1 > [[!meta title="simple-bridging-with-dhcp-server-side"]]
2 > # Company: PowerCraft Technology
3 > # Author: Copyright Jelle de Jong <jelledejong@powercraft.nl>
4 > # Note: Please send me an email if you enhanced the document
8 > # This document is free documentation; you can redistribute it and/or
9 > # modify it under the terms of the Creative Commons Attribution Share
10 > # Alike as published by the Creative Commons Foundation; either version
11 > # 3.0 of the License, or (at your option) any later version.
13 > # This document is distributed in the hope that it will be useful,
14 > # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 > # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 > # Creative Commons BY-SA License for more details.
18 > # http://creativecommons.org/licenses/by-sa/
20 > #-----------------------------------------------------------------------
22 > # for commercial support contact me, part of the revenue go back to tinc
24 > #-----------------------------------------------------------------------
26 > # http://www.tinc-vpn.org/
27 > # http://www.tinc-vpn.org/examples/bridging
28 > # http://www.tinc-vpn.org/documentation/tinc_toc
30 > #-----------------------------------------------------------------------
32 > # <@guus> Well all the tinc daemons together act like a single switcch
33 > # <@guus> And each node in the VPN is connected to a port of that switch
34 > # <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch
36 > #-----------------------------------------------------------------------
38 > unset LANG LANGUAGE LC_ALL
39 > apt-get update; apt-get dist-upgrade
42 > apt-get install tinc
43 > apt-get install bridge-utils
45 > #-----------------------------------------------------------------------
47 > /etc/init.d/tinc stop
49 > #-----------------------------------------------------------------------
51 > # ls -hal /dev/net/tun
52 > crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun
54 > # grep tinc /etc/services
55 > tinc 655/tcp # tinc control port
58 > cat /usr/share/doc/tinc/README.Debian
59 > zcat /usr/share/doc/tinc/README.gz | less
60 > zcat /usr/share/doc/tinc/NEWS.gz | less
61 > cat /usr/share/doc/tinc/examples/tinc-up
62 > w3m /usr/share/doc/tinc/tinc_0.html
64 > cat /etc/default/tinc
65 > less /etc/init.d/tinc
67 > #-----------------------------------------------------------------------
69 > vim /etc/default/tinc
71 > cat /etc/default/tinc
73 > #-----------------------------------------------------------------------
75 > cat /etc/tinc/nets.boot
76 > echo 'powercraft01' | tee --append /etc/tinc/nets.boot
77 > cat /etc/tinc/nets.boot
79 > #-----------------------------------------------------------------------
81 > ls -hal /etc/tinc/scallab01/
82 > mkdir --verbose /etc/tinc/powercraft01/
83 > mkdir --verbose /etc/tinc/powercraft01/hosts/
84 > touch /etc/tinc/powercraft01/tinc.conf
86 > #-----------------------------------------------------------------------
88 > vim /etc/network/interfaces
90 > # tinc-vpn: dhcp bridge
92 > iface br0 inet static
94 > netmask 255.255.255.0
95 > # pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7
96 > # pre-up /sbin/ifconfig eth2 0.0.0.0
102 > cat /etc/network/interfaces
104 > #-----------------------------------------------------------------------
106 > echo 'interface "br0" {
107 > request subnet-mask, broadcast-address, time-offset,
108 > host-name, netbios-scope, interface-mtu, ntp-servers;
109 > }' | tee --append /etc/dhcp3/dhclient.conf
111 > cat /etc/dhcp3/dhclient.conf
113 > #-----------------------------------------------------------------------
115 > vim /etc/dhcp3/dhcpd.conf
117 > subnet 192.168.3.0 netmask 255.255.255.0 {
118 > range 192.168.3.200 192.168.3.240;
119 > option routers 192.168.3.1;
120 > option domain-name-servers 192.168.3.1;
123 > #-----------------------------------------------------------------------
128 > #-----------------------------------------------------------------------
130 > vim /etc/default/dhcp3-server
131 > INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location
133 > /etc/init.d/dhcp3-server restart
135 > tail -n 400 -f /var/log/syslog
137 > #-----------------------------------------------------------------------
143 > #-----------------------------------------------------------------------
146 > br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
147 > inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
148 > inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link
149 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
150 > RX packets:12 errors:0 dropped:0 overruns:0 frame:0
151 > TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
152 > collisions:0 txqueuelen:0
153 > RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB)
156 > Kernel IP routing table
157 > Destination Gateway Genmask Flags Metric Ref Use Iface
158 > 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
159 > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
160 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
161 > 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
