Difference between revisions of "VPN with Tinc"

From Run Your Own
Jump to: navigation, search
(GNU/Linux (Debian based))
 
(3 intermediate revisions by the same user not shown)
Line 10: Line 10:
 
* Install tinc 1.1 pre from source
 
* Install tinc 1.1 pre from source
 
  sudo apt install -y build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev
 
  sudo apt install -y build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev
* Get latest source for 1.1 pre at https://www.tinc-vpn.org/download/
+
 
* untar, etc, then:
+
Compile Tinc 1.1pre :
  ,/configure
+
 
 +
cd /usr/src/
 +
 
 +
wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
 +
 
 +
tar xvf tinc-1.1pre17.tar.gz
 +
 
 +
cd tinc-1.1pre17
 +
 
 +
  ./configure
 +
 
 
  make
 
  make
 +
 
  sudo make install
 
  sudo make install
 +
 +
Once installed the configuration dir should be in:
 +
/usr/local/etc/tinc/
 +
 +
And tinc is installed in
 +
/usr/local/sbin/tinc
 +
 +
Make a directory for pidfile and socket
 +
 +
sudo mkdir -p /usr/local/var/run/
 +
 +
==== Set up systemd serivces ====
 +
 +
sudo vim /lib/systemd/system/tinc.service
 +
 +
[Unit]
 +
Description=Tinc VPN
 +
After=network.target
 
   
 
   
 +
[Service]
 +
Type=oneshot
 +
RemainAfterExit=yes
 +
ExecStart=/bin/true
 +
ExecReload=/bin/true
 +
WorkingDirectory=/usr/local/etc/tinc
 +
 +
[Install]
 +
WantedBy=multi-user.target
 +
 +
and
 +
 +
sudo vim /lib/systemd/system/tinc@.service
 +
 +
[Unit]
 +
Description=Tinc net %i
 +
PartOf=tinc.service
 +
ReloadPropagatedFrom=tinc.service
 +
 +
[Service]
 +
Type=simple
 +
WorkingDirectory=/usr/local/etc/tinc/%i
 +
ExecStart=/usr/local/sbin/tincd -n %i -D
 +
ExecReload=/usr/local/sbin/tincd -n %i -kHUP
 +
KillMode=mixed
 +
TimeoutStopSec=5
 +
Restart=always
 +
RestartSec=60
 +
 +
[Install]
 +
WantedBy=multi-user.target
 +
 +
 +
Enable them on boot:
 +
 +
systemctl enable tinc@lurknet
 +
 +
 +
Start / stop at will:
 +
 +
sudo systemctl start tinc@lurknet
 +
 +
sudo systemctl stop tinc@lurknet
 +
 +
 +
==== Configure Server ====
 +
 +
sudo tinc -n lurknet init servername
 +
 +
sudo tincd -n lurknet
 +
 +
sudo tinc -n lurknet add subnet 10.0.1.1
 +
 +
sudo tinc -n lurknet add address=public.IP.address
 +
 +
==== Set up interface scripts ====
 +
 +
sudo vim  /usr/local/etc/tinc/lurknet/tinc-up
 +
 +
#!/bin/bash
 +
ip addr add 10.0.1.1/24 dev $INTERFACE
 +
ip link set $INTERFACE up
 +
 +
sudo vim /usr/local/etc/tinc/VPNNAME/tinc-down
 +
 +
#!/bin/bash
 +
ip route del 10.0.1.1/24 dev $INTERFACE
 +
ifconfig $INTERFACE down
 +
 +
Make them executable
 +
 +
cd /usr/local/etc/tinc/lurknet/ && chmod +x tinc-*
 +
 +
==== Configure client ====
 +
 +
For the client (given gnu/linux) compile the software as instructed above. Also make the systemD scripts and set up the interface scripts (using a different IP-address).
 +
 +
'''On the server''' then generate an invitation url:
 +
 +
tinc -n lurknet invite $CLIENTHOSTNAME
 +
 +
This will give you an invite URL so you can join the network '''on the client''':
 +
 +
tinc join $INVITEURL
 +
 +
tinc -n lurknet add subnet 10.0.1.3
 +
 +
 +
==== Further reading ====
 +
 +
The above is an amalgam from and may provide further details:
 +
 +
https://zingmars.info/2018/07/14/Tinc-1.1-setup-instructions/
 +
 +
https://www.tinc-vpn.org/documentation-1.1/
 +
 +
http://pzwiki.wdka.nl/mediadesign/Tinc
  
