Tinc: Difference between revisions

From XPUB & Lens-Based wiki
No edit summary
Line 43: Line 43:
   1. start `tmux` and then  
   1. start `tmux` and then  
   2. run the following command `tincd -n hub -D -d3
   2. run the following command `tincd -n hub -D -d3
= tincd service file =
According to [https://www.tinc-vpn.org/documentation/Linux.html tinc documentation]
Tinc ships with systemd service files that allow you to start and stop tinc using systemd. There are two service files: * ''tinc.service'' is used to globally enable or disable all tinc daemons managed by systemd * ''tinc@netname.service'' is used to enable or disable specific tinc daemons.
These are located in the source directory, in the sub-directory <code>systemd/</code>
However this files, seem to give some issues, as metioned in the tinc github: [https://github.com/gsliepen/tinc/issues/133 issue 133], [https://github.com/gsliepen/tinc/issues/168 issue 168]
Hence it is easier to edit and simply them a bit.
<code>/etc/systemd/system/tinc.service</code>
<pre># This is a mostly empty service, but allows commands like stop, start, reload
# to propagate to all tinc@ service instances.
[Unit]
Description=Tinc VPN
Documentation=info:tinc
Documentation=man:tinc(8) man:tinc.conf(5)
Documentation=http://tinc-vpn.org/docs/
After=network.target
Wants=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/true
ExecReload= /usr/local/sbin/true
WorkingDirectory=/usr/local/etc/tinc
[Install]
WantedBy=multi-user.target</pre>
<code>/etc/systemd/system/tinc@testvpn.service</code>
<pre>[Unit]
Description=Tinc net %i
Documentation=info:tinc
Documentation=man:tinc(8) man:tinc.conf(5)
Documentation=http://tinc-vpn.org/docs/
PartOf=tinc.service
ReloadPropagatedFrom=tinc.service
[Service]
Type=simple
WorkingDirectory=/usr/local/etc/tinc/%i
ExecStart=/usr/local/sbin/tincd -n %i -D
ExecReload=/usr/local/sbin/tincd -n %i -kHUP
TimeoutStopSec=5
Restart=always
RestartSec=60
[Install]
WantedBy=tinc.service</pre>
Note: in my system tinc was installed inside /usr/local/bin/tinc, /usr/local/bin/tincd and its configuration is in /usr/local/etc/tinc. But this is system specific. Ensure you know where these directories are in your system.
* Enable
** <code>sudo systemctl enable tinc</code>
** <code>sudo systemctl enable tinc@testvpn</code>
* Start <code>sudo systemctl start tinc@testvpn</code>
* Check status <code>sudo systemctl status tinc@testvpn</code>
Note that because <code>tinc@testvpn.service</code> requests tinc.service we don’t need to start that one, as it is started by <code>tinc@testvpn.service</code>
If all is good. We can test by rebooting the system and seeing that if after a while tinc@testvpn is up. You can check that by keeping starting a connection in the other node <code>sudo tincd -n testvpn -D -d 3</code> and try pinging the node, where we are trying to run tinc as a service <code>ping 10.1.0.2</code>.




[[Category:Cookbook]]
[[Category:Cookbook]]

Revision as of 13:23, 15 September 2019

Client (Raspberry Pi / laptop )

Install

Install dependencies

sudo apt install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev libncurses5-dev libreadline-dev 


Compile Tinc 1.1pre :

cd /usr/src/
wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
tar xvf tinc-1.1pre17.tar.gz
cd tinc-1.1pre17
./configure
make
 sudo make install

Once installed the configuration dir should be in:

/usr/local/etc/tinc/

And tinc is installed in

/usr/local/sbin/tinc

tmux: attaches shell to the pi and running without your ssh connection

Adding clients On the server:

    tinc -n hub invite $CLIENTHOSTNAME

On the client:

   tinc join $INVITEURL
   tinc -n hub add subnet 10.0.0.1XX
   tincd -n hub -D -d3

to rejoin tinc you need to

 1. start `tmux` and then 
 2. run the following command `tincd -n hub -D -d3


tincd service file

According to tinc documentation

Tinc ships with systemd service files that allow you to start and stop tinc using systemd. There are two service files: * tinc.service is used to globally enable or disable all tinc daemons managed by systemd * tinc@netname.service is used to enable or disable specific tinc daemons.

These are located in the source directory, in the sub-directory systemd/

However this files, seem to give some issues, as metioned in the tinc github: issue 133, issue 168

Hence it is easier to edit and simply them a bit.

/etc/systemd/system/tinc.service

# This is a mostly empty service, but allows commands like stop, start, reload
# to propagate to all tinc@ service instances.

[Unit]
Description=Tinc VPN
Documentation=info:tinc
Documentation=man:tinc(8) man:tinc.conf(5)
Documentation=http://tinc-vpn.org/docs/
After=network.target
Wants=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/true
ExecReload= /usr/local/sbin/true
WorkingDirectory=/usr/local/etc/tinc

[Install]
WantedBy=multi-user.target

/etc/systemd/system/tinc@testvpn.service

[Unit]
Description=Tinc net %i
Documentation=info:tinc
Documentation=man:tinc(8) man:tinc.conf(5)
Documentation=http://tinc-vpn.org/docs/
PartOf=tinc.service
ReloadPropagatedFrom=tinc.service

[Service]
Type=simple
WorkingDirectory=/usr/local/etc/tinc/%i
ExecStart=/usr/local/sbin/tincd -n %i -D
ExecReload=/usr/local/sbin/tincd -n %i -kHUP
TimeoutStopSec=5
Restart=always
RestartSec=60

[Install]
WantedBy=tinc.service

Note: in my system tinc was installed inside /usr/local/bin/tinc, /usr/local/bin/tincd and its configuration is in /usr/local/etc/tinc. But this is system specific. Ensure you know where these directories are in your system.

  • Enable
    • sudo systemctl enable tinc
    • sudo systemctl enable tinc@testvpn
  • Start sudo systemctl start tinc@testvpn
  • Check status sudo systemctl status tinc@testvpn

Note that because tinc@testvpn.service requests tinc.service we don’t need to start that one, as it is started by tinc@testvpn.service

If all is good. We can test by rebooting the system and seeing that if after a while tinc@testvpn is up. You can check that by keeping starting a connection in the other node sudo tincd -n testvpn -D -d 3 and try pinging the node, where we are trying to run tinc as a service ping 10.1.0.2.