Jump to content

Tinc VPN configuration examples: Difference between revisions

no edit summary
No edit summary
Line 39: Line 39:
First of, lets configure a simple connection between two tinc instances, i.e., '''RUT1''' and '''RUT2''' as described above in '''configuration scheme 1'''.
First of, lets configure a simple connection between two tinc instances, i.e., '''RUT1''' and '''RUT2''' as described above in '''configuration scheme 1'''.


* tinc is not installed on our devices, therefore, it has to be installed via the package manager. '''Services -> Package Manager -> Packages''' and search for '''tinc VPN'''
* tinc is not installed on our devices, therefore, it has to be installed via the package manager. '''Services -> Package Manager -> Packages''' and search for '''tinc VPN'''.


[[File:TincPackage.png|612x612px]]
[[File:TincPackage.png|612x612px]]


* After '''successful''' installation you should see a '''new Firewall zone''' “'''tinc'''” created and a '''new traffic rule added'''.
* After '''successful''' installation you should see a '''new Firewall zone''' “'''<span style=color:khaki>tinc</span>'''” created and a '''new traffic rule added'''.


[[File:Tincfwzone.png]]
[[File:Tincfwzone.png]]
Line 50: Line 50:


* From now all configuration will be made using command line interface.
* From now all configuration will be made using command line interface.
* Make a folder for your tinc daemon where all your configurations will be kept. This procedure is required if you’re going to run more than one tinc daemon on one PC. However, if you only need one instance, then you can keep all configuration in default directory at “'''/etc/tinc/'''”
* Make a folder for your tinc daemon where all your configurations will be kept. This procedure is required if you’re going to run more than one tinc daemon on one PC. However, if you only need one instance, then you can keep all configuration in default directory at “'''<span style=color:limegreen>/etc/tinc/</span>'''”
* Use '''mkdir''' to create a new folder at '''/etc/tinc/'''
* Use <span style=color:dodgerblue>'''mkdir'''</span> to create a new folder at '''<span style=color:limegreen>/etc/tinc/</span>'''


[[File:Tincfolder.png]]
[[File:Tincfolder.png]]


* Then use your favorite text editor (I’m using vi) and create '''tinc.conf''' (If you skipped making specific folder, then you can create configs as mentioned earlier – in parent folder “'''vi /etc/tinc/tinc.conf'''”
* Then use your favorite text editor (I’m using vi) and create '''tinc.conf''' (If you skipped making specific folder, then you can create configs as mentioned earlier – in parent folder “'''<span style=color:dodgerblue>vi</span> <span style=color:limegreen>/etc/tinc/tinc.conf</span>'''”


[[File:Tincconfigfile.png]]
[[File:Tincconfigfile.png]]


* And on RUT2 use a different name (ex. rut2) and add the line “ConnectTo = rut1”
* And on RUT2 use a different name (ex. <span style=color:limegreen>rut2</span>) and add the line “<span style=color:limegreen>ConnectTo = rut1</span>”
* Name your device, specify address family, and interface. Try not to set the interface to “'''tun0'''” as it is a system reserved interface and may not work with this VPN.
* Name your device, specify address family, and interface. Try not to set the interface to “'''tun0'''” as it is a system reserved interface and may not work with this VPN.
* Then on RUT1 create '''tinc-up''' script, which will turn on your VPN interface.
* Then on RUT1 create '''tinc-up''' script, which will turn on your VPN interface.




“vi /etc/tinc/example/tinc-up”
“<span style=color:dodgerblue>vi</span> <span style=color:limegreen>/etc/tinc/example/tinc-up</span>”


#!/bin/sh
#!/bin/sh
 
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0




Line 74: Line 73:




#!/bin/sh
#!/bin/sh
 
ifconfig $INTERFACE 10.0.0.2 netmask 255.255.255.0
ifconfig $INTERFACE 10.0.0.2 netmask 255.255.255.0




Line 82: Line 80:




“vi /etc/tinc/example/tinc-down”
“<span style=color:dodgerblue>vi</span> <span style=color:limegreen>/etc/tinc/example/tinc-down</span>”
 
#!/bin/sh


ip link set $INTERFACE down
#!/bin/sh
ip link set $INTERFACE down




* Set permissions to your scripts using “'''chmod 755 /etc/tinc/example/tinc-*'''”
* Set permissions to your scripts using “'''<span style=color:dodgerblue>chmod 755</span> <span style=color:limegreen>/etc/tinc/example/tinc-*</span>'''”
* Now, create last configuration files. First, create a folder for all the hosts and their info, then create a host file using text editor.
* Now, create last configuration files. First, create a folder for all the hosts and their info, then create a host file using text editor.




