Changes

Changes

3,931 bytes added , 3 years ago

Finalized tinc standard setup information

Line 55: Line 55:

== TINC ==

−

~~Information on how to setup tinc~~.

Tinc is an open-source, self-routing, mesh networking protocol, used for compressed, encrypted, virtual private networks.

Tinc is available for FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, Mac OS X, Linux, Microsoft Windows, Solaris, IOS (jailbroken only), and Android with full support for IPv6.

You can download tinc for *nix and Windows systems from https://www.tinc-vpn.org/

−

~~Tinc is an open-source, self-routing, mesh networking protocol, used for compressed, encrypted, virtual private networks.~~

The tinc website includes many examples on common setups. They can be found at https://www.tinc-vpn.org/examples/

Line 68: Line 66:

Tinc can be setup in a mesh network with multiple systems.

−

''Note: You can setup tinc with just two systems ~~or as many as your system will allow~~.''

''Note: You can setup tinc with just two systems using these instructions and adjusting the steps accordingly.''

For this setup we will have three hosts called Server 1, Server 2, and Server 3. The following is a brief synopsis of the network config for each:

Line 75: Line 73:

<big>'''VPN NAME: NoMoreSecrets'''</big><br />'''SERVER 1:'''

−

public ip: 44.xx.1.100

public ip: 1.1.1.100

vpn ip: 10.0.0.1

connects to: server 2, server 3

'''SERVER 2:'''

−

public ip: 44.xx.2.100

public ip: 1.1.2.100

vpn ip: 10.0.0.2

connects to: server 1, server 3

'''SERVER 3:'''

−

public ip: 44.xx.3.100

public ip: 1.1.3.100

vpn ip: 10.0.0.3

connects to: server 1, server 2

Line 91: Line 89: −

The following directory tree will be present on all three hosts for this setup:<syntaxhighlight>

−

/etc~~/tinc~~

The following directory tree will be present on all three hosts for this setup:

/etc

└── tinc

└── NoMoreSecrets

Line 103: Line 104:

├── tinc-down

└── tinc-up

</syntaxhighlight>

====Individual node setup and configuration====

All servers used in this example will be running Ubuntu 18.04.

'''Server1:'''

* Install tinc

apt install tinc -y

* Create directories

mkdir -p /etc/tinc/NoMoreSecrets/hosts/

Create the following files:

* /etc/tinc/NoMoreSecrets/hosts/server1:

Address = 1.1.1.100

Subnet = 10.0.0.1

* /etc/tinc/NoMoreSecrets/tinc.conf:

Name = server1

Interface = tun0

AddressFamily = ipv4

ConnectTo = server2

ConnectTo = server3

* /etc/tinc/NoMoreSecrets/tinc-up:

#!/bin/sh

ip link set $INTERFACE up

ip addr add 10.0.0.1/32 dev $INTERFACE

ip route add 10.0.0.0/24 dev $INTERFACE

* /etc/tinc/NoMoreSecrets/tinc-down:

#!/bin/sh

ip route del 10.0.0.0/24 dev $INTERFACE

ip addr del 10.0.0.1/32 dev $INTERFACE

ip link set $INTERFACE down

'''Server2:'''

* Install tinc

apt install tinc -y

* Create directories

mkdir -p /etc/tinc/NoMoreSecrets/hosts/

Create the following files:

* /etc/tinc/NoMoreSecrets/hosts/server2:

Address = 1.1.2.100

Subnet = 10.0.0.2

* /etc/tinc/NoMoreSecrets/tinc.conf:

Name = server2

Interface = tun0

AddressFamily = ipv4

ConnectTo = server1

ConnectTo = server3

* /etc/tinc/NoMoreSecrets/tinc-up:

#!/bin/sh

ip link set $INTERFACE up

ip addr add 10.0.0.2/32 dev $INTERFACE

ip route add 10.0.0.0/24 dev $INTERFACE

* /etc/tinc/NoMoreSecrets/tinc-down:

#!/bin/sh

ip route del 10.0.0.0/24 dev $INTERFACE

ip addr del 10.0.0.2/32 dev $INTERFACE

ip link set $INTERFACE down

'''Server3:'''

* Install tinc

apt install tinc -y

* Create directories

mkdir -p /etc/tinc/NoMoreSecrets/hosts/

Create the following files:

* /etc/tinc/NoMoreSecrets/hosts/server3:

Address = 1.1.3.100

Subnet = 10.0.0.3

−

</~~syntaxhighlight>~~

* /etc/tinc/NoMoreSecrets/tinc.conf:

Name = server3

Interface = tun0

AddressFamily = ipv4

ConnectTo = server1

ConnectTo = server2

* /etc/tinc/NoMoreSecrets/tinc-up:

#!/bin/sh

ip link set $INTERFACE up

ip addr add 10.0.0.3/32 dev $INTERFACE

ip route add 10.0.0.0/24 dev $INTERFACE

* /etc/tinc/NoMoreSecrets/tinc-down:

#!/bin/sh

ip route del 10.0.0.0/24 dev $INTERFACE

ip addr del 10.0.0.3/32 dev $INTERFACE

ip link set $INTERFACE down

* On all servers create public/private keypair with:

tincd -n NoMoreSecrets -K4096

* Synchronize host files with public keys between all three servers with rsync:

* From Server1:

rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server2:/etc/tinc/NoMoreSecrets/hosts/

rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server3:/etc/tinc/NoMoreSecrets/hosts/

* From Server2:

rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server1:/etc/tinc/NoMoreSecrets/hosts/

rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server3:/etc/tinc/NoMoreSecrets/hosts/

* From Server3:

rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server1:/etc/tinc/NoMoreSecrets/hosts/

rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server2:/etc/tinc/NoMoreSecrets/hosts/

* On all servers set the executable bit on the tinc-up and tinc-down scripts

chmod +x /etc/tinc/NoMoreSecrets/tinc-up

chmod +x /etc/tinc/NoMoreSecrets/tinc-down

* On all servers enable and start tinc

systemctl enable tinc@NoMoreSecrets

systemctl start tinc@NoMoreSecrets

Once tinc is up and running on all three servers you should be able to communicate over the 10.0.0.0/24 network.

Since this is a mesh network, if direct communication between two nodes drops, tinc will route all traffic through the remaining node until direct communication is restored.

==== Troubleshooting ====

# Check tinc logs to see what the error shown is. Refer to official documentation at https://www.tinc-vpn.org/docs/

# Check firewall on both hosts to make sure port 655 is being accepted.

# Check IP on Address line of hosts to ensure they are correct.

# Check IP on Subnet line of hosts files to ensure they are correct.

=== Simplified tinc 1.1 Windows setup ===

Kg7qin

ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors

1,714

edits

Retrieved from "http://wiki.pttlink.org/wiki/Special:MobileDiff/1995"

VPN (view source)

Revision as of 10:00, 15 November 2020

Navigation menu

Search