Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente | ||
tinc [2019/03/31 22:26] colin |
tinc [2019/04/27 22:19] (Version actuelle) colin |
||
---|---|---|---|
Ligne 29: | Ligne 29: | ||
[[https://www.cyberciti.biz/faq/how-to-install-tinc-vpn-on-ubuntu-linux-16-04-to-secure-traffic/|Install tinc vpn]] | [[https://www.cyberciti.biz/faq/how-to-install-tinc-vpn-on-ubuntu-linux-16-04-to-secure-traffic/|Install tinc vpn]] | ||
- | ===== Documenation ===== | + | ===== Documentation ===== |
- | + | ||
- | [[https://www.tinc-vpn.org/documentation-1.1/Example-configuration.html#Example-configuration|Example configuration]] | + | |
+ | [[https://www.tinc-vpn.org/documentation-1.1/Example-configuration.html#Example-configuration|Example configuration]], | ||
+ | [[https://www.tinc-vpn.org/documentation/tinc.conf.5|Tinc.conf.5]] | ||
+ | [[https://www.tinc-vpn.org/examples/windows-install/m|Windows-install]] | ||
===== Example ===== | ===== Example ===== | ||
- | A: net 10.1.0.0 mask 255.255.0.0 gateway 10.1.54.1 internet IP 1.2.3.4 | + | Port 443 and route. |
- | B: net 10.2.0.0 mask 255.255.0.0 gateway 10.2.1.12 internet IP 2.3.4.5 | + | A: tun0 : 10.1.0.1 mask 255.255.0.0 ; IP PUBLIC : 56.142.24.99 ; Ubuntu server 18.04 |
- | C: net 10.3.0.0 mask 255.255.0.0 gateway 10.3.69.254 internet IP 3.4.5.6 | + | B: tun0 : 10.2.0.2 mask 255.255.0.0 ; IP PHYSIQUE : 192.168.1.11/24 ; Ubuntu desktop 16.04 |
- | D: net 10.4.0.0 mask 255.255.0.0 gateway 10.4.3.32 internet IP 4.5.6.7 | + | |
$ sudo apt update | $ sudo apt update | ||
$ sudo apt upgrade | $ sudo apt upgrade | ||
$ sudo apt install tinc | $ sudo apt install tinc | ||
+ | |||
+ | ===== serverA ===== | ||
+ | |||
+ | Make sure port 443 open in UDP and TCP via manager like scaleway... | ||
$ sudo mkdir -p /etc/tinc/vpn0/hosts/ | $ sudo mkdir -p /etc/tinc/vpn0/hosts/ | ||
- | $ sudo vi /etc/tinc/vpn0/tinc.conf | + | $ sudo nano /etc/tinc/vpn0/tinc.conf |
Append the following: | Append the following: | ||
Name = serverA | Name = serverA | ||
- | Device = /dev/net/tun | + | Interface = tun0 |
- | BindToAddress = 1.2.3.4 | + | |
AddressFamily = ipv4 | AddressFamily = ipv4 | ||
+ | Mode = router | ||
+ | Port = 443 | ||
$ sudo tincd -n vpn0 -K4096 | $ sudo tincd -n vpn0 -K4096 | ||
- | $ sudo vi /etc/tinc/vpn0/hosts/serverA | + | $ sudo nano /etc/tinc/vpn0/hosts/serverA |
- | Subnet = 10.1.0.0/16 //Subnet = 172.16.1.1/32 | + | Compression = 9 |
- | Address = 1.2.3.4 //Address = 192.168.4.5 | + | Address = 56.142.24.99 |
+ | Port = 443 | ||
+ | Subnet = 10.1.0.1/32 | ||
- | $ sudo vi /etc/tinc/vpn0/tinc-up | + | -----BEGIN RSA PUBLIC KEY----- |
+ | |||
+ | |||
+ | $ sudo nano /etc/tinc/vpn0/tinc-up | ||
#!/bin/sh | #!/bin/sh | ||
+ | ifconfig $INTERFACE 10.1.0.1 netmask 255.255.0.0 | ||
+ | route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.1.0.1 | ||
- | # Real interface of internal network: | + | $ sudo nano /etc/tinc/vpn0/tinc-down |
- | # ifconfig eth0 10.1.54.1 netmask 255.255.0.0 | + | |
- | ifconfig $INTERFACE 10.1.54.1 netmask 255.0.0.0 | + | #!/bin/sh |
+ | ifconfig $INTERFACE down | ||
- | $ sudo vi /etc/tinc/vpn0/tinc-down | + | $ chmod a+rx /etc/tinc/vpn0/tinc-* |
+ | |||
+ | |||
+ | $ systemctl enable tinc | ||
+ | $ systemctl enable tinc@vpn0 | ||
+ | |||
+ | $ systemctl start tinc@vpn0 | ||
+ | |||
+ | ===== serverB ===== | ||
+ | |||
+ | $ sudo mkdir -p /etc/tinc/vpn0/hosts/ | ||
+ | |||
+ | $ sudo nano /etc/tinc/vpn0/tinc.conf | ||
Append the following: | Append the following: | ||
+ | |||
+ | Name = serverB | ||
+ | ConnectTo = serverA | ||
+ | AddressFamily = ipv4 | ||
+ | Interface = tun0 | ||
+ | Mode = router | ||
+ | Port = 443 | ||
+ | |||
+ | $ sudo tincd -n vpn0 -K4096 | ||
+ | |||
+ | $ sudo nano /etc/tinc/vpn0/hosts/serverB | ||
+ | |||
+ | Compression = 9 | ||
+ | Port = 443 | ||
+ | Subnet = 10.1.0.2/32 | ||
+ | Subnet = 192.168.1.0/24 | ||
+ | |||
+ | -----BEGIN RSA PUBLIC KEY----- | ||
+ | |||
+ | |||
+ | $ sudo nano /etc/tinc/vpn0/tinc-up | ||
+ | |||
#!/bin/sh | #!/bin/sh | ||
- | /sbin/ifconfig $INTERFACE down | + | ifconfig $INTERFACE 10.1.0.2 netmask 255.255.0.0 |
+ | |||
+ | $ sudo nano /etc/tinc/vpn0/tinc-down | ||
+ | |||
+ | #!/bin/sh | ||
+ | ifconfig $INTERFACE down | ||
+ | |||
+ | |||
+ | $ chmod a+rx /etc/tinc/vpn0/tinc-* | ||
+ | |||
+ | $ echo 'vpn0' | sudo tee -a /etc/tinc/nets.boot | ||
+ | |||
+ | $ systemctl enable tinc | ||
+ | $ systemctl start tinc | ||
+ | |||
+ | ===== Utils ===== | ||
+ | |||
+ | Verification tun0 launch : | ||
+ | $ ps aux | grep tincd | ||
+ | Journal : | ||
+ | $ journalctl -u tinc | ||
- | systemctl enable tinc | + | $ sudo systemctl enable tinc |
- | systemctl enable tinc@vpn0 | + | $ sudo systemctl disable tinc |
+ | $ sudo systemctl restart tinc | ||
+ | $ sudo systemctl start tinc | ||
+ | $ sudo systemctl stop tinc | ||
- | systemctl start tinc@vpn0 | + | Make sure port is opened: |
+ | $ netstat -tulpn | grep tincd | ||