|
|
# folder structure
|
|
|
|
|
|
```
|
|
|
/etc/tinc/example_vpn
|
|
|
/etc/tinc/example_vpn/rsa_key.priv
|
|
|
/etc/tinc/example_vpn/tinc.conf
|
|
|
/etc/tinc/example_vpn/tinc-down
|
|
|
/etc/tinc/example_vpn/tinc-up
|
|
|
/etc/tinc/example_vpn/tinc-updown.vars
|
|
|
/etc/tinc/example_vpn/hosts/host1.example.com_14
|
|
|
/etc/tinc/example_vpn/hosts/host2.example.com_15
|
|
|
/etc/tinc/example_vpn/hosts/host3.example.com_16
|
|
|
```
|
|
|
|
|
|
`host1.example.com_14` is the local host in this example.
|
|
|
|
|
|
## example_vpn
|
|
|
|
|
|
The folder is the name of the vpn.
|
|
|
|
|
|
## tinc.conf
|
|
|
|
|
|
This `tinc.conf` configures the layout of the network:
|
|
|
|
|
|
```config
|
|
|
Name = host1_example_com_14
|
|
|
ConnectTo = host2.example.com_15
|
|
|
ConnectTo = host3.example.com_16
|
|
|
Device = /dev/net/tun
|
|
|
|
|
|
Interface = tinc-example_vpn
|
|
|
AddressFamily = ipv4
|
|
|
Mode = switch
|
|
|
PrivateKeyFile = /etc/tinc/example_vpn/rsa_key.priv
|
|
|
PingTimeout = 10
|
|
|
```
|
|
|
|
|
|
The name may only contain alpha numeric character and the underscore.
|
|
|
|
|
|
## tinc-updown.vars
|
|
|
|
|
|
Contains the configuration for the network interface sourced by the `tinc-up` and `tinc-down` script.
|
|
|
|
|
|
```config
|
|
|
TINCADR=10.1.1.14
|
|
|
TINCBRC=10.1.1.255
|
|
|
TINCPRE=24
|
|
|
```
|
|
|
|
|
|
| variable | function |
|
|
|
| ------ | ------ |
|
|
|
| TINCADR | the address this host hsould get in the vpn |
|
|
|
| TINCBRC | the broadcast address for this vpn |
|
|
|
| TINCPRE | the netmask for the vpn |
|
|
|
|
|
|
## tinc-up
|
|
|
|
|
|
Contains the rules when bringing up the vpn.
|
|
|
|
|
|
```bash
|
|
|
#!/bin/sh
|
|
|
|
|
|
. /etc/tinc/$vpn_name/tinc-updown.vars
|
|
|
|
|
|
ip addr add $TINCADR/$TINCPRE brd $TINCBRC dev $INTERFACE
|
|
|
|
|
|
ip link set dev $INTERFACE up
|
|
|
```
|
|
|
|
|
|
## tinc-down
|
|
|
|
|
|
Contains the rules when bringing down the vpn.
|
|
|
|
|
|
```bash
|
|
|
#!/bin/sh
|
|
|
|
|
|
. /etc/tinc/$vpn_name/tinc-updown.vars
|
|
|
|
|
|
ip link set $INTERFACE down
|
|
|
|
|
|
ip addr del $TINCADR/$TINCPRE brd $TINCBRC dev $INTERFACE
|
|
|
```
|
|
|
|
|
|
Don't forget to makse both script executable!
|
|
|
|
|
|
## hosts/*
|
|
|
|
|
|
These files have to be created for the local host and received for all remote hosts. It contains the public RSA key of the host and the configuration on how to connect it. A good practice is to append the VPN IP of the host to the configuration file.
|
|
|
|
|
|
The local host configuration file can be created via `tincd -K$bits -nexample_vpn`, whereas `$bits` is the key size (e.g. 8192) and `example_vpn` the name of the VPN. tincd creates the `rsa_key.priv` file and the `hosts/host1.example.com_14` with the name from the `tinc.conf`. After the file has been created it has to be edited to represent how to access this host.
|
|
|
|
|
|
```bash
|
|
|
Address=host1.example.com
|
|
|
Port=10000
|
|
|
Subnet=10.1.1.0/24
|
|
|
Compression=1
|
|
|
-----BEGIN RSA PUBLIC KEY-----
|
|
|
MIIBCg...
|
|
|
-----END RSA PUBLIC KEY-----
|
|
|
```
|
|
|
|
|
|
| Parameter | function |
|
|
|
| --- | --- |
|
|
|
| Address | the public address of the host other vpn hosts can connect to |
|
|
|
| Port | the public port |
|
|
|
| Subnet | the subnet of the vpn |
|
|
|
| Compression | the compression used (1..fastest, 9..best) | |