[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
howtos:network_services:tinc [2014/02/26 08:46 (UTC)] – wrong closing tag tonberryhowtos:network_services:tinc [2014/03/12 14:05 (UTC)] – spelling tonberry
Line 5: Line 5:
  
 ===== Overview ===== ===== Overview =====
-Tinc utilizes asymmetric crypthography. Each node has its own private key, a public key and another public key; one for each participating node. These files are, together with a few configuration files, stored in /etc/tinc/<VPN name> directory.+Tinc utilizes asymmetric cryptography. Each node has its own private key, a public key and another public key; one for each participating node. These files are, together with a few configuration files, stored in /etc/tinc/<VPN name> directory.
  
-Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incomming connections from other nodes. Only nodes with valid private keys can produce data decipherable with matching public keys and are thus granted access.+Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incoming connections from other nodes. Only nodes with valid private keys can produce data decipherable with matching public keys and are thus granted access.
  
 Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections, but will attempt to connect to these known nodes. Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections, but will attempt to connect to these known nodes.
  
-Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic comming from VPN is processed by the daemon and made come from that network interface, and any traffic send through that interface is also processed by the daemon and sent to VPN, all behind the scenes, transparent to applications.+Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic coming from VPN is processed by the daemon and made come from that network interface, and any traffic send through that interface is also processed by the daemon and sent to VPN, all behind the scenes, transparent to applications.
  
 Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space). Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space).

Trace:

howtos:network_services:tinc ()