zeroconf IP and DNS configuration

Example: zeroconf IP and DNS configuration

This example describes how to setup a network with no centralized DHCP server and automatic DNS resolution and minimum configuration. You will need Avahi mDNS daemon up and running (not part of this guide, please refer to your distro): http://avahi.org/

Setting up Avahi hostname resolution:

This will allow your computer to resolve mDNS hostnames which addresses in the form of something.local. In order to do it, edit /etc/nsswitch.conf and append ”mdns_minimal [NOTFOUND=return]” to your hosts: line before your dns entry, for example my configuration is:

hosts: files myhostname mdns_minimal [NOTFOUND=return] dns

(Note that you can use a different top level domain than .local, but in such case you need to use mdns entry instead of mdns_minimal.)

Automatic ip assignment and network setup:

Follow the “how to configure” guide from the manual to create the key pair and folders, then edit tinc.conf and insert ”Mode = switch”, this will allow to make all nodes to listen to the same subnet mask simplifying the configuration (although it’ll increase traffic since all nodes will get the data). By default the subnet mask is 169.254.0.0/16. We’ll change how tinc-up brings up the VPN interface; instead of using ifconfig to bring up the interface, we’ll use avahi-autoipd. This yields many advantages:

The Avahi auto-IP daemon automatically assignes an IP address based off available pool.
It’ll publish the hostname in the mDNS resolution network and will also act as controller for the Avahi daemon allowing to browse or publish Avahi services.

So in the tinc-up script you’ll have a line like: avahi-autoipd -D $INTERFACE. That’s it! your VPN will have auto assigned IP addresses, and automatically resolved DNS entries once it’s up. In order to list the machines on the network you can use this command: avahi-browse -d networkname.

Useful bits:

You can insert static hostname resolution for VPN nodes using /etc/avahi/hosts, much like /etc/hosts. You can manually ask for a preferred IP when calling avahi-autoipd by appending ”-S wantedip”.

Example configuration:

In my configuration I have a PC everything connects to (alarmpi, reachable at LAN address 192.168.1.12 and public address alarmpi.example.com), and a laptop and a phone that can access it.

Alarmpi’s tinc.conf:

Name = alarmpi
Mode = switch

The laptop’s tinc.conf:

ConnectTo = alarmpi
Name = laptop
Mode = switch

The phone’s tinc.conf:

ConnectTo = alarmpi
Name = phone
Mode = switch

Every node has the same tinc-up:

#!/bin/sh
avahi-autoipd -D $INTERFACE

hosts/alarmpi:

Address = 192.168.1.12
Address = alarmpi.example.com

-----BEGIN RSA PUBLIC KEY-----
snip
-----END RSA PUBLIC KEY-----

hosts/laptop:

-----BEGIN RSA PUBLIC KEY-----
snip
-----END RSA PUBLIC KEY-----

hosts/phone:

-----BEGIN RSA PUBLIC KEY-----
snip
-----END RSA PUBLIC KEY-----