describe the general configuration of the node (type, name) ( nf).Tinc is positioned as an easy-to-configure service, however, something went wrong - to create a new node, minimal requirements are: Whenever possible, Tinc attempts to establish a direct connection between the two nodes behind NAT by punching. (after 2) in case of server failure in Singapore, traffic is transferred to the server in China and vice versa.Due to censorship rules, connection to China has been closed: Moscow russia-srv Manila Singapore Shanghai.Normal situation: Moscow russia-srv china-srv Shanghai.Using the traffic exchange between Shanghai and Moscow as an example, consider the following Tinc scenarios (approximately): Manila (Philippines) is not a threat to anyone, and therefore is allowed by everyone (due to the distance from everyone and everything).connections to Singapore are pretty stable (from personal experience).the network border of China Russia is unstable and may fall (due to both countries' censorship rules).Due to Russian censorship rules, all the other ISPs were eventually blocked except the "friendly" China (unfortunately, not so unrealistic).Servers have a public addresses, clients are behind a NAT.Even nodes without a public address can become a relay server.Ĭonsider a situation with three servers (China, Russia, Singapore) and three clients (Russia, China and the Philippines): In this article, only version 1.0.x was used.įrom my point of view, some of the strongest features of Tinc is ability to forward messages over peers when direct connection is not possible. There are two branches of tinc development: 1.0.x (in almost all repositories) and 1.1 (eternal beta). Support for multiple operating systems: Linux, FreeBSD, OS X, Solaris, Windows, etc.the ability to connect isolated networks at the ethernet level (virtual switch).fully automatic full-mesh solution, which includes building connections to network nodes in a peer-to-peer mode or, if this is not applicable, forwarding messages between intermediate hosts.encryption, authentication and compression of traffic.Like a classic (OpenVPN) solutions, the virtual network created will be available at the IP level (OSI 3) which generally means that making changes to the applications is not required. Source code is open and available under the GPL2 license. Tinc VPN (from the official site) is a service (the tincd daemon) that makes a private network by tunneling and encrypting traffic between nodes. The Tinc man is always a good source of truth. How to Set up tinc, a Peer-to-Peer VPN by Linode.How To Install Tinc and Set Up a Basic VPN on Ubuntu 14.04 by Digital Ocean.Unfortunately, Tinc VPN has no such big community like Open VPN or similar solutions, however, there are some good tutorials: One last command to go to start it all: systemctl enable -now it! Your node should now be connected to your remaining tinc nodes.Bootstrap your Tinc node quickly and easy Now that we have all of the nodes configured, let's configure the nf file, adding the following: AddressFamily = ipv4ĬonnectTo = anothertincnode Launching it all Last but not least, copy over one of your existing host files to which you want to connect. We'll add the following lines - make sure you adjust your IP address and host address: Address = Next up, we'll edit the host file that has been created for us. Then, create the tinc-down script with the following content: ifconfig $INTERFACE downĭon't forget to make it executable: chmod +x tinc-down tinc host files It will contain an example line of what you need to add in there. Next, go ahead and configure the tinc-up script that's been created. Let's start with creating your configuration for your desired netname: tinc -n netname init With the repo added, you can now configure the tinc node on your machine. We'll also need the following for the tinc-up script later on: apt install net-tools However, as most of my routers run tinc 1.1, I was looking for a straight forward way to get tinc 1.1 on my Ubuntu servers - and finally found a solution - including support for arm64! Installing tinc 1.1įollowing a discussion on Github, we got automated builds for tinc 1.1 including arm64 support, and it only takes a few commands to add the repository and install the latest tinc: echo 'deb /' | sudo tee /etc/apt//home:cromulent.listĬurl -fsSL | gpg -dearmor | sudo tee /etc/apt//home_cromulent.gpg > /dev/null I've been running it for over a decade on my networks between my servers and my routers. As you may have noticed, I'm a huge fan of tinc.
0 Comments
Leave a Reply. |