VPN with Tinc: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 22: | Line 22: | ||
* If needed, make a directory for pidfile and socket | * If needed, make a directory for pidfile and socket | ||
sudo mkdir -p /usr/local/var/run/ | sudo mkdir -p /usr/local/var/run/ | ||
=== MacOs === | === MacOs === | ||
| Line 100: | Line 44: | ||
tincd -n beernet -D -d3 | tincd -n beernet -D -d3 | ||
== Setup Client == | == Setup Client(s) == | ||
=== FreeBSD === | === FreeBSD and GNU/Linux === | ||
* Generate invite '''on the server''' | |||
tinc -b beernet invite ${CLIENT_NAME} | |||
* This will give you ${URL} | |||
* '''On the BSD/Linux client''' | |||
tinc.exe -n beernet join ${URL} | |||
tinc.exe -n beernet add subnet 10.10.10.2 | |||
* edit <code>/usr/local/etc/tinc/beernet/tinc-up</code>, so that your network interface is brought up correctly, for instance with: | |||
ifconfig $INTERFACE 10.10.10.2 netmask 255.255.255.0 # leave $INTERFACE as it is and remove the echo line | |||
* '''Note:''' if you don't have <code>ifconfig</code> available on your GNU/Linux distro, see PRO tips below. | |||
* test if your VPN works nicely for the time being by running it directly in a shell with extra verbose options: | |||
tincd -n beernet -D -d3 | |||
* try to ping the server from the client and the other way around to make all is good | |||
=== Windows === | === Windows === | ||
* Generate invite on the server | * Generate invite '''on the server''' | ||
tinc -b beernet invite ${CLIENT_NAME} | tinc -b beernet invite ${CLIENT_NAME} | ||
* This will give you ${URL} | * This will give you ${URL} | ||
* On the windows client | * '''On the windows client machine''', open a terminal, locate the Tinc install folder and: | ||
tinc.exe -n beernet join ${URL} | tinc.exe -n beernet join ${URL} | ||
tinc.exe -n beernet add subnet 10.10.10. | tinc.exe -n beernet add subnet 10.10.10.3 | ||
* got to <code>C:\Program Files\tinc\tap-win64</code> | * got to <code>C:\Program Files\tinc\tap-win64</code> | ||
* run <code>addtap.bat</code>. Click yes to install the driver. | * run <code>addtap.bat</code>. Click yes to install the driver. | ||
| Line 118: | Line 73: | ||
netsh interface set interface name = "${NAME}" newname = "tinc" | netsh interface set interface name = "${NAME}" newname = "tinc" | ||
* give it the same IP as tinc client config | * give it the same IP as tinc client config | ||
netsh interface ip set address "tinc" static 10.10.10. | netsh interface ip set address "tinc" static 10.10.10.3 255.255.255.0. | ||
* try to ping the server from the client and the other way around to make all is good | |||
=== MacOs === | |||
'''FIXME''' | |||
== PRO tips == | == PRO tips == | ||
| Line 127: | Line 86: | ||
=== Set up systemd services === | === Set up systemd services === | ||
* <code>/lib/systemd/system/tinc.service</code> | * <code>/lib/systemd/system/tinc.service</code> | ||
[Unit] | [Unit] | ||
| Line 167: | Line 125: | ||
sudo systemctl start tinc@lurknet | sudo systemctl start tinc@lurknet | ||
sudo systemctl stop tinc@lurknet | sudo systemctl stop tinc@lurknet | ||
== Further readings and more cool stuff == | |||
* https://pzwiki.wdka.nl/mediadesign/Tinc | |||
* https://www.tinc-vpn.org/documentation-1.1 | |||
[[Category: VPN]] | [[Category: VPN]] | ||
Revision as of 23:38, 18 February 2021
FIXME: What's a VPN, what's Tinc
Installation on Server(s) and Client(s)
FreeBSD
- Install tinc 1.1 pre from ports
sudo pkg install tinc-devel # binary sudo portmaster -iB security/tinc-devel # source
GNU/Linux (Debian based)
- Install tinc 1.1 pre from source (or pull the deb from experimental)
sudo apt install -y build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev
- Compile tinc 1.1pre :
