2015-06-23 01:00:07 +00:00
|
|
|
|
tinc
|
|
|
|
|
|
====
|
|
|
|
|
|
|
2016-04-05 11:33:25 +00:00
|
|
|
|
[tinc][1] is a Virtual Private Network (VPN) daemon that uses tunnelling and
|
2015-06-14 03:06:12 +00:00
|
|
|
|
encryption to create a secure private network between hosts on the Internet.
|
|
|
|
|
|
|
2016-06-30 18:41:31 +00:00
|
|
|
|
To use this image, you need to have basic knowledges of tinc. (See this [tutor][2])
|
2015-06-14 03:06:12 +00:00
|
|
|
|
|
2016-06-30 18:41:31 +00:00
|
|
|
|
## Directory Tree
|
2015-06-14 03:06:12 +00:00
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
~/fig/tinc/
|
|
|
|
|
|
├── docker-compose.yml
|
|
|
|
|
|
└── tinc/
|
2015-08-26 14:50:36 +00:00
|
|
|
|
└── netname/
|
|
|
|
|
|
├── hosts/
|
|
|
|
|
|
│ ├── client
|
|
|
|
|
|
│ ├── client-down*
|
|
|
|
|
|
│ ├── client-up*
|
|
|
|
|
|
│ └── server
|
|
|
|
|
|
├── rsa_key.priv
|
|
|
|
|
|
├── tinc.conf
|
|
|
|
|
|
├── tinc-down*
|
|
|
|
|
|
└── tinc-up*
|
2015-06-14 03:06:12 +00:00
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## docker-compose.yml
|
|
|
|
|
|
|
2016-02-08 08:47:09 +00:00
|
|
|
|
```yaml
|
2015-06-22 13:56:24 +00:00
|
|
|
|
tinc:
|
2015-06-14 03:06:12 +00:00
|
|
|
|
image: vimagick/tinc
|
|
|
|
|
|
ports:
|
2015-06-14 08:34:55 +00:00
|
|
|
|
- "655:655/tcp"
|
|
|
|
|
|
- "655:655/udp"
|
2015-06-14 03:06:12 +00:00
|
|
|
|
volumes:
|
2015-08-26 14:50:36 +00:00
|
|
|
|
- ./tinc:/etc/tinc
|
2015-06-22 13:56:24 +00:00
|
|
|
|
environment:
|
2016-06-30 18:41:31 +00:00
|
|
|
|
- IP_ADDR=1.2.3.4
|
2019-06-06 00:36:40 +00:00
|
|
|
|
- ADDRESS=10.20.30.1
|
|
|
|
|
|
- NETMASK=255.255.255.0
|
|
|
|
|
|
- NETWORK=10.20.30.0/24
|
|
|
|
|
|
- RUNMODE=server
|
2015-06-14 14:15:54 +00:00
|
|
|
|
cap_add:
|
2015-06-14 07:15:04 +00:00
|
|
|
|
- NET_ADMIN
|
2015-10-25 15:21:06 +00:00
|
|
|
|
dns: 8.8.8.8
|
2015-06-14 03:06:12 +00:00
|
|
|
|
restart: always
|
|
|
|
|
|
```
|
|
|
|
|
|
|
2016-06-30 18:41:31 +00:00
|
|
|
|
## Server Setup
|
2015-06-14 05:41:39 +00:00
|
|
|
|
|
2016-02-08 08:47:09 +00:00
|
|
|
|
```bash
|
2015-06-14 08:50:25 +00:00
|
|
|
|
# run
|
2015-06-14 10:24:22 +00:00
|
|
|
|
$ docker-compose up -d
|
2015-06-14 08:50:25 +00:00
|
|
|
|
|
|
|
|
|
|
# monitor
|
2015-06-14 10:24:22 +00:00
|
|
|
|
$ docker-compose logs
|
2015-06-14 08:50:25 +00:00
|
|
|
|
|
|
|
|
|
|
# stats
|
2016-06-30 18:41:31 +00:00
|
|
|
|
$ watch docker-compose exec tinc netstat -an
|
2015-06-14 08:50:25 +00:00
|
|
|
|
```
|
|
|
|
|
|
|
2016-06-30 18:41:31 +00:00
|
|
|
|
## Client Setup
|
2015-06-14 08:50:25 +00:00
|
|
|
|
|
2016-02-08 08:47:09 +00:00
|
|
|
|
```bash
|
2015-06-14 08:50:25 +00:00
|
|
|
|
# start
|
2015-06-23 07:13:00 +00:00
|
|
|
|
$ tincd -d -D -n netname --pidfile /tmp/tinc.pid
|
2015-06-14 08:50:25 +00:00
|
|
|
|
|
|
|
|
|
|
# stop
|
|
|
|
|
|
$ tincd -k --pidfile /tmp/tinc.pid
|
2015-06-14 05:41:39 +00:00
|
|
|
|
```
|
|
|
|
|
|
|
2016-06-30 18:41:31 +00:00
|
|
|
|
