view · edit · print · history

TINC

"TINC," short for There Is No Cabal; the alleged Cabal was/is an organization that was said to keep an eye on the entire Internet. As this is exactly what you don't want, we named the tinc project after TINC.

TINC is an Open-Source VPN Solution that provides many benefits:

  • Flexibility - Will Run on Many Operating Systems and Environments.
  • Expandability - TINCs design allows for easy additions and expansions of the networks.
  • Encryption - TINC incorporates OpenSSL? or LZO encrytion to provide data confidentiality assurance.
  • Full Mesh Routing - This allows traffic to be tunneled to your host without making unnecessary hops as well as other benefits.

Network Layout

Network layout will vary but will work in the same fundamental ways. In this example we're going to setup a TINC VPN Connection in Router Mode between 2 Servers. Server1 and Server2 with the vpn name nstvpn.

Setup

Download and Install TINC

Source and Binaries http://www.tinc-vpn.org/download For the Most Comprehensive Package List (Windows Executables as well)
If compiling from source refer to INSTALL file in tinc sourcecode.

Precompiled or Portage
apt-get install tinc Debian
pkg_add -r tinc FreeBSD
emerge tinc Gentoo

Router Mode vs. Switched Mode

Create A TINC VPN directory

For this example we have already created our network layout and vpn name : nstvpn . Next, simply create a directory with your vpn name. mkdir /etc/tinc/nstvpn This should be a subdirectory of your tinc install directory. By default it will be /etc/tinc/

Editing or Creating tinc.conf

Create tinc.conf in /etc/tinc/nstvpn/

From Server1: 

   Mode = switch
   Name = Server1
   AddressFamily = ipv4
   Hostnames = yes
   ConnectTo = Server2

From Server2: 

   Mode = switch
   Name = Server1
   AddressFamily = ipv4
   Hostnames = yes

Create tinc-up in the /etc/tinc/nstvpn/ 

    #!/bin/bash
    if [ ! -z "${INTERFACE}" ]; then
            ifconfig "${INTERFACE}" 10.69.10.1 netmask 255.255.0.0 broadcast 10.69.255.255 up
    fi
    exit 0

Create a Secure Key

First 'mkdir /etc/tinc/nstvpn/hosts/ to create a directory that will contain all the VPN clients you allow. From a Prompt run: /usr/sbin/tincd -n nstvpn -K this will generate your private/public RSA keypair; if you do not speicfy bits it will default to 1024 bits.

Exchange Keys

SCP (Secure Copy) the keyfiles into the other severs hosts/ directory. 192.168.0.100 = Server1 192.168.0.101 = Server2

From Server1: scp Server1 192.168.0.101:/etc/tinc/nstvpn/hosts/

From Server2: scp Server2 192.168.0.100:/etc/tinc/nstvpn/hosts/

Starting TINC

From a Prompt run: /usr/sbin/tincd -n nstvpn this will start the TINC VPN Daemon, you can also run /usr/sbin/tincd -d2 -n nstvpn' to start debug verbose logging level 2 for a more detailed output when troubleshooting.

If you have trouble you may have to make a symbolic link like so: ln -s /usr/local/etc/tinc/ /etc/tinc/

You May also have to link tinc.conf ln -s /usr/local/etc/tinc/highfi/tinc.conf /etc/tinc/highfi/tinc.conf

Troubleshooting TINC

http://www.tinc-vpn.org/documentation/tinc_9.html#SEC72

Documentation

http://www.tinc-vpn.org/documentation/tinc

References

http://www.tinc-vpn.org/

ND changes · ALL changes
Page last modified on November 18, 2005, at 12:27 PM