cd /usr/src/ wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz tar xvf tinc-1.1pre17.tar.gz cd tinc-1.1pre17 ./configure make sudo make install
- Once installed, the configuration dir should be in
/usr/local/etc/tinc/.tincandtincdare installed in/usr/local/sbin/tinc - If needed, make a directory for pidfile and socket
sudo mkdir -p /usr/local/var/run/
MacOs
FIXME
Windows
- Install tinc 1.1 pre win binaries from upstream at https://tinc-vpn.org/download/
Setup Server(s)
FreeBSD and GNU/Linux
- Initialize new VPN
sudo tinc -n beernet init server
- Configure the host's own interface
sudo tinc -n beernet add subnet 10.10.10.1
- Configure the host's public IP, or domain if you have one for the host
sudo tinc -n beernet add address=super.domain.xxx # if you have a domain ... sudo tinc -n beernet add address=1.1.1.1 # or if you just have a public IP
- edit
/usr/local/etc/tinc/beernet/tinc-up, so that your network interface is brought up correctly, for instance with:
ifconfig $INTERFACE 10.10.10.1 netmask 255.255.255.0 # leave $INTERFACE as it is and remove the echo line
- Note: if you don't have
ifconfigavailable on your GNU/Linux distro, see PRO tips below. - test if your VPN works nicely for the time being by running it directly in a shell with extra verbose options:
tincd -n beernet -D -d3
Setup Client(s)
FreeBSD and GNU/Linux
- Generate invite on the server
tinc -b beernet invite ${CLIENT_NAME}
- This will give you ${URL}
- On the BSD/Linux client
tinc.exe -n beernet join ${URL}
tinc.exe -n beernet add subnet 10.10.10.2
- edit
/usr/local/etc/tinc/beernet/tinc-up, so that your network interface is brought up correctly, for instance with:
ifconfig $INTERFACE 10.10.10.2 netmask 255.255.255.0 # leave $INTERFACE as it is and remove the echo line
- Note: if you don't have
ifconfigavailable on your GNU/Linux distro, see PRO tips below. - test if your VPN works nicely for the time being by running it directly in a shell with extra verbose options:
tincd -n beernet -D -d3
- try to ping the server from the client and the other way around to make all is good
Windows
- Generate invite on the server
tinc -b beernet invite ${CLIENT_NAME}
- This will give you ${URL}
- On the windows client machine, open a terminal, locate the Tinc install folder and:
tinc.exe -n beernet join ${URL}
tinc.exe -n beernet add subnet 10.10.10.3
- got to
C:\Program Files\tinc\tap-win64 - run
addtap.bat. Click yes to install the driver. - Find the ${NAME} of the new network adapter
netsh interface ipv4 show interfaces
- Rename this interface
netsh interface set interface name = "${NAME}" newname = "tinc"
- give it the same IP as tinc client config
netsh interface ip set address "tinc" static 10.10.10.3 255.255.255.0.
- try to ping the server from the client and the other way around to make all is good
MacOs
FIXME
PRO tips
GNU/Linux with new net interface tool
ifconfig will be likely deprecated or even removed on some recent GNU/Linux distros, so the proper way to configure tinc-up and on such machines is as follow:
ip addr add 10.0.1.1/24 dev $INTERFACE ip link set $INTERFACE up
Set up systemd services
/lib/systemd/system/tinc.service
[Unit] Description=Tinc VPN After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true ExecReload=/bin/true WorkingDirectory=/usr/local/etc/tinc [Install] WantedBy=multi-user.target
/lib/systemd/system/tinc@.service
[Unit] Description=Tinc net %i PartOf=tinc.service ReloadPropagatedFrom=tinc.service [Service] Type=simple WorkingDirectory=/usr/local/etc/tinc/%i ExecStart=/usr/local/sbin/tincd -n %i -D ExecReload=/usr/local/sbin/tincd -n %i -kHUP KillMode=mixed TimeoutStopSec=5 Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
- enable them on boot:
systemctl enable tinc@lurknet
- Start / stop at will:
sudo systemctl start tinc@lurknet sudo systemctl stop tinc@lurknet