summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
4f36383)
Also remove Device and TCPOnly statements from the examples. Add Interface
statements where non-tinc related scripts use a fixed name for the VPN
interface.
### Configuration of tinc
### Configuration of tinc
-Note that switch' and hub' mode do not utilize the Subnet variable in the host
+Note that switch and hub mode do not utilize the Subnet variable in the host
files. Instead, any packet received by the bridge interface will be passed to
the TUN/TAP device for processing. If your tinc instance is running in hub
mode, all packets are forwarded to the remote tinc instance. In switch mode,
files. Instead, any packet received by the bridge interface will be passed to
the TUN/TAP device for processing. If your tinc instance is running in hub
mode, all packets are forwarded to the remote tinc instance. In switch mode,
> host# cat /etc/tinc/vpn/tinc.conf
> Name = segment1
> host# cat /etc/tinc/vpn/tinc.conf
> Name = segment1
> Mode = switch
> ConnectTo = segment2
>
> host# cat /etc/tinc/vpn/tinc-up
> #!/bin/sh
>
> Mode = switch
> ConnectTo = segment2
>
> host# cat /etc/tinc/vpn/tinc-up
> #!/bin/sh
>
-> ifconfig vpn 0.0.0.0
-> brctl addif bridge vpn
-> ifconfig vpn up
+> ifconfig $INTERFACE 0.0.0.0
+> brctl addif bridge $INTERFACE
+> ifconfig $INTERFACE up
>
> host# ls /etc/tinc/vpn/hosts
> segment1 segment2 ...
>
> host# ls /etc/tinc/vpn/hosts
> segment1 segment2 ...
> host# cat /etc/tinc/vpn/tinc.conf
> Name = atwork
> host# cat /etc/tinc/vpn/tinc.conf
> Name = atwork
> ConnectTo = home
>
> host# cat /etc/tinc/vpn/tinc-up
> #!/bin/sh
>
> ConnectTo = home
>
> host# cat /etc/tinc/vpn/tinc-up
> #!/bin/sh
>
-> ifconfig vpn 192.168.10.20 netmask 255.255.0.0
+> ifconfig $INTERFACE 192.168.10.20 netmask 255.255.0.0
>
> host# ls /etc/tinc/vpn/hosts
> atwork home
>
> host# ls /etc/tinc/vpn/hosts
> atwork home
* "routera" configuration for tinc (the master router):
> >cat tinc.conf
> Name = routera
* "routera" configuration for tinc (the master router):
> >cat tinc.conf
> Name = routera
-> Device=/dev/net/tun
-> TCPOnly = on
> Mode = switch
> Interface = vpn6
>
> >cat tinc-up
> #!/bin/sh
> #Enable tinc
> Mode = switch
> Interface = vpn6
>
> >cat tinc-up
> #!/bin/sh
> #Enable tinc
-> ip -6 link set vpn6 up mtu 1280 txqueuelen 1000
-> ip -6 addr add 2001:db8:beef::1/64 dev vpn6
-> ip -6 route add 2001:db8:beef::/48 dev vpn6
+> ip -6 link set $INTERFACE up mtu 1280 txqueuelen 1000
+> ip -6 addr add 2001:db8:beef::1/64 dev $INTERFACE
+> ip -6 route add 2001:db8:beef::/48 dev $INTERFACE
> #Static routing table
> ip -6 route add 2001:db8:beef:2::/64 via 2001:db8:beef::2
> ip -6 route add 2001:db8:beef:3::/64 via 2001:db8:beef::3
> #Static routing table
> ip -6 route add 2001:db8:beef:2::/64 via 2001:db8:beef::2
> ip -6 route add 2001:db8:beef:3::/64 via 2001:db8:beef::3
> ip -6 route del 2001:db8:beef:3::/64 via 2001:db8:beef:::3
