Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
howtos:network_services:tinc [2014/02/26 08:46 (UTC)]
tonberry wrong closing tag
howtos:network_services:tinc [2014/03/12 14:05 (UTC)]
tonberry spelling
Line 5: Line 5:
  
 ===== Overview ===== ===== Overview =====
-Tinc utilizes asymmetric ​crypthography. Each node has its own private key, a public key and another public key; one for each participating node. These files are, together with a few configuration files, stored in /​etc/​tinc/<​VPN name> directory.+Tinc utilizes asymmetric ​cryptography. Each node has its own private key, a public key and another public key; one for each participating node. These files are, together with a few configuration files, stored in /​etc/​tinc/<​VPN name> directory.
  
-Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incomming ​connections from other nodes. Only nodes with valid private keys can produce data decipherable with matching public keys and are thus granted access.+Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incoming ​connections from other nodes. Only nodes with valid private keys can produce data decipherable with matching public keys and are thus granted access.
  
 Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections,​ but will attempt to connect to these known nodes. Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections,​ but will attempt to connect to these known nodes.
  
-Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic ​comming ​from VPN is processed by the daemon and made come from that network interface, and any traffic send through that interface is also processed by the daemon and sent to VPN, all behind the scenes, transparent to applications.+Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic ​coming ​from VPN is processed by the daemon and made come from that network interface, and any traffic send through that interface is also processed by the daemon and sent to VPN, all behind the scenes, transparent to applications.
  
 Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space). Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space).

In Other Languages
QR Code
QR Code howtos:network_services:tinc (generated for current page)