 
=== MacOs ===
 
=== MacOs ===

Latest revision as of 11:49, 9 July 2019

FIXME: What's a VPN, what's Tinc

Installation on Server(s) and Client(s)

FreeBSD

  • Install tinc 1.1 pre from ports
sudo pkg install tinc-devel               # binary
sudo portmaster -iB security/tinc-devel   # source

GNU/Linux (Debian based)

  • Install tinc 1.1 pre from source
sudo apt install -y build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev

Compile Tinc 1.1pre :

cd /usr/src/
wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
tar xvf tinc-1.1pre17.tar.gz
cd tinc-1.1pre17
./configure
make
sudo make install

Once installed the configuration dir should be in:

/usr/local/etc/tinc/

And tinc is installed in

/usr/local/sbin/tinc

Make a directory for pidfile and socket

sudo mkdir -p /usr/local/var/run/

Set up systemd serivces

sudo vim /lib/systemd/system/tinc.service
[Unit]
Description=Tinc VPN
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true
WorkingDirectory=/usr/local/etc/tinc

[Install]
WantedBy=multi-user.target

and

sudo vim /lib/systemd/system/tinc@.service
[Unit]
Description=Tinc net %i
PartOf=tinc.service
ReloadPropagatedFrom=tinc.service

[Service]
Type=simple
WorkingDirectory=/usr/local/etc/tinc/%i
ExecStart=/usr/local/sbin/tincd -n %i -D
ExecReload=/usr/local/sbin/tincd -n %i -kHUP
KillMode=mixed
TimeoutStopSec=5
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target


Enable them on boot:

systemctl enable tinc@lurknet


Start / stop at will:

sudo systemctl start tinc@lurknet
sudo systemctl stop tinc@lurknet


Configure Server

sudo tinc -n lurknet init servername
sudo tincd -n lurknet
sudo tinc -n lurknet add subnet 10.0.1.1
sudo tinc -n lurknet add address=public.IP.address

Set up interface scripts

sudo vim  /usr/local/etc/tinc/lurknet/tinc-up
#!/bin/bash
ip addr add 10.0.1.1/24 dev $INTERFACE
ip link set $INTERFACE up
sudo vim /usr/local/etc/tinc/VPNNAME/tinc-down 
#!/bin/bash
ip route del 10.0.1.1/24 dev $INTERFACE
ifconfig $INTERFACE down

Make them executable

cd /usr/local/etc/tinc/lurknet/ && chmod +x tinc-*

Configure client

For the client (given gnu/linux) compile the software as instructed above. Also make the systemD scripts and set up the interface scripts (using a different IP-address).

On the server then generate an invitation url:

tinc -n lurknet invite $CLIENTHOSTNAME

This will give you an invite URL so you can join the network on the client:

tinc join $INVITEURL
tinc -n lurknet add subnet 10.0.1.3


Further reading

The above is an amalgam from and may provide further details:

https://zingmars.info/2018/07/14/Tinc-1.1-setup-instructions/

https://www.tinc-vpn.org/documentation-1.1/

http://pzwiki.wdka.nl/mediadesign/Tinc

MacOs

FIXME

Windows

Setup Server(s)

FreeBSD

  • Initialize new VPN
sudo tinc -n beernet init server
  • Configure the host's own interface
sudo tinc -n beernet add subnet 10.10.10.1
  • Configure the host's public IP, or domain if you have one for the host
sudo tinc -n beernet add address=super.domain.xxx  # if you have a domain ...
sudo tinc -n beernet add address=1.1.1.1           # or if you just have a public IP
  • edit /usr/local/etc/tinc/beernet/tinc-up, so that your network interface is brought up correctly, for instance with:
ifconfig $INTERFACE 10.10.10.1 netmask 255.255.255.0  # leave $INTERFACE as it is
  • test if your VPN works nicely for the time being by running it directly in a shell with extra verbose options:
tincd -n beernet -D -d3

Setup Client

FreeBSD

GNU/Linux

MacOs

Windows