697
edits
Changes
Tinc VPN configuration examples (view source)
Revision as of 11:24, 18 November 2022
, 11:24, 18 November 2022no edit summary
1. tinc is not installed on our devices, therefore, it has to be installed via the package manager. '''Services -> Package Manager -> Packages''' and search for '''tinc VPN''' and press '''+''' to install.
1. tinc is not installed on our devices, therefore, it has to be installed via the package manager. '''Services -> Package Manager -> Packages''' and search for '''tinc VPN''' and press '''+''' to install.
[[File:TincPackage.png|border|class=tlt-border|1100x700px]]
[[File:TincPackage.png|border|class=tlt-border|900x700px]]
2. After '''successful''' installation, package status should be changed to '''Installed.'''
2. After '''successful''' installation, package status should be changed to '''Installed.'''
[[File:Tincinstallation2.png|border|class=tlt-border|1100x700px]]
[[File:Tincinstallation2.png|border|class=tlt-border|900x700px]]
* In '''Network -> Firewall -> General''' you should see a '''new Firewall zone''' “'''<span style="color:khaki">tinc</span>'''” created:
* In '''Network -> Firewall -> General''' you should see a '''new Firewall zone''' “'''<span style="color:khaki">tinc</span>'''” created:
[[File:Tincfwzone2.png|border|class=tlt-border|1100x700px]]
[[File:Tincfwzone2.png|border|class=tlt-border|900x700px]]
* Lastly, in '''Network -> Firewall -> Traffic rules''' a '''new traffic rule added:'''
* Lastly, in '''Network -> Firewall -> Traffic rules''' a '''new traffic rule added:'''
[[File:Tinctraffic2.png|border|class=tlt-border|1100x700px]]
[[File:Tinctraffic2.png|border|class=tlt-border|900x700px]]
You can do this with '''WinSCP''', or using CLI’s <span style=color:dodgerblue>'''scp'''</span> to transfer files from one device to the other.
You can do this with '''WinSCP''', or using CLI’s <span style=color:dodgerblue>'''scp'''</span> to transfer files from one device to the other.
[[File:Tincscp1.2.png|border|class=tlt-border]]
[[File:Tincscp1.2.png|border|class=tlt-border|1100x700px]]
[[File:Tincscp2.2.png|border|class=tlt-border]]
[[File:Tincscp2.2.png|border|class=tlt-border|1100x700px]]
Here on CLI, In 1st picture, I used scp to transfer RUT1’s host file directly to my RUT2, because RUT1 has public IP and therefore, I can directly communicate with it, and later, transferred RUT2’s host file to the RUT1 in the 2nd picture.
Here on CLI, In 1st picture, I used scp to transfer RUT1’s host file directly to my RUT2, because RUT1 has public IP and therefore, I can directly communicate with it, and later, transferred RUT2’s host file to the RUT1 in the 2nd picture.
on rut2 <span style=color:limegreen>'''example/tinc-up'''</span>
on rut2 <span style=color:limegreen>'''example/tinc-up'''</span>
[[File:Tincup2.png|border|class=tlt-border|1100x700px]]
[[File:Tincup2.png|border|class=tlt-border]]
* However, you’ll only be able to reach each other’s device LAN IP, but not the end devices. Therefore you need to change firewall rules.
* However, you’ll only be able to reach each other’s device LAN IP, but not the end devices. Therefore you need to change firewall rules.
'''FIREWALL'''
'''FIREWALL'''
1. To achieve end-to-end client communication you need to configure the tinc zone '''Network->Firewall->General''', that was created at the installation. Press the edit button to configure it.[[File:Tincfirewall1.png]]
1. To achieve end-to-end client communication you need to configure the tinc zone '''Network->Firewall->General''', that was created at the installation. Press the edit button to configure it.[[File:Tincfirewall1.png|border|class=tlt-border|1100x700px]]
[[File:Tincfirewall2.png|border|class=tlt-border|1100x700px]]
[[File:Tincfirewall2.png|border|class=tlt-border|900x700px]]
2. Open ''Allow forward to destination zones'' list.
2. Open ''Allow forward to destination zones'' list.
3. Select '''lan''' zone, this will allow us to access LAN network from outside via tinc VPN.
3. Select '''lan''' zone, this will allow us to access LAN network from outside via tinc VPN.
[[File:Tincfirewall3.png|border|class=tlt-border|1100x700px]]
[[File:Tincfirewall3.png|border|class=tlt-border|900x700px]]
4. Open ''Allow forward from source zones'' list.
4. Open ''Allow forward from source zones'' list.
