Line 55: |
Line 55: |
| | | |
| == TINC == | | == TINC == |
− | Information on how to setup tinc.
| + | Tinc is an open-source, self-routing, mesh networking protocol, used for compressed, encrypted, virtual private networks. |
| | | |
| Tinc is available for FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, Mac OS X, Linux, Microsoft Windows, Solaris, IOS (jailbroken only), and Android with full support for IPv6. | | Tinc is available for FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, Mac OS X, Linux, Microsoft Windows, Solaris, IOS (jailbroken only), and Android with full support for IPv6. |
| | | |
| You can download tinc for *nix and Windows systems from https://www.tinc-vpn.org/ | | You can download tinc for *nix and Windows systems from https://www.tinc-vpn.org/ |
− |
| |
− | Tinc is an open-source, self-routing, mesh networking protocol, used for compressed, encrypted, virtual private networks.
| |
| | | |
| The tinc website includes many examples on common setups. They can be found at https://www.tinc-vpn.org/examples/ | | The tinc website includes many examples on common setups. They can be found at https://www.tinc-vpn.org/examples/ |
Line 68: |
Line 66: |
| Tinc can be setup in a mesh network with multiple systems. | | Tinc can be setup in a mesh network with multiple systems. |
| | | |
− | ''Note: You can setup tinc with just two systems or as many as your system will allow.'' | + | ''Note: You can setup tinc with just two systems using these instructions and adjusting the steps accordingly.'' |
| | | |
| For this setup we will have three hosts called Server 1, Server 2, and Server 3. The following is a brief synopsis of the network config for each: | | For this setup we will have three hosts called Server 1, Server 2, and Server 3. The following is a brief synopsis of the network config for each: |
Line 75: |
Line 73: |
| | | |
| <big>'''VPN NAME: NoMoreSecrets'''</big><br />'''SERVER 1:''' | | <big>'''VPN NAME: NoMoreSecrets'''</big><br />'''SERVER 1:''' |
− | public ip: 44.xx.1.100 | + | public ip: 1.1.1.100 |
| vpn ip: 10.0.0.1 | | vpn ip: 10.0.0.1 |
| connects to: server 2, server 3 | | connects to: server 2, server 3 |
| | | |
| '''SERVER 2:''' | | '''SERVER 2:''' |
− | public ip: 44.xx.2.100 | + | public ip: 1.1.2.100 |
| vpn ip: 10.0.0.2 | | vpn ip: 10.0.0.2 |
| connects to: server 1, server 3 | | connects to: server 1, server 3 |
| | | |
| '''SERVER 3:''' | | '''SERVER 3:''' |
− | public ip: 44.xx.3.100 | + | public ip: 1.1.3.100 |
| vpn ip: 10.0.0.3 | | vpn ip: 10.0.0.3 |
| connects to: server 1, server 2 | | connects to: server 1, server 2 |
Line 91: |
Line 89: |
| | | |
| | | |
− | The following directory tree will be present on all three hosts for this setup:<syntaxhighlight> | + | |
− | /etc/tinc | + | |
| + | The following directory tree will be present on all three hosts for this setup: |
| + | <syntaxhighlight> |
| + | /etc |
| └── tinc | | └── tinc |
| └── NoMoreSecrets | | └── NoMoreSecrets |
Line 103: |
Line 104: |
| ├── tinc-down | | ├── tinc-down |
| └── tinc-up | | └── tinc-up |
| + | </syntaxhighlight> |
| + | |
| + | ====Individual node setup and configuration==== |
| + | All servers used in this example will be running Ubuntu 18.04. |
| + | |
| + | '''Server1:''' |
| + | |
| + | * Install tinc |
| + | apt install tinc -y |
| + | |
| + | * Create directories |
| + | mkdir -p /etc/tinc/NoMoreSecrets/hosts/ |
| + | |
| + | Create the following files: |
| + | * /etc/tinc/NoMoreSecrets/hosts/server1: |
| + | Address = 1.1.1.100 |
| + | Subnet = 10.0.0.1 |
| + | |
| + | * /etc/tinc/NoMoreSecrets/tinc.conf: |
| + | Name = server1 |
| + | Interface = tun0 |
| + | AddressFamily = ipv4 |
| + | ConnectTo = server2 |
| + | ConnectTo = server3 |
| + | |
| + | * /etc/tinc/NoMoreSecrets/tinc-up: |
| + | #!/bin/sh |
| + | ip link set $INTERFACE up |
| + | ip addr add 10.0.0.1/32 dev $INTERFACE |
| + | ip route add 10.0.0.0/24 dev $INTERFACE |
| + | |
| + | * /etc/tinc/NoMoreSecrets/tinc-down: |
| + | #!/bin/sh |
