[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howtos:network_services:tinc [2014/02/26 08:46 (UTC)] – wrong closing tag tonberryhowtos:network_services:tinc [2022/06/08 12:25 (UTC)] (current) – [Installation] pointed to SlackBuild tonberry
Line 5: Line 5:
  
 ===== Overview ===== ===== Overview =====
-Tinc utilizes asymmetric crypthography. Each node has its own private key, a public key and another public key; one for each participating node. These files are, together with a few configuration files, stored in /etc/tinc/<VPN name> directory.+Tinc utilizes asymmetric cryptography. Each node has its own private key, a public key and another public key; one for each participating node. These files are, together with a few configuration files, stored in /etc/tinc/<VPN name> directory.
  
-Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incomming connections from other nodes. Only nodes with valid private keys can produce data decipherable with matching public keys and are thus granted access.+Each node also runs a daemon (or multiple daemons, one for each separate VPN). Daemon listens on set port (default is 655) for incoming connections from other nodes. Only nodes with valid private keys can produce data decipherable with matching public keys and are thus granted access.
  
 Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections, but will attempt to connect to these known nodes. Public key file may contain not only key itself, but also public IP address (and port) of node to which it belongs. If set to, daemon will not wait for connections, but will attempt to connect to these known nodes.
  
-Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic comming from VPN is processed by the daemon and made come from that network interface, and any traffic send through that interface is also processed by the daemon and sent to VPN, all behind the scenes, transparent to applications.+Each node has its own IP address (in private address space) which, once the daemon is running, is assigned to virtual network interface. Any traffic coming from VPN is processed by the daemon and made come from that network interface, and any traffic send through that interface is also processed by the daemon and sent to VPN, all behind the scenes, transparent to applications.
  
 Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space). Important feature of Tinc is that daemon can (and by default does) forward traffic for other nodes, e.g. if nodes A and B are behind NAT and can directly communicate with only node C, which has unrestricted internet access, or even do not know public key of each other, but C knows them both, C will happily forward traffic between/for them. They just need to know IP addresses (in private address space).
Line 17: Line 17:
  
 ===== Installation ===== ===== Installation =====
 +
 +=== Compile using SlackBuild ===
 +  * Tinc is now apparently maintained as [[https://slackbuilds.org/repository/15.0/network/tinc/|SlackBuild]].
 +
 +=== Compile from source ===
   * Download sources from http://www.tinc-vpn.org/download/   * Download sources from http://www.tinc-vpn.org/download/
  
Line 65: Line 70:
 #!/bin/sh #!/bin/sh
 ip addr add 192.168.1.1/24 dev vpnNIC ip addr add 192.168.1.1/24 dev vpnNIC
 +ip route add 192.168.1.0/24 dev vpnNIC
 ip link set vpnNIC up ip link set vpnNIC up
 +</file>
 +
 +  * Create tinc-down script that deconfigures VPN interface when VPN shuts down. Make the file executable too.
 +
 +<file - tinc-down>
 +#!/bin/sh
 +ip link set vpnNIC down
 +ip route del 192.168.1.0/24 dev vpnNIC
 +ip addr del 192.168.1.1/24 dev vpnNIC
 </file> </file>
  
Line 112: Line 127:
 There are a few differences in Windows configuration. There are a few differences in Windows configuration.
  
-  * You still generate initial configuration files, but place them in into where Tinc is installed, which should be something like C:\Program Files\tinc\<VPN name>+  * You still generate initial configuration files, but place them into where Tinc is installed, which should be something like C:\Program Files\tinc\<VPN name>
  
   * In tinc.conf, omit Interface directive, because Tinc daemon will then automatically select TUN/TAP device and directive may do more harm than good. Especially if Tinc service starts and fails immediately, check that Interface is not set.   * In tinc.conf, omit Interface directive, because Tinc daemon will then automatically select TUN/TAP device and directive may do more harm than good. Especially if Tinc service starts and fails immediately, check that Interface is not set.
Line 138: Line 153:
  
 ===== RC script ===== ===== RC script =====
-Here is some script to start all VPNs on boot. +Here is some script to start all VPNs on boot. Note that stop command differs between 1.0 and 1.1 (prerelease) branches; 1.0 calls tinc**d**, 1.1 calls tinc (no d).
  
 <code bash> <code bash>
 howtos:network_services:tinc ()