diff --git a/tinc/Dockerfile b/tinc/Dockerfile index a55c0e0..bedcb30 100644 --- a/tinc/Dockerfile +++ b/tinc/Dockerfile @@ -5,31 +5,36 @@ FROM alpine MAINTAINER kev -ENV NETNAME netname -ENV PIDFILE /run/tinc.$NETNAME.pid -ENV VERBOSE 2 +ENV NETNAME=netname \ + PIDFILE=/run/tinc.$NETNAME.pid \ + KEYSIZE=4096 \ + VERBOSE=2 -ENV ADDRESS 10.0.0.1 -ENV NETMASK 255.255.255.0 -ENV NETWORK 10.0.0.0/24 +ENV ADDRESS=10.0.0.1 \ + NETMASK=255.255.255.0 \ + NETWORK=10.0.0.0/24 -RUN apk add -U iptables tinc \ +RUN set -xe \ + && apk add -U iptables tinc \ && rm -rf /var/cache/apk/* \ && mkdir -p /etc/tinc/$NETNAME/hosts WORKDIR /etc/tinc/$NETNAME -RUN echo -e "Name=server\\nInterface=tun0" > tinc.conf \ +RUN set -xe \ + && echo -e "Name=server\\nInterface=tun0" > tinc.conf \ && echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \ - && echo -e "\\n" | tincd -n $NETNAME -K4096 \ + && tincd -n $NETNAME -K$KEYSIZE < /dev/null \ && echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \ && echo -e "ifconfig \$INTERFACE down" > tinc-down \ && chmod +x tinc-up tinc-down VOLUME /etc/tinc + EXPOSE 655/tcp 655/udp -CMD mkdir -p /dev/net \ +CMD set -xe \ + && mkdir -p /dev/net \ && [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \ && iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \ && tincd --no-detach \ diff --git a/tinc/README.md b/tinc/README.md index e22b0ef..5f04e25 100644 --- a/tinc/README.md +++ b/tinc/README.md @@ -32,7 +32,7 @@ To use this image, you need to: ## docker-compose.yml -``` +```yaml tinc: image: vimagick/tinc ports: @@ -50,7 +50,25 @@ tinc: ## server -``` +```bash +# config +$ cd ~/fig/tinc/ +$ mkdir -p tinc/netname/hosts/ +$ docker-compose run --rm tinc sh +>>> cat > tinc.conf +Name=server +Interface=tun0 +>>> cat > hosts/server +Subnet=10.0.0.1 +Subnet=0.0.0.0/0 +>>> tincd -n netname -K4096 < /dev/null +>>> cat > tinc-up +ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0 +>>> cat > tinc-down +ifconfig $INTERFACE down +>>> chmod +x tinc-up tinc-down +>>> exit + # run $ docker-compose up -d @@ -63,7 +81,7 @@ $ watch docker exec tinc_tinc_1 netstat -an ## client -``` +```bash # start $ tincd -d -D -n netname --pidfile /tmp/tinc.pid @@ -71,5 +89,79 @@ $ tincd -d -D -n netname --pidfile /tmp/tinc.pid $ tincd -k --pidfile /tmp/tinc.pid ``` +## client (openwrt) + +```bash +$ opkg install tinc ip + +$ cat > /etc/config/tinc +config tinc-net netname + option enabled 1 +config tinc-host linkit + option enabled 1 + option net netname +config tinc-host server + option enabled 1 + option net netname + +$ mkdir -p /etc/tinc/netname/hosts + +$ cat > /etc/tinc/netname/tinc.conf +Name = linkit +Interface = tun0 +ConnectTo = server + +$ cat > /etc/tinc/netname/hosts/linkit +Subnet = 10.0.0.125 + +$ tincd -n netname -K < /dev/null +Generating 2048 bits keys: +......+++ p +.....+++ q +Done. + +$ cat > /etc/tinc/netname/tinc-up +#!/bin/sh +ip link set $INTERFACE up +ip addr add 10.0.0.125/24 dev $INTERFACE + +$ cat > /etc/tinc/netname/tinc-down +#!/bin/sh +ip addr del 10.0.0.125/24 dev $INTERFACE +ip link set $INTERFACE down + +$ cat > /etc/tinc/netname/hosts/server-up +#!/bin/sh +ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3` +ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY +ip route add 0.0.0.0/1 dev $INTERFACE +ip route add 128.0.0.0/1 dev $INTERFACE + +$ cat > /etc/tinc/netname/hosts/server-down +#!/bin/sh +ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3` +ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY +ip route del 0.0.0.0/1 dev $INTERFACE +ip route del 128.0.0.0/1 dev $INTERFACE + +$ chmod +x /etc/tinc/netname/tinc-* +$ chmod +x /etc/tinc/netname/hosts/server-* + +$ scp /etc/tinc/netname/hosts/linkit root@remote-server:/etc/tinc/netname/hosts/ +$ scp root@remote-server:/etc/tinc/netname/hosts/server /etc/tinc/netname/hosts/ + +$ /etc/init.d/tinc start +$ /etc/init.d/tinc enable + +$ ifconfig tun0 + +$ firefox http://192.168.1.125/cgi-bin/luci/ + +# Firewall: +# | lan => wan, vpn | ooo | xx | +# | wan => | oox | oo | +# | vpn => wan | ooo | ox | +``` + [1]: http://tinc-vpn.org/ [2]: https://www.digitalocean.com/community/tutorials/how-to-install-tinc-and-set-up-a-basic-vpn-on-ubuntu-14-04