[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howtos:network_services:tinc [2014/02/26 08:46 (UTC)] – wrong closing tag tonberry | howtos:network_services:tinc [2022/06/08 12:25 (UTC)] (current) – [Installation] pointed to SlackBuild tonberry | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== Overview ===== | ===== Overview ===== | ||
- | Tinc utilizes asymmetric | + | Tinc utilizes asymmetric |
- | Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incomming | + | Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incoming |
Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections, | Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections, | ||
- | Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic | + | Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic |
Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space). | Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space). | ||
Line 17: | Line 17: | ||
===== Installation ===== | ===== Installation ===== | ||
+ | |||
+ | === Compile using SlackBuild === | ||
+ | * Tinc is now apparently maintained as [[https:// | ||
+ | |||
+ | === Compile from source === | ||
* Download sources from http:// | * Download sources from http:// | ||
Line 65: | Line 70: | ||
#!/bin/sh | #!/bin/sh | ||
ip addr add 192.168.1.1/ | ip addr add 192.168.1.1/ | ||
+ | ip route add 192.168.1.0/ | ||
ip link set vpnNIC up | ip link set vpnNIC up | ||
+ | </ | ||
+ | |||
+ | * Create tinc-down script that deconfigures VPN interface when VPN shuts down. Make the file executable too. | ||
+ | |||
+ | <file - tinc-down> | ||
+ | #!/bin/sh | ||
+ | ip link set vpnNIC down | ||
+ | ip route del 192.168.1.0/ | ||
+ | ip addr del 192.168.1.1/ | ||
</ | </ | ||
Line 112: | Line 127: | ||
There are a few differences in Windows configuration. | There are a few differences in Windows configuration. | ||
- | * You still generate initial configuration files, but place them in into where Tinc is installed, which should be something like C:\Program Files\tinc\< | + | * You still generate initial configuration files, but place them into where Tinc is installed, which should be something like C:\Program Files\tinc\< |
* In tinc.conf, omit Interface directive, because Tinc daemon will then automatically select TUN/TAP device and directive may do more harm than good. Especially if Tinc service starts and fails immediately, | * In tinc.conf, omit Interface directive, because Tinc daemon will then automatically select TUN/TAP device and directive may do more harm than good. Especially if Tinc service starts and fails immediately, | ||
Line 138: | Line 153: | ||
===== RC script ===== | ===== RC script ===== | ||
- | Here is some script to start all VPNs on boot. | + | Here is some script to start all VPNs on boot. Note that stop command differs between 1.0 and 1.1 (prerelease) branches; 1.0 calls tinc**d**, 1.1 calls tinc (no d). |
<code bash> | <code bash> |