[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revisionBoth sides next revision
howtos:network_services:tinc [2014/02/25 20:30 (UTC)] – created tonberryhowtos:network_services:tinc [2014/02/25 20:55 (UTC)] – minor style and content upgrade tonberry
Line 22: Line 22:
  
 <code> <code>
-./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var +./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var 
-make +make 
-make install+make install
 </code> </code>
  
Line 30: Line 30:
  
 <code> <code>
-make DESTDIR=/somewhere/else install+make DESTDIR=/somewhere/else install
 </code> </code>
  
Line 38: Line 38:
  
 <code> <code>
-tinc -n VPNtest init node1+tinc -n VPNtest init node1
 </code> </code>
  
Line 44: Line 44:
  
 <code> <code>
-tinc -c . generate-keys +tinc -c . generate-keys 
-mkdir -p VPNtest/hosts +mkdir -p VPNtest/hosts 
-mv *.priv VPNtest/. +mv *.priv VPNtest/. 
-cat rsa_key.pub ecdsa_key.pub > VPNtest/hosts/node1 +cat rsa_key.pub ecdsa_key.pub > VPNtest/hosts/node1 
-rm rsa_key.pub ecdsa_key.pub+rm rsa_key.pub ecdsa_key.pub
 </code> </code>
  
   * Fine-tune configuration in /etc/tinc/<VPN name>/tinc.conf. Skip ConnectTo if deamon should passively wait for connections. Interface is name of virtual network card, see more below. Optionally set listening port, especially if you intend to run multiple daemons/VPNs.   * Fine-tune configuration in /etc/tinc/<VPN name>/tinc.conf. Skip ConnectTo if deamon should passively wait for connections. Interface is name of virtual network card, see more below. Optionally set listening port, especially if you intend to run multiple daemons/VPNs.
  
-<code>+<file - tinc.conf>
 Name = node1 Name = node1
 ConnectTo = node2 ConnectTo = node2
 Interface = vpnNIC Interface = vpnNIC
 Port = 6655 Port = 6655
-</code>+</file>
  
   * Configure virtual network interface in /etc/tinc/<VPN name>/tinc-up. Do not manually create interface (via ip command), Tinc daemon will do that for you, just write down configuration for IP level. Also, make tinc-up file executable.   * Configure virtual network interface in /etc/tinc/<VPN name>/tinc-up. Do not manually create interface (via ip command), Tinc daemon will do that for you, just write down configuration for IP level. Also, make tinc-up file executable.
  
-<code>+<file - tinc-up>
 #!/bin/sh #!/bin/sh
 ip addr add 192.168.1.1/24 dev vpnNIC ip addr add 192.168.1.1/24 dev vpnNIC
Line 70: Line 70:
   * Fine-tune public key file in /etc/tinc/<VPN name>/hosts/<this node>. Public IP may be also a hostname/domain, which is convenient in case you e.g. change ISP, but keep DNS name. Port should be same as in tinc.conf, but may differ if e.g. you are behind NAT with port forwarding from one port number to different port number. Let other nodes have this file and place their public key files here.   * Fine-tune public key file in /etc/tinc/<VPN name>/hosts/<this node>. Public IP may be also a hostname/domain, which is convenient in case you e.g. change ISP, but keep DNS name. Port should be same as in tinc.conf, but may differ if e.g. you are behind NAT with port forwarding from one port number to different port number. Let other nodes have this file and place their public key files here.
  
-<code>+<file - node1>
 Address = <public IP address> [port] Address = <public IP address> [port]
 Subnet = 192.168.1.1/32 Subnet = 192.168.1.1/32
 -----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
 ... ...
-</code>+</file>
  
   * Repeat process on (or for) other nodes, use different names for nodes and different private space IPs. Again, let nodes have each other's public key (or host) file.   * Repeat process on (or for) other nodes, use different names for nodes and different private space IPs. Again, let nodes have each other's public key (or host) file.
Line 82: Line 82:
  
 <code> <code>
-tincd -n VPNtest --debug=5 --logfile=/var/log/VPNtest.log+tincd -n VPNtest --debug=5 --logfile=/var/log/VPNtest.log
 </code> </code>
  
Line 98: Line 98:
  
 <code> <code>
-tapinstall.exe remove tap0901+C:\path\to\tapinstall.exe remove tap0901
 </code> </code>
  
Line 104: Line 104:
  
 <code> <code>
-tapinstall.exe install OemWin2k.inf tap0901+C:\path\to\tapinstall.exe install OemWin2k.inf tap0901
 </code> </code>
   * Device drivers actually seem to come from OpenVPN project. Which is good, because they are signed; Windows are quite hostile towards unsigned drivers lately.   * Device drivers actually seem to come from OpenVPN project. Which is good, because they are signed; Windows are quite hostile towards unsigned drivers lately.
Line 127: Line 127:
  
 <code> <code>
-C:\path\to\tincd.exe [--debug=5] [--logfile=C:\path\to\file.log-n <VPN name>+C:\path\to\tincd.exe --debug=5 --logfile=C:\path\to\file.log -n VPNtest
 </code> </code>
  
Line 133: Line 133:
  
 <code> <code>
-net start tinc.<VPN name>+cmd> net start tinc.VPNtest
 </code> </code>
  
Line 185: Line 185:
 Save it as e.g. /etc/rc.d/rc.tinc, make executable and then add line to rc.local. Save it as e.g. /etc/rc.d/rc.tinc, make executable and then add line to rc.local.
  
-<code>+<file - rc.local>
 /etc/rc.d/rc.tinc start /etc/rc.d/rc.tinc start
-</code>+</file>
  
  
Line 201: Line 201:
 <!-- Please do not modify anything below, except adding new tags.--> <!-- Please do not modify anything below, except adding new tags.-->
 <!-- You must remove the tag-word "template" below before saving your new page --> <!-- You must remove the tag-word "template" below before saving your new page -->
-{{tag>howtos template}}+{{tag>howtos network}}

Trace:

howtos:network_services:tinc ()