Teltonika Networks Wiki

Changes

Tinc VPN configuration examples (view source)

Revision as of 14:11, 27 September 2022

142 bytes added ,  14:11, 27 September 2022
→‎Basic tunnel
Line 64: Line 64:       −
“<span style=color:dodgerblue>vi</span> <span style=color:limegreen>/etc/tinc/example/tinc-up</span>”
+
'''<span style="color:dodgerblue">vi</span> <span style="color:limegreen">/etc/tinc/example/tinc-up</span>'''
    
  #!/bin/sh
 
  #!/bin/sh
Line 77: Line 77:       −
* Accordingly, on both routers create a tinc-down script, which will turn off said VPN interface
+
* Accordingly, on '''both''' routers create a tinc-down script, which will turn off said VPN interface
      −
“<span style=color:dodgerblue>vi</span> <span style=color:limegreen>/etc/tinc/example/tinc-down</span>”
+
'''<span style="color:dodgerblue">vi</span> <span style="color:limegreen">/etc/tinc/example/tinc-down</span>'''
    
  #!/bin/sh
 
  #!/bin/sh
Line 87: Line 87:     
* Set permissions to your scripts using “'''<span style=color:dodgerblue>chmod 755</span> <span style=color:limegreen>/etc/tinc/example/tinc-*</span>'''”
 
* Set permissions to your scripts using “'''<span style=color:dodgerblue>chmod 755</span> <span style=color:limegreen>/etc/tinc/example/tinc-*</span>'''”
* Now, create last configuration files. First, create a folder for all the hosts and their info, then create a host file using text editor.
+
* Now, create last configuration files. First, create a folder for all the hosts and their info, then create a host file using text editor.<br /> "<span style="color:dodgerblue">'''mkdir <span style="color:limegreen">/etc/tinc/example/hosts/</span>'''"
   −
  −
"<span style=color:dodgerblue>mkdir <span style=color:limegreen>/etc/tinc/example/hosts/</span>"
      
On rut1:
 
On rut1:
   −
"<span style=color:dodgerblue>vi <span style=color:limegreen>/etc/tinc/example/hosts/rut1</span>"
+
"<span style="color:dodgerblue">'''vi <span style="color:limegreen">/etc/tinc/example/hosts/rut1</span>'''"
    
  Subnet = 10.0.0.1/32
 
  Subnet = 10.0.0.1/32
Line 102: Line 100:  
On rut2:
 
On rut2:
   −
"<span style=color:dodgerblue>vi</span> <span style=color:limegreen>/etc/tinc/example/hosts/rut1</span>"
+
"'''<span style="color:dodgerblue">vi</span> <span style="color:limegreen">/etc/tinc/example/hosts/rut1</span>'''"
    
  Subnet = 10.0.0.2/32
 
  Subnet = 10.0.0.2/32
Line 110: Line 108:  
* After creating host files, generate public/private keypair
 
* After creating host files, generate public/private keypair
 
'''<span style=color:dodgerblue>tincd -n ''netname'' -K</span>''' , in our scenario: “'''<span style=color:dodgerblue>tincd -n example -K</span>'''” and simply press enter to accept the default.
 
'''<span style=color:dodgerblue>tincd -n ''netname'' -K</span>''' , in our scenario: “'''<span style=color:dodgerblue>tincd -n example -K</span>'''” and simply press enter to accept the default.
* After keypairs were generated, you need to copy the device’s host file to the other device. Copy RUT1’s <span style=color:limegreen>hosts/rut1</span> file to RUT2 and place it in the same folder <span style=color:limegreen>hosts/</span> and do the same with the RUT2 file placing it in the RUT1 hosts folder.
+
* After keypairs were generated, you need to copy the device’s host file to the other device. Copy RUT1’s <span style=color:limegreen>'''hosts/rut1'''</span> file to RUT2 and place it in the same folder <span style=color:limegreen>'''hosts/'''</span> and do the same with the RUT2 file placing it in the RUT1 hosts folder.
   −
You can do this with '''WinSCP''', or using CLI’s <span style=color:dodgerblue>scp</span> to transfer files from one device to the other.
+
You can do this with '''WinSCP''', or using CLI’s <span style=color:dodgerblue>'''scp'''</span> to transfer files from one device to the other.
    
