Difference between revisions of "VPN with Tinc"
(→GNU/Linux (Debian based)) |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 10: | Line 10: | ||
* Install tinc 1.1 pre from source | * Install tinc 1.1 pre from source | ||
sudo apt install -y build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev | sudo apt install -y build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev | ||
| − | + | ||
| − | + | Compile Tinc 1.1pre : | |
| − | + | ||
| + | cd /usr/src/ | ||
| + | |||
| + | wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz | ||
| + | |||
| + | tar xvf tinc-1.1pre17.tar.gz | ||
| + | |||
| + | cd tinc-1.1pre17 | ||
| + | |||
| + | ./configure | ||
| + | |||
make | make | ||
| + | |||
sudo make install | sudo make install | ||
| + | |||
| + | Once installed the configuration dir should be in: | ||
| + | /usr/local/etc/tinc/ | ||
| + | |||
| + | And tinc is installed in | ||
| + | /usr/local/sbin/tinc | ||
| + | |||
| + | Make a directory for pidfile and socket | ||
| + | |||
| + | sudo mkdir -p /usr/local/var/run/ | ||
| + | |||
| + | ==== Set up systemd serivces ==== | ||
| + | |||
| + | sudo vim /lib/systemd/system/tinc.service | ||
| + | |||
| + | [Unit] | ||
| + | Description=Tinc VPN | ||
| + | After=network.target | ||
| + | [Service] | ||
| + | Type=oneshot | ||
| + | RemainAfterExit=yes | ||
| + | ExecStart=/bin/true | ||
| + | ExecReload=/bin/true | ||
| + | WorkingDirectory=/usr/local/etc/tinc | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | |||
| + | and | ||
| + | |||
| + | sudo vim /lib/systemd/system/tinc@.service | ||
| + | |||
| + | [Unit] | ||
| + | Description=Tinc net %i | ||
| + | PartOf=tinc.service | ||
| + | ReloadPropagatedFrom=tinc.service | ||
| + | |||
| + | [Service] | ||
| + | Type=simple | ||
| + | WorkingDirectory=/usr/local/etc/tinc/%i | ||
| + | ExecStart=/usr/local/sbin/tincd -n %i -D | ||
| + | ExecReload=/usr/local/sbin/tincd -n %i -kHUP | ||
| + | KillMode=mixed | ||
| + | TimeoutStopSec=5 | ||
| + | Restart=always | ||
| + | RestartSec=60 | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | |||
| + | |||
| + | Enable them on boot: | ||
| + | |||
| + | systemctl enable tinc@lurknet | ||
| + | |||
| + | |||
| + | Start / stop at will: | ||
| + | |||
| + | sudo systemctl start tinc@lurknet | ||
| + | |||
| + | sudo systemctl stop tinc@lurknet | ||
| + | |||
| + | |||
| + | ==== Configure Server ==== | ||
| + | |||
| + | sudo tinc -n lurknet init servername | ||
| + | |||
| + | sudo tincd -n lurknet | ||
| + | |||
| + | sudo tinc -n lurknet add subnet 10.0.1.1 | ||
| + | |||
| + | sudo tinc -n lurknet add address=public.IP.address | ||
| + | |||
| + | ==== Set up interface scripts ==== | ||
| + | |||
| + | sudo vim /usr/local/etc/tinc/lurknet/tinc-up | ||
| + | |||
| + | #!/bin/bash | ||
| + | ip addr add 10.0.1.1/24 dev $INTERFACE | ||
| + | ip link set $INTERFACE up | ||
| + | |||
| + | sudo vim /usr/local/etc/tinc/VPNNAME/tinc-down | ||
| + | |||
| + | #!/bin/bash | ||
| + | ip route del 10.0.1.1/24 dev $INTERFACE | ||
| + | ifconfig $INTERFACE down | ||
| + | |||
| + | Make them executable | ||
| + | |||
| + | cd /usr/local/etc/tinc/lurknet/ && chmod +x tinc-* | ||
| + | |||
| + | ==== Configure client ==== | ||
| + | |||
| + | For the client (given gnu/linux) compile the software as instructed above. Also make the systemD scripts and set up the interface scripts (using a different IP-address). | ||
| + | |||
| + | '''On the server''' then generate an invitation url: | ||
| + | |||
| + | tinc -n lurknet invite $CLIENTHOSTNAME | ||
| + | |||
| + | This will give you an invite URL so you can join the network '''on the client''': | ||
| + | |||
| + | tinc join $INVITEURL | ||
| + | |||
| + | tinc -n lurknet add subnet 10.0.1.3 | ||
| + | |||
| + | |||