## Client Setup (openwrt)
|
2016-02-08 08:47:09 +00:00
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
|
$ opkg install tinc ip
|
|
|
|
|
|
|
|
|
|
|
|
$ cat > /etc/config/tinc
|
|
|
|
|
|
config tinc-net netname
|
|
|
|
|
|
option enabled 1
|
|
|
|
|
|
config tinc-host linkit
|
|
|
|
|
|
option enabled 1
|
|
|
|
|
|
option net netname
|
|
|
|
|
|
config tinc-host server
|
|
|
|
|
|
option enabled 1
|
|
|
|
|
|
option net netname
|
|
|
|
|
|
|
|
|
|
|
|
$ mkdir -p /etc/tinc/netname/hosts
|
|
|
|
|
|
|
|
|
|
|
|
$ cat > /etc/tinc/netname/tinc.conf
|
|
|
|
|
|
Name = linkit
|
|
|
|
|
|
Interface = tun0
|
|
|
|
|
|
ConnectTo = server
|
|
|
|
|
|
|
|
|
|
|
|
$ cat > /etc/tinc/netname/hosts/linkit
|
2019-06-06 00:36:40 +00:00
|
|
|
|
Subnet = 10.20.30.125
|
2016-02-08 08:47:09 +00:00
|
|
|
|
|
|
|
|
|
|
$ tincd -n netname -K < /dev/null
|
|
|
|
|
|
Generating 2048 bits keys:
|
|
|
|
|
|
......+++ p
|
|
|
|
|
|
.....+++ q
|
|
|
|
|
|
Done.
|
|
|
|
|
|
|
|
|
|
|
|
$ cat > /etc/tinc/netname/tinc-up
|
|
|
|
|
|
#!/bin/sh
|
|
|
|
|
|
ip link set $INTERFACE up
|
2019-06-06 00:36:40 +00:00
|
|
|
|
ip addr add 10.20.30.125/24 dev $INTERFACE
|
2016-02-08 08:47:09 +00:00
|
|
|
|
|
|
|
|
|
|
$ cat > /etc/tinc/netname/tinc-down
|
|
|
|
|
|
#!/bin/sh
|
2019-06-06 00:36:40 +00:00
|
|
|
|
ip addr del 10.20.30.125/24 dev $INTERFACE
|
2016-02-08 08:47:09 +00:00
|
|
|
|
ip link set $INTERFACE down
|
|
|
|
|
|
|
|
|
|
|
|
$ cat > /etc/tinc/netname/hosts/server-up
|
|
|
|
|
|
#!/bin/sh
|
|
|
|
|
|
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
|
|
|
|
|
|
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
|
|
|
|
|
|
ip route add 0.0.0.0/1 dev $INTERFACE
|
|
|
|
|
|
ip route add 128.0.0.0/1 dev $INTERFACE
|
|
|
|
|
|
|
|
|
|
|
|
$ cat > /etc/tinc/netname/hosts/server-down
|
|
|
|
|
|
#!/bin/sh
|
|
|
|
|
|
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
|
|
|
|
|
|
ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY
|
|
|
|
|
|
ip route del 0.0.0.0/1 dev $INTERFACE
|
|
|
|
|
|
ip route del 128.0.0.0/1 dev $INTERFACE
|
|
|
|
|
|
|
|
|
|
|
|
$ chmod +x /etc/tinc/netname/tinc-*
|
|
|
|
|
|
$ chmod +x /etc/tinc/netname/hosts/server-*
|
|
|
|
|
|
|
|
|
|
|
|
$ scp /etc/tinc/netname/hosts/linkit root@remote-server:/etc/tinc/netname/hosts/
|
|
|
|
|
|
$ scp root@remote-server:/etc/tinc/netname/hosts/server /etc/tinc/netname/hosts/
|
|
|
|
|
|
|
|
|
|
|
|
$ /etc/init.d/tinc start
|
|
|
|
|
|
$ /etc/init.d/tinc enable
|
|
|
|
|
|
|
|
|
|
|
|
$ ifconfig tun0
|
|
|
|
|
|
|
|
|
|
|
|
$ firefox http://192.168.1.125/cgi-bin/luci/
|
|
|
|
|
|
|
|
|
|
|
|
# Firewall:
|
|
|
|
|
|
# | lan => wan, vpn | ooo | xx |
|
|
|
|
|
|
# | wan => | oox | oo |
|
|
|
|
|
|
# | vpn => wan | ooo | ox |
|
|
|
|
|
|
```
|
|
|
|
|
|
|
2015-06-14 03:06:12 +00:00
|
|
|
|
[1]: http://tinc-vpn.org/
|
|
|
|
|
|
[2]: https://www.digitalocean.com/community/tutorials/how-to-install-tinc-and-set-up-a-basic-vpn-on-ubuntu-14-04
|
