Tinc: Difference between revisions

From XPUB & Lens-Based wiki
No edit summary
(15 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== Client (Raspberry Pi / laptop ) ==
https://tinc-vpn.org/images/tinclogo.png
===Install===
 
Install dependencies
''[https://tinc-vpn.org/ tinc] is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.''
 
And is used in XPUB to create the [[HUB]] VPN - aelectronic learning enviroment, server playground, web publishing platform, consisting of local machines (mainly raspberry pis) that sit behind firewalls,
but through tinc are accessible from outside the firewall.
 
==Install Tinc Client ==
 
'''On RaspberryPi / machine that will be joining [[HUB]].'''
 
Install dependencies:
 
  sudo apt install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev libncurses5-dev libreadline-dev  
  sudo apt install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev libncurses5-dev libreadline-dev  


Compile <code>Tinc 1.1pre</code>:


Compile Tinc 1.1pre :
  cd ~
 
  cd /usr/src/


  wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
  wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
Line 21: Line 30:
   sudo make install
   sudo make install


Once installed the configuration dir should be in:
Once installed create configuration dir:
  /usr/local/etc/tinc/
  sudo mkdir -p /usr/local/etc/tinc/


And tinc is installed in  
And tinc is installed in  
  /usr/local/sbin/tinc
  /usr/local/sbin/tinc


<s>tmux: attaches shell to the pi and running without your ssh connection</s>
==Next steps==
 
Adding clients
On the server:
    tinc -n hub invite $CLIENTHOSTNAME
On the client:
 
    tinc join $INVITEURL
 
    tinc -n hub add subnet 10.0.0.1XX
 
edit the tinc-up file:
    ifconfig $INTERFACE 10.0.0.1XX netmask 255.255.255.0
 
 
    tincd -n hub -D -d3
 
=== to rejoin tinc you need to ===
  1. start `tmux` and then
  2. run the following command `tincd -n hub -D -d3
 
 
= tincd service file =
 
According to [https://www.tinc-vpn.org/documentation/Linux.html tinc documentation]
 
Tinc ships with systemd service files that allow you to start and stop tinc using systemd. There are two service files: * ''tinc.service'' is used to globally enable or disable all tinc daemons managed by systemd * ''tinc@netname.service'' is used to enable or disable specific tinc daemons.
 
These are located in the source directory, in the sub-directory <code>systemd/</code>
 
However this files, seem to give some issues, as metioned in the tinc github: [https://github.com/gsliepen/tinc/issues/133 issue 133], [https://github.com/gsliepen/tinc/issues/168 issue 168]
 
Hence it is easier to edit and simply them a bit.
 
<code>/etc/systemd/system/tinc.service</code>
 
<pre># This is a mostly empty service, but allows commands like stop, start, reload
# to propagate to all tinc@ service instances.
 
[Unit]
Description=Tinc VPN
Documentation=info:tinc
Documentation=man:tinc(8) man:tinc.conf(5)
Documentation=http://tinc-vpn.org/docs/
After=network.target
Wants=network.target
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/true
ExecReload= /usr/local/sbin/true
WorkingDirectory=/usr/local/etc/tinc
 
[Install]
WantedBy=multi-user.target</pre>
<code>/etc/systemd/system/tinc@hub.service</code>
 
<pre>[Unit]
Description=Tinc net %i
Documentation=info:tinc
Documentation=man:tinc(8) man:tinc.conf(5)
Documentation=http://tinc-vpn.org/docs/
PartOf=tinc.service
ReloadPropagatedFrom=tinc.service
 
[Service]
Type=simple
WorkingDirectory=/usr/local/etc/tinc/%i
ExecStart=/usr/local/sbin/tincd -n %i -D
ExecReload=/usr/local/sbin/tincd -n %i -kHUP
TimeoutStopSec=5
Restart=always
RestartSec=60
 
[Install]
WantedBy=tinc.service</pre>
Note: in my system tinc was installed inside /usr/local/bin/tinc, /usr/local/bin/tincd and its configuration is in /usr/local/etc/tinc. But this is system specific. Ensure you know where these directories are in your system.
 
* Enable
** <code>sudo systemctl enable tinc</code>
** <code>sudo systemctl enable tinc@testvpn</code>
* Start <code>sudo systemctl start tinc@testvpn</code>
* Check status <code>sudo systemctl status tinc@testvpn</code>
 
Note that because <code>tinc@testvpn.service</code> requests tinc.service we don’t need to start that one, as it is started by <code>tinc@testvpn.service</code>


If all is good. We can test by rebooting the system and seeing that if after a while tinc@testvpn is up. You can check that by keeping starting a connection in the other node <code>sudo tincd -n testvpn -D -d 3</code> and try pinging the node, where we are trying to run tinc as a service <code>ping 10.1.0.2</code>.
Follow [[XPUB_HUB_New_Nodes]].




[[Category:Cookbook]]
[[Category:Cookbook]]
[[Category:Tinc]]

Revision as of 17:19, 20 September 2021

tinclogo.png

tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.

And is used in XPUB to create the HUB VPN - aelectronic learning enviroment, server playground, web publishing platform, consisting of local machines (mainly raspberry pis) that sit behind firewalls, but through tinc are accessible from outside the firewall.

Install Tinc Client

On RaspberryPi / machine that will be joining HUB.

Install dependencies:

sudo apt install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev libncurses5-dev libreadline-dev 

Compile Tinc 1.1pre:

cd ~
wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz
tar xvf tinc-1.1pre17.tar.gz
cd tinc-1.1pre17
./configure
make
 sudo make install

Once installed create configuration dir:

sudo mkdir -p /usr/local/etc/tinc/

And tinc is installed in

/usr/local/sbin/tinc

Next steps

Follow XPUB_HUB_New_Nodes.