One thing you may need to do before running the VPN is to disable any firewall, or even take the time to punch a hole in it specifically for VPN traffic. Once the interface control scripts are created, change their mode to be executable: # chmod u+x /etc/tinc/smartynet/tinc-* Note: remember to change the IP address in the tinc-up script to match the address found in the host file. The files are nearly identical on both hosts, except for the interface address. There are two files I used that react when tinc switches from online to offline. Step 6Ĭreate network interface control scripts. Note: Make sure to copy the entire contents of the host files, including the public key that tinc put in them. Step 5įrom the master you will copy the /etc/tinc/smartynet/hosts/master file to the client machine, and put it in exactly the same location: /etc/tinc/smartynet/hosts/master.įrom the client you will copy the /etc/tinc/smartynet/hosts/client file to the master machine, and put it in exactly the same location: /etc/tinc/smartynet/hosts/client. Note: The Address in the master host file should be the public address of the host machine. etc/tinc/smartynet/hosts/client # on the client hostĪdd host addresses to the host files that tinc created: # - master. etc/tinc/smartynet/hosts/master # on the master host This command will create the keys and put them in the following files for you: /etc/tinc/smartynet/rsa_key.priv Step 3Ĭreate the public and private keypair on both machines: # tincd -n smartynet -K If this field is not specified, tinc will still listen for connections but will not try to connect to any other node. Setup the directory structure on both machines: # mkdir -p /etc/tinc/smartynet/hosts/Ĭreate the /etc/tinc/smartynet/nf file on both machines. To do the configuration you will need to be root or at least use sudo for elevated privileges in order to work in the /etc directory. It is good to keep in mind that tinc uses a peer-to-peer model, not client/server. One of them I called master and the other I called client. ![]() Here is what my final directory structure looked like: /etcįor this testing setup I used two hosts. The configuration is what seems to be the hard part of getting tinc to work. ![]() The configuration for tinc lives in /etc/tinc. You can download the latest release and build it, or install from your favorite package manager. Installing tinc is straightforward enough. For that reason I am making this post to help myself and others remember how to do it again in the future. This task took much longer than it should have. I was given the task of setting up a tinc VPN so that we could test performance for comparison against other VPN systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |