Difference between revisions of "VPN with Tinc"
(→GNU/Linux (Debian based)) |
(→GNU/Linux (Debian based)) |
||
Line 32: | Line 32: | ||
And tinc is installed in | And tinc is installed in | ||
/usr/local/sbin/tinc | /usr/local/sbin/tinc | ||
+ | |||
+ | Make a directory for pidfile and socket | ||
+ | |||
+ | sudo mkdir -p /usr/local/var/run/ | ||
+ | |||
+ | ==== Set up systemd serivces ==== | ||
+ | |||
+ | sudo vim /lib/systemd/system/tinc.service | ||
+ | |||
+ | [Unit] | ||
+ | Description=Tinc VPN | ||
+ | After=network.target | ||
+ | |||
+ | [Service] | ||
+ | Type=oneshot | ||
+ | RemainAfterExit=yes | ||
+ | ExecStart=/bin/true | ||
+ | ExecReload=/bin/true | ||
+ | WorkingDirectory=/usr/local/etc/tinc | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | |||
+ | and | ||
+ | |||
+ | sudo vim /lib/systemd/system/tinc@.service | ||
+ | |||
+ | [Unit] | ||
+ | Description=Tinc net %i | ||
+ | PartOf=tinc.service | ||
+ | ReloadPropagatedFrom=tinc.service | ||
+ | |||
+ | [Service] | ||
+ | Type=simple | ||
+ | WorkingDirectory=/usr/local/etc/tinc/%i | ||
+ | ExecStart=/usr/local/sbin/tincd -n %i -D | ||
+ | ExecReload=/usr/local/sbin/tincd -n %i -kHUP | ||
+ | KillMode=mixed | ||
+ | TimeoutStopSec=5 | ||
+ | Restart=always | ||
+ | RestartSec=60 | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | |||
+ | ==== Configure Server ==== | ||
+ | |||
+ | sudo tinc -n lurknet init servername | ||
+ | |||
+ | sudo tincd -n lurknet | ||
+ | |||
+ | sudo tinc -n lurknet add subnet 10.0.1.1 | ||
+ | |||
+ | sudo tinc -n lurknet add address=public.IP.address | ||
+ | |||
+ | ==== Set up interface scripts ==== | ||
+ | |||
+ | sudo vim /usr/local/etc/tinc/lurknet/tinc-up | ||
+ | |||
+ | #!/bin/bash | ||
+ | ip addr add 10.0.1.1/24 dev $INTERFACE | ||
+ | ip link set $INTERFACE up | ||
+ | |||
+ | sudo vim /usr/local/etc/tinc/VPNNAME/tinc-down | ||
+ | |||
+ | #!/bin/bash | ||
+ | ip route del 10.0.1.1/24 dev $INTERFACE | ||
+ | ifconfig $INTERFACE down | ||
+ | |||
+ | Make them executable | ||
+ | |||
+ | cd /usr/local/etc/tinc/lurknet/ && chmod +x tinc-* | ||
=== MacOs === | === MacOs === |
Revision as of 13:30, 9 July 2019
FIXME: What's a VPN, what's Tinc
Contents
Installation on Server(s) and Client(s)
FreeBSD
- Install tinc 1.1 pre from ports
sudo pkg install tinc-devel # binary sudo portmaster -iB security/tinc-devel # source
GNU/Linux (Debian based)
- Install tinc 1.1 pre from source
sudo apt install -y build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev
Compile Tinc 1.1pre :
cd /usr/src/
wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
tar xvf tinc-1.1pre17.tar.gz
cd tinc-1.1pre17
./configure
make
sudo make install
Once installed the configuration dir should be in:
/usr/local/etc/tinc/
And tinc is installed in
/usr/local/sbin/tinc
Make a directory for pidfile and socket
sudo mkdir -p /usr/local/var/run/
Set up systemd serivces
sudo vim /lib/systemd/system/tinc.service
[Unit] Description=Tinc VPN After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true ExecReload=/bin/true WorkingDirectory=/usr/local/etc/tinc [Install] WantedBy=multi-user.target
and
sudo vim /lib/systemd/system/tinc@.service
[Unit] Description=Tinc net %i PartOf=tinc.service ReloadPropagatedFrom=tinc.service [Service] Type=simple WorkingDirectory=/usr/local/etc/tinc/%i ExecStart=/usr/local/sbin/tincd -n %i -D ExecReload=/usr/local/sbin/tincd -n %i -kHUP KillMode=mixed TimeoutStopSec=5 Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
Configure Server
sudo tinc -n lurknet init servername
sudo tincd -n lurknet
sudo tinc -n lurknet add subnet 10.0.1.1
sudo tinc -n lurknet add address=public.IP.address
Set up interface scripts
sudo vim /usr/local/etc/tinc/lurknet/tinc-up
#!/bin/bash ip addr add 10.0.1.1/24 dev $INTERFACE ip link set $INTERFACE up
sudo vim /usr/local/etc/tinc/VPNNAME/tinc-down
#!/bin/bash ip route del 10.0.1.1/24 dev $INTERFACE ifconfig $INTERFACE down
Make them executable
cd /usr/local/etc/tinc/lurknet/ && chmod +x tinc-*
MacOs
FIXME
Windows
- Install tinc 1.1 pre win binaries from upstream at https://tinc-vpn.org/download/
Setup Server(s)
FreeBSD
- Initialize new VPN
sudo tinc -n beernet init server
- Configure the host's own interface
sudo tinc -n beernet add subnet 10.10.10.1
- Configure the host's public IP, or domain if you have one for the host
sudo tinc -n beernet add address=super.domain.xxx # if you have a domain ... sudo tinc -n beernet add address=1.1.1.1 # or if you just have a public IP
- edit
/usr/local/etc/tinc/beernet/tinc-up
, so that your network interface is brought up correctly, for instance with:
ifconfig $INTERFACE 10.10.10.1 netmask 255.255.255.0 # leave $INTERFACE as it is
- test if your VPN works nicely for the time being by running it directly in a shell with extra verbose options:
tincd -n beernet -D -d3