See the AUTHORS file for a complete list.

tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,
and you are welcome to redistribute it under certain conditions;
see the file COPYING for details.

Configuring Tinc

In Tinc you create different named mesh networks. One computer can be a part of multiple networks. Here we set up the network "starwars" to connect servers "vader" and "luke".

(The tinc documentation [1] also mentions that the network interface that is created will have the same name as the network.)

On server 1 (maya, mac os x)

Following are instructions used to set up tinc on Maya, a Mac OS X laptop, using the homebrew-installed tinc.

Create a network configuration directory /usr/local/etc/tinc/

Within that, create a directory with the same name as the network, master/

mkdir -p /usr/local/etc/tinc/master/
cd /usr/local/etc/tinc/master/

Now create a tinc.conf file:

/usr/local/etc/tinc/master/tinc.conf on server "maya"

# The name of the node, must be unique for the network 
Name = maya

# Either ipv4 or ipv6
AddressFamily = any

# Use TAP
Device = /dev/net/tun

# Put Tinc in TAP mode
Mode = switch

# Nodes to connect
ConnectTo = jupiter

Now create a tinc-up file:

/usr/local/etc/tinc/master/tinc-up on server "maya"

#!/bin/sh 
ifconfig $INTERFACE 10.25.0.1 netmask 255.255.0.0

This will result in the server "maya" having the VPN IP address 10.25.0.1

Finally, create a tinc-down file:

/usr/local/etc/tinc/master/tinc-down on server "maya"

#!/bin/sh 
ifconfig $INTERFACE down

Make the up/down files executable:

chmod +x tinc-*

On server 2 (jupiter, debian linux)

Following are the configuration steps taken on Jupiter, a Debian Linux server.

Start by creating a folder with the same name as the network:

mkdir -p /etc/tinc/master/
cd /etc/tinc/master/

/etc/tinc/master/tinc.conf on server "jupiter"

# The name of the node, must be unique for the network 
Name = jupiter

# Either ipv4 or ipv6
AddressFamily = any

# Use TAP
Device = /dev/net/tun

# Put Tinc in TAP mode
Mode = switch

# Nodes to connect
ConnectTo = maya

Now create a tinc-up file:

/etc/tinc/master/tinc-up on server "jupiter"

#!/bin/sh 
ifconfig $INTERFACE 10.25.0.2 netmask 255.255.0.0

This will result in the server "jupiter" having the VPN IP address 10.25.0.2

Finally, create a tinc-down file:

/etc/tinc/master/tinc-down on server "jupiter"

#!/bin/sh 
ifconfig $INTERFACE down

Make the tinc-* files executable:

chmod +x tinc-*

Notes

https://silvenga.com/deploy-a-tinc-mesh-vpn-running-tap/

http://www.allsundry.com/2011/04/10/tinc-better-than-openvpn/

All the setup you need:

In /etc/netname/tinc.conf:
Name = host1
ConnectTo = host2

In /etc/netname/tinc-up
ifconfig $INTERFACE 192.168.XX.1 netmask 255.255.0.0

# Generate keypairs for host
tincd -n netname -K

# Create file for this host. Prepend to /etc/netname/hosts/host1
Address = host1.full.domain.com
Subnet = 192.168.XX.0/24

Flags

@@ Line 60: / Line 60: @@
 (The tinc documentation [http://www.tinc-vpn.org/documentation-1.1/Multiple-networks.html#Multiple-networks] also mentions that the network interface that is created will have the same name as the network.)
-===On server 1 (maya)===
+===On server 1 (maya, mac os x)===
-Create a network configuration directory <code>/etc/tinc/</code>
+Following are instructions used to set up tinc on Maya, a Mac OS X laptop, using the homebrew-installed tinc.
+Create a network configuration directory <code>/usr/local/etc/tinc/</code>
 Within that, create a directory with the same name as the network, <code>master/</code>
 <pre>
-mkdir -p /etc/tinc/master/
+mkdir -p /usr/local/etc/tinc/master/
-cd /etc/tinc/master/
+cd /usr/local/etc/tinc/master/
 </pre>
 Now create a tinc.conf file:
-'''/etc/tinc/master/tinc.conf''' on server "maya"
+'''/usr/local/etc/tinc/master/tinc.conf''' on server "maya"
 <pre>
@@ Line 94: / Line 96: @@
 Now create a tinc-up file:
-'''/etc/tinc/master/tinc-up''' on server "maya"
+'''/usr/local/etc/tinc/master/tinc-up''' on server "maya"
 <pre>
@@ Line 105: / Line 107: @@
 Finally, create a tinc-down file:
-'''/etc/tinc/master/tinc-down''' on server "maya"
+'''/usr/local/etc/tinc/master/tinc-down''' on server "maya"
 <pre>