Tinc/NewNode

From charlesreid1

Procedure for adding a new node (Mac):

Setting Up New Mac Node

Install: 

$ brew install tinc

Prep directory structure: 

mkdir -p /usr/local/etc/tinc/master/
cd /usr/local/etc/tinc/master/

Edit tinc.conf: 

$ cat tinc.conf
Name = cronus
AddressFamily = any
Mode = switch
ConnectTo = jupiter

Edit tinc-up and tinc-down: 

$ cat tinc-up
#!/bin/sh
ifconfig $INTERFACE 10.6.0.3 netmask 255.255.0.0

$ cat tinc-down
#!/bin/sh
ifconfig $INTERFACE down

Make executable: 

$ chmod +x tinc-up tinc-down

Make hosts directory: 

$ git clone https://charlesreid1.com:3000/charlesreid1/tinc-hosts.git hosts
$ cd hosts

Edit the file cronus to add the IP and subnet for cronus: 

$ cat hosts/cronus
Address = 192.168.125.50
Subnet = 10.0.0.0/16

Generate a public key by running tinc with the -K flag, which will add the public key to the end of the cronus machine host file: 

$ tincd -n master -K

Add cronus file the tinc-hosts repository and commit it.

Pull the updated cronus machine file on other machines (e.g. jupiter)

Setting Up New Debian Node

Install: 

$ apt-get install tinc

Prep directory structure: 

mkdir -p /etc/tinc/master/
cd /etc/tinc/master/

Edit tinc.conf: 

$ cat tinc.conf
Name = rojo
AddressFamily = any
Mode = switch

Edit tinc-up and tinc-down: 

$ cat tinc-up
#!/bin/sh
ifconfig $INTERFACE 10.6.0.4 netmask 255.255.0.0

$ cat tinc-down
#!/bin/sh
ifconfig $INTERFACE down

Make executable: 

$ chmod +x tinc-up tinc-down

Make hosts directory: 

$ git clone https://charlesreid1.com:3000/charlesreid1/tinc-hosts.git hosts
$ cd hosts

Edit the file cronus to add the IP and subnet for rojo: 

$ cat hosts/rojo
Address = charlesreid1.com
Subnet = 10.0.0.0/16

Generate a public key by running tinc with the -K flag, which will add the public key to the end of the rojo machine host file: 

$ tincd -n master -K

Add rojo file the tinc-hosts repository and commit it.

Pull the updated rojo machine file on other machines.

Network Architecture/Configuration

krash = central public server

blackbeard = secondary public server

jupiter/cronus/maya = behind nat network



Old Example

Old example: three computers behind NAT network + firewall (jupiter/cronus/maya), one public computer on the public internet (rojo)

The setup with Tinc when there are multiple nodes is as follows:

rojo = debian server, jupiter = debian server, cronus = mac, maya = mac

Rojo is a public server, so it serves as the furthest-upstream server.

Jupiter, cronus, and maya are all on a private network behind a firewall, so they connect to each other and then one reaches out to connect to rojo. Tinc is a peer-to-peer VPN model, so that allows the flexible arrangement.

Rojo will not connect to anyone, but will simply listen for incoming connections.

Jupiter will be set to connect to rojo when tinc starts.

Maya and cronus will be set to connect to jupiter when tinc starts.

TincNetworkConfiguration.png

tinc.conf on rojo: 

$ cat tinc.conf
Name = rojo
AddressFamily = any
Device = /dev/net/tun
Mode = switch

tinc.conf on jupiter: 

$ cat tinc.conf
Name = jupiter
AddressFamily = any
Device = /dev/net/tun
Mode = switch
ConnectTo = rojo

tinc.conf on cronus: 

$ cat tinc.conf
Name = cronus
AddressFamily = any
Mode = switch
ConnectTo = jupiter

tinc.conf on maya: 

$ cat tinc.conf
Name = maya
AddressFamily = any
Mode = switch
ConnectTo = jupiter

Flags

Retrieved from "https://charlesreid1.com/w/index.php?title=Tinc/NewNode&oldid=24666"