| + | ip route del 10.0.0.0/24 dev $INTERFACE |
| + | ip addr del 10.0.0.1/32 dev $INTERFACE |
| + | ip link set $INTERFACE down |
| + | |
| + | '''Server2:''' |
| + | |
| + | * Install tinc |
| + | apt install tinc -y |
| + | |
| + | * Create directories |
| + | mkdir -p /etc/tinc/NoMoreSecrets/hosts/ |
| + | |
| + | Create the following files: |
| + | * /etc/tinc/NoMoreSecrets/hosts/server2: |
| + | Address = 1.1.2.100 |
| + | Subnet = 10.0.0.2 |
| + | |
| + | * /etc/tinc/NoMoreSecrets/tinc.conf: |
| + | Name = server2 |
| + | Interface = tun0 |
| + | AddressFamily = ipv4 |
| + | ConnectTo = server1 |
| + | ConnectTo = server3 |
| + | |
| + | * /etc/tinc/NoMoreSecrets/tinc-up: |
| + | #!/bin/sh |
| + | ip link set $INTERFACE up |
| + | ip addr add 10.0.0.2/32 dev $INTERFACE |
| + | ip route add 10.0.0.0/24 dev $INTERFACE |
| + | |
| + | * /etc/tinc/NoMoreSecrets/tinc-down: |
| + | #!/bin/sh |
| + | ip route del 10.0.0.0/24 dev $INTERFACE |
| + | ip addr del 10.0.0.2/32 dev $INTERFACE |
| + | ip link set $INTERFACE down |
| + | |
| + | '''Server3:''' |
| + | |
| + | * Install tinc |
| + | apt install tinc -y |
| + | |
| + | * Create directories |
| + | mkdir -p /etc/tinc/NoMoreSecrets/hosts/ |
| + | |
| + | Create the following files: |
| + | * /etc/tinc/NoMoreSecrets/hosts/server3: |
| + | Address = 1.1.3.100 |
| + | Subnet = 10.0.0.3 |
| | | |
− | </syntaxhighlight>
| + | * /etc/tinc/NoMoreSecrets/tinc.conf: |
| + | Name = server3 |
| + | Interface = tun0 |
| + | AddressFamily = ipv4 |
| + | ConnectTo = server1 |
| + | ConnectTo = server2 |
| + | |
| + | * /etc/tinc/NoMoreSecrets/tinc-up: |
| + | #!/bin/sh |
| + | ip link set $INTERFACE up |
| + | ip addr add 10.0.0.3/32 dev $INTERFACE |
| + | ip route add 10.0.0.0/24 dev $INTERFACE |
| + | |
| + | * /etc/tinc/NoMoreSecrets/tinc-down: |
| + | #!/bin/sh |
| + | ip route del 10.0.0.0/24 dev $INTERFACE |
| + | ip addr del 10.0.0.3/32 dev $INTERFACE |
| + | ip link set $INTERFACE down |
| + | |
| + | * On all servers create public/private keypair with: |
| + | tincd -n NoMoreSecrets -K4096 |
| + | |
| + | * Synchronize host files with public keys between all three servers with rsync: |
| + | |
| + | * From Server1: |
| + | rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server2:/etc/tinc/NoMoreSecrets/hosts/ |
| + | rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server3:/etc/tinc/NoMoreSecrets/hosts/ |
| + | |
| + | * From Server2: |
| + | rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server1:/etc/tinc/NoMoreSecrets/hosts/ |
| + | rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server3:/etc/tinc/NoMoreSecrets/hosts/ |
| + | |
| + | * From Server3: |
| + | rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server1:/etc/tinc/NoMoreSecrets/hosts/ |
| + | rsync -avz /etc/tinc/NoMoreSecrets/hosts/ server2:/etc/tinc/NoMoreSecrets/hosts/ |
| + | |
| + | * On all servers set the executable bit on the tinc-up and tinc-down scripts |
| + | chmod +x /etc/tinc/NoMoreSecrets/tinc-up |
| + | chmod +x /etc/tinc/NoMoreSecrets/tinc-down |
| + | |
| + | * On all servers enable and start tinc |
| + | systemctl enable tinc@NoMoreSecrets |
| + | systemctl start tinc@NoMoreSecrets |
| + | |
| + | Once tinc is up and running on all three servers you should be able to communicate over the 10.0.0.0/24 network. |
| + | |
| + | Since this is a mesh network, if direct communication between two nodes drops, tinc will route all traffic through the remaining node until direct communication is restored. |
| + | |
| + | ==== Troubleshooting ==== |
| + | # Check tinc logs to see what the error shown is. Refer to official documentation at https://www.tinc-vpn.org/docs/ |
| + | # Check firewall on both hosts to make sure port 655 is being accepted. |
| + | # Check IP on Address line of hosts to ensure they are correct. |
| + | # Check IP on Subnet line of hosts files to ensure they are correct. |
| | | |
| === Simplified tinc 1.1 Windows setup === | | === Simplified tinc 1.1 Windows setup === |