|
|
(17 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
| == Client (Raspberry Pi / laptop ) ==
| | https://tinc-vpn.org/images/tinclogo.png |
| ===Install===
| |
| Install dependencies
| |
| sudo apt install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev libncurses5-dev libreadline-dev
| |
|
| |
|
| | ''[https://tinc-vpn.org/ Tinc] is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet.'' |
|
| |
|
| Compile Tinc 1.1pre :
| | And is used in XPUB to create the [[HUB]] VPN - an electronic learning enviroment, server playground, web publishing platform, consisting of local machines (mainly raspberry pi's) that sit behind firewalls, |
| | but through Tinc are accessible from outside the firewall. |
|
| |
|
| cd /usr/src/
| | To add a machine to the HUB, we install Tinc from source. This is because it is required to have all the machines running the same version of Tinc. |
|
| |
|
| wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
| | ==Install Tinc Client == |
|
| |
|
| tar xvf tinc-1.1pre17.tar.gz
| | '''On RaspberryPi / machine that will be joining [[HUB]].''' |
|
| |
|
| cd tinc-1.1pre17
| | Install dependencies: |
|
| |
|
| ./configure | | sudo apt install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev libncurses5-dev libreadline-dev |
|
| |
|
| make
| | Compile <code>Tinc 1.1pre</code>: |
|
| |
|
| sudo make install
| | cd ~ |
|
| |
|
| Once installed the configuration dir should be in:
| | wget https://www.tinc-vpn.org/packages/tinc-1.1pre18.tar.gz |
| /usr/local/etc/tinc/
| |
|
| |
|
| And tinc is installed in
| | tar xvf tinc-1.1pre18.tar.gz |
| /usr/local/sbin/tinc | |
|
| |
|
| <s>tmux: attaches shell to the pi and running without your ssh connection</s>
| | cd tinc-1.1pre18 |
|
| |
|
| Adding clients
| | ./configure |
| On the server:
| |
| tinc -n hub invite $CLIENTHOSTNAME
| |
| On the client:
| |
|
| |
|
| tinc join $INVITEURL
| | make |
|
| |
|
| tinc -n hub add subnet 10.0.0.1XX
| | sudo make install |
|
| |
|
| edit the '''tinc-up''' file in /usr/local/etc/tinc/hub/ :
| | Once installed create configuration dir: |
| ifconfig $INTERFACE 10.0.0.1XX netmask 255.255.255.0
| | sudo mkdir -p /usr/local/etc/tinc/ |
|
| |
|
| | And tinc is installed in |
| | /usr/local/sbin/tinc |
|
| |
|
| tincd -n hub -D -d3
| | ==Next steps== |
| | |
| === to rejoin tinc you need to === | |
| 1. start `tmux` and then
| |
| 2. run the following command `tincd -n hub -D -d3
| |
| | |
| = tincd service file =
| |
| | |
| According to [https://www.tinc-vpn.org/documentation/Linux.html tinc documentation]
| |
| | |
| Tinc ships with systemd service files that allow you to start and stop tinc using systemd. There are two service files: * ''tinc.service'' is used to globally enable or disable all tinc daemons managed by systemd * ''tinc@netname.service'' is used to enable or disable specific tinc daemons.
| |
| | |
| These are located in the source directory, in the sub-directory <code>systemd/</code>
| |
| | |
| However this files, seem to give some issues, as metioned in the tinc github: [https://github.com/gsliepen/tinc/issues/133 issue 133], [https://github.com/gsliepen/tinc/issues/168 issue 168]
| |
| | |
| Hence it is easier to edit and simply them a bit.
| |
| | |
| <code>/etc/systemd/system/tinc.service</code>
| |
| | |
| <pre># This is a mostly empty service, but allows commands like stop, start, reload
| |
| # to propagate to all tinc@ service instances.
| |
| | |
| [Unit]
| |
| Description=Tinc VPN
| |
| Documentation=info:tinc
| |
| Documentation=man:tinc(8) man:tinc.conf(5)
| |
| Documentation=http://tinc-vpn.org/docs/
| |
| After=network.target
| |
| Wants=network.target
| |
| | |
| [Service]
| |
| Type=oneshot
| |
| RemainAfterExit=yes
| |
| ExecStart=/usr/local/sbin/true
| |
| ExecReload= /usr/local/sbin/true
| |
| WorkingDirectory=/usr/local/etc/tinc
| |
| | |
| [Install]
| |
| WantedBy=multi-user.target</pre>
| |
| <code>/etc/systemd/system/tinc@hub.service</code>
| |
| | |
| <pre>[Unit]
| |
| Description=Tinc net %i
| |
| Documentation=info:tinc
| |
| Documentation=man:tinc(8) man:tinc.conf(5)
| |
| Documentation=http://tinc-vpn.org/docs/
| |
| PartOf=tinc.service
| |
| ReloadPropagatedFrom=tinc.service
| |
| | |
| [Service]
| |
| Type=simple
| |
| WorkingDirectory=/usr/local/etc/tinc/%i
| |
| ExecStart=/usr/local/sbin/tincd -n %i -D
| |
| ExecReload=/usr/local/sbin/tincd -n %i -kHUP
| |
| TimeoutStopSec=5
| |
| Restart=always
| |
| RestartSec=60
| |
| | |
| [Install]
| |
| WantedBy=tinc.service</pre>
| |
| Note: in my system tinc was installed inside /usr/local/bin/tinc, /usr/local/bin/tincd and its configuration is in /usr/local/etc/tinc. But this is system specific. Ensure you know where these directories are in your system.
| |
| | |
| * Enable
| |
| ** <code>sudo systemctl enable tinc</code>
| |
| ** <code>sudo systemctl enable tinc@hub</code>
| |
| * Start <code>sudo systemctl start tinc@hub</code>
| |
| * Check status <code>sudo systemctl status tinc@hub</code>
| |
| | |
| Note that because <code>tinc@testvpn.service</code> requests tinc.service we don’t need to start that one, as it is started by <code>tinc@testvpn.service</code>
| |
|
| |
|
| If all is good. We can test by rebooting the system and seeing that if after a while tinc@testvpn is up. You can check that by keeping starting a connection in the other node <code>sudo tincd -n testvpn -D -d 3</code> and try pinging the node, where we are trying to run tinc as a service <code>ping 10.1.0.2</code>.
| | Follow [[XPUB_HUB_New_Nodes]]. |
|
| |
|
|
| |
|
| [[Category:Cookbook]] | | [[Category:Cookbook]] |
| | [[Category:Tinc]] |
Tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet.
And is used in XPUB to create the HUB VPN - an electronic learning enviroment, server playground, web publishing platform, consisting of local machines (mainly raspberry pi's) that sit behind firewalls,
but through Tinc are accessible from outside the firewall.
To add a machine to the HUB, we install Tinc from source. This is because it is required to have all the machines running the same version of Tinc.
Install Tinc Client
On RaspberryPi / machine that will be joining HUB.
Install dependencies:
sudo apt install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev libncurses5-dev libreadline-dev
Compile Tinc 1.1pre
:
cd ~
wget https://www.tinc-vpn.org/packages/tinc-1.1pre18.tar.gz
tar xvf tinc-1.1pre18.tar.gz
cd tinc-1.1pre18
./configure
make
sudo make install
Once installed create configuration dir:
sudo mkdir -p /usr/local/etc/tinc/
And tinc is installed in
/usr/local/sbin/tinc
Next steps
Follow XPUB_HUB_New_Nodes.