生まれ変わる - umarekawaru

User Tools

Site Tools

Trace: strongswan
technical:vpn:tinc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
technical:vpn:tinc [2022/08/11 09:04] jctechnical:vpn:tinc [2023/05/13 18:14] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== Tinc VPN ======+<markdown> 
 +Tinc VPN
  
-===== Install =====+## Install Tinc
  
-===== Generate Keys =====+### Arch Linux
  
-===== Config =====+```bash 
 +sudo pacman -S tinc 
 +```
  
-===== Startup =====+### Slackware Linux
  
-===== Shell Script =====+```bash 
 +wget https://slackbuilds.org/slackbuilds/15.0/network/tinc.tar.gz 
 +tar xzvf tinc.tar.gz 
 +cd tinc 
 +source tinc.info 
 +wget $DOWNLOAD 
 +sudo ./tinc.SlackBuild 
 +sudo installpkg tinc-1.0.36-x86_64-1_SBo.tgz 
 +```
  
 +## Generate Keys
 +
 +```bash
 +tincd -n <netname> -K
 +```
 +
 +## Config
 +
 +Copy keys to `/etc/tinc/<netname>/`
 +
 +
 +```bash
 +sudo mkdir -p /etc/tinc/<netname>hosts
 +cp rsa_key.* /etc/tinc/<netname>/
 +```
 +
 +
 +Create tinc-up and tinc-down scripts.
 +
 +`/etc/tinc/<netname>/tinc-up`
 +
 +```
 +#!/bin/bash
 +TUN="<interface>"
 +SUB="<network_address/subnet_mask>"
 +IP="<ip_address/subnet_mask>"
 +
 +ip link set $TUN up
 +ip addr add $IP dev tinc0
 +ip route add $SUB dev tinc0
 +```
 +
 +`/etc/tinc/<netname>/tinc-down`
 +
 +```
 +#!/bin/bash
 +TUN="<interface>"
 +SUB="<network_address/subnet_mask>"
 +IP="<ip_address/subnet_mask>" 
 +
 +ip link set $TUN down
 +ip route del $SUB dev $TUN 
 +ip addr del $IP dev $TUN 
 +```
 +
 +Create tinc configuration
 +
 +`/etc/tinc/<netname>/tinc.conf`
 +
 +```
 +Name = <hostname> 
 +Device = /dev/net/tun
 +AddressFamily = ipv4
 +ConnectTo = <peer>
 +Interface = <interface>
 +Mode = router
 +Port = <port>
 +```
 +
 +Add tinc peers
 +
 +`/etc/tinc/<netname>/hosts/<peer>`
 +
 +```
 +Subnet = <peer_ip_address>
 +Address = <peer_wan_address>
 +
 +<Peer's RSA Public Key>
 +```
 +
 +## Startup
 +
 +Start tincd
 +
 +```bash
 +VPN=$(ls /etc/tinc/)
 +for VPN in $VPNS; do
 +  echo "Starting tinc daemon for $VPN..."
 +  /usr/sbin/tincd -n "$VPN" -d1 --logfile=/var/log/tinc."$VPN"
 +done
 +```
 +
 +## Shell Script
 +
 +```bash
 +#!/bin/sh
 +
 +VPNS=$(ls /etc/tinc)
 +
 +start () {
 +        for VPN in $VPNS; do
 +                echo "Starting tinc daemon for $VPN..."
 +                /usr/sbin/tincd -n "$VPN" -d1 --logfile=/var/log/tinc."$VPN"
 +        done
 +}
 +
 +stop () {
 +        for VPN in $VPNS; do
 +                echo "Stopping tinc daemon for $VPN..."
 +                /usr/sbin/tincd -n "$VPN"  -k
 +        done
 +}
 +
 +restart () {
 +        stop
 +        sleep 1
 +        start
 +}
 +
 +case "$1" in
 +        ("start")
 +                start
 +                ;;
 +        ("stop")
 +                stop
 +                ;;
 +        ("restart")
 +                restart
 +                ;;
 +        (*)
 +                echo "Usage: $0 <start|stop|restart>"
 +                exit 1
 +esac
 +
 +exit 0
 +
 +```
 +</markdown>
  
technical/vpn/tinc.1660223068.txt.gz · Last modified: 2022/08/11 09:04 by jc

Page Tools