"mkdir /etc/tinc/example/hosts/"
"<span style=color:dodgerblue>mkdir <span style=color:limegreen>/etc/tinc/example/hosts/</span>"


On rut1:
On rut1:


"vi /etc/tinc/example/hosts/rut1"
"<span style=color:dodgerblue>vi <span style=color:limegreen>/etc/tinc/example/hosts/rut1</span>"


Subnet = 10.0.0.1/32
Subnet = 10.0.0.1/32
Address = 84.84.84.84
Address = 84.84.84.84


On rut2:
On rut2:


"vi /etc/tinc/example/hosts/rut1"
"<span style=color:dodgerblue>vi</span> <span style=color:limegreen>/etc/tinc/example/hosts/rut1</span>"


Subnet = 10.0.0.2/32
Subnet = 10.0.0.2/32
Address = 80.80.100.100 (Optional)
Address = 80.80.100.100 (Optional)




* After creating host files, generate public/private keypair
* After creating host files, generate public/private keypair
'''tincd -n netname -K''' , in our scenario: “'''tincd -n example -K'''” and simply press enter to accept the default.
'''<span style=color:dodgerblue>tincd -n ''netname'' -K</span>''' , in our scenario: “'''<span style=color:dodgerblue>tincd -n example -K</span>'''” and simply press enter to accept the default.
* After keypairs were generated, you need to copy the device’s host file to the other device. Copy RUT1’s hosts/rut1 file to RUT2 and place it in the same folder hosts/ and do the same with the RUT2 file placing it in the RUT1 hosts folder.
* After keypairs were generated, you need to copy the device’s host file to the other device. Copy RUT1’s <span style=color:limegreen>hosts/rut1</span> file to RUT2 and place it in the same folder <span style=color:limegreen>hosts/</span> and do the same with the RUT2 file placing it in the RUT1 hosts folder.


You can do this with '''WinSCP''', or using CLI’s scp to transfer files from one device to the other.
You can do this with '''WinSCP''', or using CLI’s <span style=color:dodgerblue>scp</span> to transfer files from one device to the other.


[[File:Tincscp1.png]]
[[File:Tincscp1.png]]
Line 122: Line 119:
Here on CLI, In 1st picture, I used scp to transfer RUT1’s host file directly to my RUT2, because RUT1 has public IP and therefore, I can directly communicate with it, and later, transferred RUT2’s host file to the RUT1 in the 2nd picture.
Here on CLI, In 1st picture, I used scp to transfer RUT1’s host file directly to my RUT2, because RUT1 has public IP and therefore, I can directly communicate with it, and later, transferred RUT2’s host file to the RUT1 in the 2nd picture.


* After  both host files were shared between two devices, we can start our tinc instances. “tincd -n netname”, or in our case “tincd -n example”, additionally, I recommend using debug mode, to check whether there are any connectivity errors “tincd -n example -D -d3” (d3 – debug level 3)
* After  both host files were shared between two devices, we can start our tinc instances. “<span style=color:dodgerblue>tincd -n netname</span>”, or in our case “<span style=color:dodgerblue>tincd -n example</span>”, additionally, I recommend using debug mode, to check whether there are any connectivity errors “<span style=color:dodgerblue>tincd -n example -D -d3</span>” (d3 – debug level 3)


'''RUT1:'''
'''RUT1:'''
Line 142: Line 139:
We’ll continue with our previous configurations.
We’ll continue with our previous configurations.


* Update your host file in hosts/ by adding your LAN network.
* Update your host file in <span style=color:limegreen>hosts/</span> by adding your LAN network.


hosts/rut1 file:
<span style=color:limegreen>hosts/rut1</span> file:


[[File:Tinchosts1.png]]
[[File:Tinchosts1.png]]


hosts/rut2 file:
<span style=color:limegreen>hosts/rut2</span> file:


[[File:Tinchosts2.png]]
[[File:Tinchosts2.png]]
Line 154: Line 151:
* Add a route to other’s device LAN network through your tinc interface:
* Add a route to other’s device LAN network through your tinc interface:
Add a line to your tinc-up script, so that a route will be added when tinc is started.
Add a line to your tinc-up script, so that a route will be added when tinc is started.
on rut1 example/tinc-up
on rut1 <span style=color:limegreen>example/tinc-up</span>


[[File:Tincup1.png]]
[[File:Tincup1.png]]


on rut2 example/tinc-up
on rut2 <span style=color:limegreen>example/tinc-up</span>


[[File:Tincup2.png]]
[[File:Tincup2.png]]