[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
howtos:network_services:tinc [2014/02/25 20:55 (UTC)] – minor style and content upgrade tonberry | howtos:network_services:tinc [2019/03/25 10:36 (UTC)] – modified tinc-up and added tinc-down tonberry | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== Overview ===== | ===== Overview ===== | ||
- | Tinc utilizes asymmetric | + | Tinc utilizes asymmetric |
- | Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incomming | + | Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incoming |
Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections, | Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections, | ||
- | Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic | + | Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic |
Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space). | Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space). | ||
Line 65: | Line 65: | ||
#!/bin/sh | #!/bin/sh | ||
ip addr add 192.168.1.1/ | ip addr add 192.168.1.1/ | ||
+ | ip route add 192.168.1.0/ | ||
ip link set vpnNIC up | ip link set vpnNIC up | ||
- | </code> | + | </file> |
+ | |||
+ | * Create tinc-down script that deconfigures VPN interface when VPN shuts down. Make the file executable too. | ||
+ | |||
+ | <file - tinc-down> | ||
+ | #!/bin/sh | ||
+ | ip link set vpnNIC down | ||
+ | ip route del 192.168.1.0/ | ||
+ | ip addr del 192.168.1.1/ | ||
+ | </file> | ||
* Fine-tune public key file in / | * Fine-tune public key file in / |