> ip -6 route del 2001:db8:beef:4::/64 via 2001:db8:beef:::4
> #Disable tinc
> ip -6 route del 2001:db8:beef:3::/64 via 2001:db8:beef:::3
> ip -6 route del 2001:db8:beef:4::/64 via 2001:db8:beef:::4
> #Disable tinc
-> ip -6 route del 2001:db8:beef::/48 dev vpn6
-> ip -6 addr del 2001:db8:beef::1/64 dev vpn6
-> ip -6 link set vpn6 down
+> ip -6 route del 2001:db8:beef::/48 dev $INTERFACE
+> ip -6 addr del 2001:db8:beef::1/64 dev $INTERFACE
+> ip -6 link set $INTERFACE down
>
* "routerb" configuration for tinc (the other non-master routers will be like this one):
> >cat tinc.conf
> Name=routerb
>
* "routerb" configuration for tinc (the other non-master routers will be like this one):
> >cat tinc.conf
> Name=routerb
-> Device=/dev/net/tun
-> TCPOnly = yes
>
> >cat tinc-up
> #!/bin/sh
>
> >cat tinc-up
> #!/bin/sh
-> ip -6 link set vpn6 up mtu 1280
-> ip -6 addr add 2001:db8:beef::2/64 dev vpn6
+> ip -6 link set $INTERFACE up mtu 1280
+> ip -6 addr add 2001:db8:beef::2/64 dev $INTERFACE
> ip -6 route add default via 2001:db8:beef::1
>
> >cat tinc-down
> #!/bin/sh
> ip -6 route del default via 2001:db8:beef::1
> ip -6 route add default via 2001:db8:beef::1
>
> >cat tinc-down
> #!/bin/sh
> ip -6 route del default via 2001:db8:beef::1
-> ip -6 addr del 2001:db8:beef::2/64 dev vpn6
-> ip -6 link set vpn6 down
+> ip -6 addr del 2001:db8:beef::2/64 dev $INTERFACE
+> ip -6 link set $INTERFACE down
5. You can use [radvd](http://www.litech.org/radvd/) or [Quagga](http://www.quagga.net/) to perform [stateless address autoconfiguration](http://www.ietf.org/rfc/rfc2462.txt) on your LAN. This is an example zebra.conf for LAN autoconfiguration (don't forget to enable the zebra daemon):
> ipv6 forwarding
5. You can use [radvd](http://www.litech.org/radvd/) or [Quagga](http://www.quagga.net/) to perform [stateless address autoconfiguration](http://www.ietf.org/rfc/rfc2462.txt) on your LAN. This is an example zebra.conf for LAN autoconfiguration (don't forget to enable the zebra daemon):
> ipv6 forwarding
> host# cat /etc/tinc/vpn/tinc.conf
> Name = atwork
> host# cat /etc/tinc/vpn/tinc.conf
> Name = atwork
> ConnectTo = home
>
> host# cat /etc/tinc/vpn/tinc-up
> #!/bin/sh
>
> ConnectTo = home
>
> host# cat /etc/tinc/vpn/tinc-up
> #!/bin/sh
>
-> ifconfig vpn 192.168.10.20 netmask 255.255.0.0
+> ifconfig $INTERFACE 192.168.10.20 netmask 255.255.0.0
>
> host# ls /etc/tinc/vpn/hosts
> atwork home
>
> host# ls /etc/tinc/vpn/hosts
> atwork home
> firewall# cat /etc/tinc/vpn/tinc.conf
> Name = office
> firewall# cat /etc/tinc/vpn/tinc.conf
> Name = office
>
> firewall# cat /etc/tinc/vpn/tinc-up
> #!/bin/sh
>
>
> firewall# cat /etc/tinc/vpn/tinc-up
> #!/bin/sh
>
-> ifconfig vpn 10.20.30.1 netmask 255.255.0.0
+> ifconfig $INTERFACE 10.20.30.1 netmask 255.255.0.0
>
> firewall# ls /etc/tinc/vpn/hosts
> office branch employee_smith employee_jones ...
>
> firewall# ls /etc/tinc/vpn/hosts
> office branch employee_smith employee_jones ...