| + | ==== Further reading ==== | ||
| + | |||
| + | The above is an amalgam from and may provide further details: | ||
| + | |||
| + | https://zingmars.info/2018/07/14/Tinc-1.1-setup-instructions/ | ||
| + | |||
| + | https://www.tinc-vpn.org/documentation-1.1/ | ||
| + | |||
| + | http://pzwiki.wdka.nl/mediadesign/Tinc | ||
=== MacOs === | === MacOs === | ||
Revision as of 13:49, 9 July 2019
FIXME: What's a VPN, what's Tinc
Installation on Server(s) and Client(s)
FreeBSD
- Install tinc 1.1 pre from ports
sudo pkg install tinc-devel # binary sudo portmaster -iB security/tinc-devel # source
GNU/Linux (Debian based)
- Install tinc 1.1 pre from source
sudo apt install -y build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev
Compile Tinc 1.1pre :
cd /usr/src/
wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
tar xvf tinc-1.1pre17.tar.gz
cd tinc-1.1pre17
./configure
make
sudo make install
Once installed the configuration dir should be in:
/usr/local/etc/tinc/
And tinc is installed in
/usr/local/sbin/tinc
Make a directory for pidfile and socket
sudo mkdir -p /usr/local/var/run/
Set up systemd serivces
sudo vim /lib/systemd/system/tinc.service
[Unit] Description=Tinc VPN After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true ExecReload=/bin/true WorkingDirectory=/usr/local/etc/tinc [Install] WantedBy=multi-user.target
and
sudo vim /lib/systemd/system/tinc@.service
[Unit] Description=Tinc net %i PartOf=tinc.service ReloadPropagatedFrom=tinc.service [Service] Type=simple WorkingDirectory=/usr/local/etc/tinc/%i ExecStart=/usr/local/sbin/tincd -n %i -D ExecReload=/usr/local/sbin/tincd -n %i -kHUP KillMode=mixed TimeoutStopSec=5 Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
Enable them on boot:
systemctl enable tinc@lurknet
Start / stop at will:
sudo systemctl start tinc@lurknet
sudo systemctl stop tinc@lurknet
Configure Server
sudo tinc -n lurknet init servername
sudo tincd -n lurknet
sudo tinc -n lurknet add subnet 10.0.1.1
sudo tinc -n lurknet add address=public.IP.address
Set up interface scripts
sudo vim /usr/local/etc/tinc/lurknet/tinc-up
#!/bin/bash ip addr add 10.0.1.1/24 dev $INTERFACE ip link set $INTERFACE up
sudo vim /usr/local/etc/tinc/VPNNAME/tinc-down
#!/bin/bash ip route del 10.0.1.1/24 dev $INTERFACE ifconfig $INTERFACE down
Make them executable
cd /usr/local/etc/tinc/lurknet/ && chmod +x tinc-*
Configure client
For the client (given gnu/linux) compile the software as instructed above. Also make the systemD scripts and set up the interface scripts (using a different IP-address).
On the server then generate an invitation url:
tinc -n lurknet invite $CLIENTHOSTNAME
This will give you an invite URL so you can join the network on the client:
tinc join $INVITEURL
tinc -n lurknet add subnet 10.0.1.3
Further reading
The above is an amalgam from and may provide further details:
https://zingmars.info/2018/07/14/Tinc-1.1-setup-instructions/
https://www.tinc-vpn.org/documentation-1.1/
http://pzwiki.wdka.nl/mediadesign/Tinc
MacOs
FIXME
Windows
- Install tinc 1.1 pre win binaries from upstream at https://tinc-vpn.org/download/
Setup Server(s)
FreeBSD
- Initialize new VPN
sudo tinc -n beernet init server
- Configure the host's own interface
sudo tinc -n beernet add subnet 10.10.10.1
- Configure the host's public IP, or domain if you have one for the host
sudo tinc -n beernet add address=super.domain.xxx # if you have a domain ... sudo tinc -n beernet add address=1.1.1.1 # or if you just have a public IP
- edit
/usr/local/etc/tinc/beernet/tinc-up, so that your network interface is brought up correctly, for instance with:
ifconfig $INTERFACE 10.10.10.1 netmask 255.255.255.0 # leave $INTERFACE as it is
- test if your VPN works nicely for the time being by running it directly in a shell with extra verbose options:
tincd -n beernet -D -d3
