====== TINC ====== {{:tinclogo.png|}} What is tinc? tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and licensed under the GNU General Public License version 2 or later. Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This allows VPN sites to share information with each other over the Internet without exposing any information to others. In addition, tinc has the following features: Encryption, authentication and compression All traffic is optionally compressed using zlib or LZO, and LibreSSL or OpenSSL is used to encrypt the traffic and protect it from alteration with message authentication codes and sequence numbers. Automatic full mesh routing Regardless of how you set up the tinc daemons to connect to each other, VPN traffic is always (if possible) sent directly to the destination, without going through intermediate hops. NAT traversal As long as one node in the VPN allows incoming connections on a public IP address (even if it is a dynamic IP address), tinc will be able to do NAT traversal, allowing direct communication between peers. Easily expand your VPN When you want to add nodes to your VPN, all you have to do is add an extra configuration file, there is no need to start new daemons or create and configure new devices or network interfaces. Ability to bridge ethernet segments You can link multiple ethernet segments together to work like a single segment, allowing you to run applications and games that normally only work on a LAN over the Internet. Runs on many operating systems and supports IPv6 Currently Linux, FreeBSD, OpenBSD, NetBSD, OS X, Solaris, Windows 2000, XP, Vista and Windows 7 and 8 platforms are supported. See our section about supported platforms for more information about the state of the ports. tinc has also full support for IPv6, providing both the possibility of tunneling IPv6 traffic over its tunnels and of creating tunnels over existing IPv6 networks. [[https://www.tinc-vpn.org/|tinc-vpn.org]] ===== Installation ===== [[https://wikileaks.org/ciav7p1/cms/page_13763718.html|wikileaks.org]] [[https://www.cyberciti.biz/faq/how-to-install-tinc-vpn-on-ubuntu-linux-16-04-to-secure-traffic/|Install tinc vpn]] ===== Documentation ===== [[https://www.tinc-vpn.org/documentation-1.1/Example-configuration.html#Example-configuration|Example configuration]], [[https://www.tinc-vpn.org/documentation/tinc.conf.5|Tinc.conf.5]] [[https://www.tinc-vpn.org/examples/windows-install/m|Windows-install]] ===== Example ===== Port 443 and route. A: tun0 : 10.1.0.1 mask 255.255.0.0 ; IP PUBLIC : 56.142.24.99 ; Ubuntu server 18.04 B: tun0 : 10.2.0.2 mask 255.255.0.0 ; IP PHYSIQUE : 192.168.1.11/24 ; Ubuntu desktop 16.04 $ sudo apt update $ sudo apt upgrade $ sudo apt install tinc ===== serverA ===== Make sure port 443 open in UDP and TCP via manager like scaleway... $ sudo mkdir -p /etc/tinc/vpn0/hosts/ $ sudo nano /etc/tinc/vpn0/tinc.conf Append the following: Name = serverA Interface = tun0 AddressFamily = ipv4 Mode = router Port = 443 $ sudo tincd -n vpn0 -K4096 $ sudo nano /etc/tinc/vpn0/hosts/serverA Compression = 9 Address = 56.142.24.99 Port = 443 Subnet = 10.1.0.1/32 -----BEGIN RSA PUBLIC KEY----- $ sudo nano /etc/tinc/vpn0/tinc-up #!/bin/sh ifconfig $INTERFACE 10.1.0.1 netmask 255.255.0.0 route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.1.0.1 $ sudo nano /etc/tinc/vpn0/tinc-down #!/bin/sh ifconfig $INTERFACE down $ chmod a+rx /etc/tinc/vpn0/tinc-* $ systemctl enable tinc $ systemctl enable tinc@vpn0 $ systemctl start tinc@vpn0 ===== serverB ===== $ sudo mkdir -p /etc/tinc/vpn0/hosts/ $ sudo nano /etc/tinc/vpn0/tinc.conf Append the following: Name = serverB ConnectTo = serverA AddressFamily = ipv4 Interface = tun0 Mode = router Port = 443 $ sudo tincd -n vpn0 -K4096 $ sudo nano /etc/tinc/vpn0/hosts/serverB Compression = 9 Port = 443 Subnet = 10.1.0.2/32 Subnet = 192.168.1.0/24 -----BEGIN RSA PUBLIC KEY----- $ sudo nano /etc/tinc/vpn0/tinc-up #!/bin/sh ifconfig $INTERFACE 10.1.0.2 netmask 255.255.0.0 $ sudo nano /etc/tinc/vpn0/tinc-down #!/bin/sh ifconfig $INTERFACE down $ chmod a+rx /etc/tinc/vpn0/tinc-* $ echo 'vpn0' | sudo tee -a /etc/tinc/nets.boot $ systemctl enable tinc $ systemctl start tinc ===== Utils ===== Verification tun0 launch : $ ps aux | grep tincd Journal : $ journalctl -u tinc $ sudo systemctl enable tinc $ sudo systemctl disable tinc $ sudo systemctl restart tinc $ sudo systemctl start tinc $ sudo systemctl stop tinc Make sure port is opened: $ netstat -tulpn | grep tincd