Tinc
Client (Raspberry Pi / laptop )
Install
Install dependencies
sudo apt install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev libncurses5-dev libreadline-dev
Compile Tinc 1.1pre :
cd /usr/src/
wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
tar xvf tinc-1.1pre17.tar.gz
cd tinc-1.1pre17
./configure
make
sudo make install
Once installed create configuration dir:
sudo mkdir -p /usr/local/etc/tinc/
And tinc is installed in
/usr/local/sbin/tinc
tmux: attaches shell to the pi and running without your ssh connection
Adding clients On the server:
tinc -n hub invite $CLIENTHOSTNAME
On the client:
tinc join $INVITEURL
tinc -n hub add subnet 10.0.0.1XX
edit the tinc-up file in /usr/local/etc/tinc/hub/ :
ifconfig $INTERFACE 10.0.0.1XX netmask 255.255.255.0
tincd -n hub -D -d3
to rejoin tinc you need to
1. start `tmux` and then 2. run the following command `tincd -n hub -D -d3
tincd service file
According to tinc documentation
Tinc ships with systemd service files that allow you to start and stop tinc using systemd. There are two service files: * tinc.service is used to globally enable or disable all tinc daemons managed by systemd * tinc@netname.service is used to enable or disable specific tinc daemons.
These are located in the source directory, in the sub-directory systemd/
However this files, seem to give some issues, as metioned in the tinc github: issue 133, issue 168
Hence it is easier to edit and simply them a bit.
/etc/systemd/system/tinc.service
# This is a mostly empty service, but allows commands like stop, start, reload # to propagate to all tinc@ service instances. [Unit] Description=Tinc VPN Documentation=info:tinc Documentation=man:tinc(8) man:tinc.conf(5) Documentation=http://tinc-vpn.org/docs/ After=network.target Wants=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/local/sbin/true ExecReload= /usr/local/sbin/true WorkingDirectory=/usr/local/etc/tinc [Install] WantedBy=multi-user.target
/etc/systemd/system/tinc@hub.service
[Unit] Description=Tinc net %i Documentation=info:tinc Documentation=man:tinc(8) man:tinc.conf(5) Documentation=http://tinc-vpn.org/docs/ PartOf=tinc.service ReloadPropagatedFrom=tinc.service [Service] Type=simple WorkingDirectory=/usr/local/etc/tinc/%i ExecStart=/usr/local/sbin/tincd -n %i -D ExecReload=/usr/local/sbin/tincd -n %i -kHUP TimeoutStopSec=5 Restart=always RestartSec=60 [Install] WantedBy=tinc.service
Note: in my system tinc was installed inside /usr/local/bin/tinc, /usr/local/bin/tincd and its configuration is in /usr/local/etc/tinc. But this is system specific. Ensure you know where these directories are in your system.
- Enable
sudo systemctl enable tinc
sudo systemctl enable tinc@hub
- Start
sudo systemctl start tinc@hub
- Check status
sudo systemctl status tinc@hub
Note that because tinc@testvpn.service
requests tinc.service we don’t need to start that one, as it is started by tinc@testvpn.service
If all is good. We can test by rebooting the system and seeing that if after a while tinc@testvpn is up. You can check that by keeping starting a connection in the other node sudo tincd -n testvpn -D -d 3
and try pinging the node, where we are trying to run tinc as a service ping 10.1.0.2
.