[[File:Tincscp1.2.png]]
 
[[File:Tincscp1.2.png]]
Line 120: Line 118:  
Here on CLI, In 1st picture, I used scp to transfer RUT1’s host file directly to my RUT2, because RUT1 has public IP and therefore, I can directly communicate with it, and later, transferred RUT2’s host file to the RUT1 in the 2nd picture.
 
Here on CLI, In 1st picture, I used scp to transfer RUT1’s host file directly to my RUT2, because RUT1 has public IP and therefore, I can directly communicate with it, and later, transferred RUT2’s host file to the RUT1 in the 2nd picture.
   −
* After  both host files were shared between two devices, we can start our tinc instances. “<span style=color:dodgerblue>tincd -n netname</span>”, or in our case “<span style=color:dodgerblue>tincd -n example</span>”, additionally, I recommend using debug mode, to check whether there are any connectivity errors “<span style=color:dodgerblue>tincd -n example -D -d3</span>” (d3 – debug level 3)
+
* After  both host files were shared between two devices, we can start our tinc instances. “<span style=color:dodgerblue>'''tincd -n netname'''</span>”, or in our case “<span style=color:dodgerblue>'''tincd -n example'''</span>”, additionally, I recommend using debug mode, to check whether there are any connectivity errors “<span style=color:dodgerblue>'''tincd -n example -D -d3'''</span>” (d3 – debug level 3)
    
'''RUT1:'''
 
'''RUT1:'''
Line 140: Line 138:  
We’ll continue with our previous configurations.
 
We’ll continue with our previous configurations.
   −
* Update your host file in <span style=color:limegreen>hosts/</span> by adding your LAN network.
+
* Update your host file in <span style=color:limegreen>'''hosts/'''</span> by adding your LAN network.
   −
<span style=color:limegreen>hosts/rut1</span> file:
+
<span style=color:limegreen>'''hosts/rut1'''</span> file:
    
[[File:Tinchosts1.png]]
 
[[File:Tinchosts1.png]]
   −
<span style=color:limegreen>hosts/rut2</span> file:
+
<span style=color:limegreen>'''hosts/rut2'''</span> file:
    
[[File:Tinchosts2.png]]
 
[[File:Tinchosts2.png]]
Line 152: Line 150:  
* Add a route to other’s device LAN network through your tinc interface:
 
* Add a route to other’s device LAN network through your tinc interface:
 
Add a line to your tinc-up script, so that a route will be added when tinc is started.
 
Add a line to your tinc-up script, so that a route will be added when tinc is started.
on rut1 <span style=color:limegreen>example/tinc-up</span>
+
 
 +
on rut1 <span style="color:limegreen">'''example/tinc-up'''</span>
    
[[File:Tincup1.png]]
 
[[File:Tincup1.png]]
   −
on rut2 <span style=color:limegreen>example/tinc-up</span>
+
on rut2 <span style=color:limegreen>'''example/tinc-up'''</span>
    
[[File:Tincup2.png]]
 
[[File:Tincup2.png]]
Line 168: Line 167:  
[[File:Tincfw2.png|843x843px]]
 
[[File:Tincfw2.png|843x843px]]
   −
We are going to allow all forwards via this interface, including lan and wan networks into this zone. This way we can communicate from END1 to RUT2’s lan as well as END2 and vice versa.
+
We are going to allow all forwards via this interface, including '''lan''' and '''wan networks''' into this zone. This way we can communicate from END1 to RUT2’s lan as well as END2 and vice versa.
 
In short '''LAN1 <-> WAN1 <-''' through tinc tunnel '''-> WAN2 <-> LAN2'''
 
In short '''LAN1 <-> WAN1 <-''' through tinc tunnel '''-> WAN2 <-> LAN2'''
    
[[File:TincTopology3.png]]
 
[[File:TincTopology3.png]]
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/96210"