162 > 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1
165 > bridge name bridge id STP enabled interfaces
166 > br0 8000.000000000000 no
168 > #-----------------------------------------------------------------------
170 > echo 'AddressFamily = ipv4
171 > Device = /dev/net/tun
174 > Name = server01' | tee /etc/tinc/powercraft01/tinc.conf
176 > cat /etc/tinc/powercraft01/tinc.conf
177 > chmod 640 /etc/tinc/powercraft01/tinc.conf
178 > ls -hal /etc/tinc/powercraft01/tinc.conf
181 > ifconfig $INTERFACE 0.0.0.0
182 > brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up
184 > cat /etc/tinc/powercraft01/tinc-up
185 > chmod 750 /etc/tinc/powercraft01/tinc-up
186 > ls -hal /etc/tinc/powercraft01/tinc-up
189 > brctl delif br0 $INTERFACE
190 > ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down
192 > cat /etc/tinc/powercraft01/tinc-down
193 > chmod 750 /etc/tinc/powercraft01/tinc-down
194 > ls -hal /etc/tinc/powercraft01/tinc-down
196 > #-----------------------------------------------------------------------
198 > rm /etc/tinc/powercraft01/rsa_key.priv
199 > rm /etc/tinc/powercraft01/hosts/server01
200 > tincd -n powercraft01 -K
202 > #-----------------------------------------------------------------------
204 > getent services | grep 656
206 > #-----------------------------------------------------------------------
208 > vim /etc/tinc/powercraft01/hosts/server01
210 > # add on head of file
213 > PMTUDiscovery = yes
216 > cat /etc/tinc/powercraft01/hosts/server01
218 > #-----------------------------------------------------------------------
220 > /etc/init.d/tinc stop
222 > /usr/sbin/tincd --net powercraft01 --no-detach --debug=5
224 > #-----------------------------------------------------------------------
226 > /etc/init.d/tinc restart
227 > tail --line=500 --follow /var/log/syslog
229 > #-----------------------------------------------------------------------
237 > #-----------------------------------------------------------------------
240 > br0 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8
241 > inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
242 > inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link
243 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
244 > RX packets:17 errors:0 dropped:0 overruns:0 frame:0
245 > TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
246 > collisions:0 txqueuelen:0
247 > RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB)
250 > tun1 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8
251 > inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link
252 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
253 > RX packets:8 errors:0 dropped:0 overruns:0 frame:0
254 > TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
255 > collisions:0 txqueuelen:500
256 > RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB)
259 > Kernel IP routing table
260 > Destination Gateway Genmask Flags Metric Ref Use Iface
261 > 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
262 > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
263 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
264 > 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
265 > 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1
268 > bridge name bridge id STP enabled interfaces
269 > br0 8000.1eeb95c304d8 no tun1
271 > # brctl showmacs br0
272 > port no mac addr is local? ageing timer
273 > 1 1e:eb:95:c3:04:d8 yes 0.00
274 > 1 86:03:27:21:2e:60 no 44.19
276 > #-----------------------------------------------------------------------
278 > ps aux | grep tincd
279 > tincd -n powercraft01 -kUSR2
280 > tail -n 100 /var/log/syslog
282 > #-----------------------------------------------------------------------
284 > May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun:
285 > May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes in: 468
286 > May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes out: 0
287 > May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes:
288 > May 24 17:29:31 ashley tinc.powercraft01[11557]: server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518)
289 > May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes.
290 > May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges:
291 > May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges.
292 > May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list:
293 > May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:96:a:c8#10 owner server01
294 > May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list.
296 > #-----------------------------------------------------------------------
298 > tcpdump -n -i br0 broadcast
299 > tcpdump -n -i tun0 broadcast
301 > #-----------------------------------------------------------------------
303 > tcpdump -n -e -i br0 icmp
304 > tcpdump -A -p -n -i br0 port 80
305 > tcpdump -A -p -n -i br0
307 > tcpdump -i br0 host 84.245.3.195 -l
309 > #-----------------------------------------------------------------------
311 > cat /var/lib/dhcp3/dhcpd.leases
313 > #-----------------------------------------------------------------------