<div dir="ltr">By the way, if you create a layer 2 vpn using bridging like this, I suggest installing ebtables on your tinc box so that you can put in some layer 2 firewall rules. An interesting result when you don't do this is DHCP traversing the VPN. Much to my surprise I've seen hosts on one site receive DHCP from a site across the VPN, ultimately using the remote router as its gateway.<div>
You would think the local server would be faster and always win, but that's not always the case.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Mar 19, 2014 at 3:03 PM, Donald Pearson <span dir="ltr"><<a href="mailto:donaldwhpearson@gmail.com" target="_blank">donaldwhpearson@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Well you use brctl to bridge the virtual adapter (interface) to a real physical interface, and that's represented by an additional virtual interface which is the bridge itself. That bridge is what you configure with an IP on your LAN statically or via DHCP. <div>
<br></div><div>If you do all this ahead of time you don't even need a tinc-up script.</div><div><br></div><div>If you want the bridge to be built up when tinc connects it would look something like this. Do the inverse for a tinc-down</div>
<div><br></div><div>tinc.conf</div><div><div>Name = Alpha</div><div>ConnectTo = Beta<br></div><div>ConnectTo = Charlie<br></div></div><div>Device = /dev/net/tun<br></div><div><div>Mode = switch<br></div><div>PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv<br>
</div><div>#</div><div>#</div></div><div><br></div><div>Tinc-up</div><div><div>#!/bin/sh</div><div>modprobe tun</div><div>ifconfig vpn 0.0.0.0</div><div>ifconfig vpn up</div><div>ifconfig eth1 0.0.0.0</div><div>ifconfig eth1 up</div>
<div><br></div><div>brctl addbr bridge</div><div>brctl addif bridge vpn</div><div>brctl addif bridge eth1</div><div>ifconfig bridge 10.10.0.1 netmask 255.255.0.0</div><div>route add default gw 10.10.0.254 bridge</div><div>
ifconfig bridge up</div></div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Mar 19, 2014 at 2:44 PM, Aaron Anderson <span dir="ltr"><<a href="mailto:anderson.aaron@gmail.com" target="_blank">anderson.aaron@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Does connecting to that machine get you access to other machines on<br>
the network? That's what I'm having trouble with. I want to connect to<br>
machines that do not have tinc installed.<br>
<div><div><br>
On Wed, Mar 19, 2014 at 2:30 PM, vmlinux <<a href="mailto:vmlinux@charter.net" target="_blank">vmlinux@charter.net</a>> wrote:<br>
> Aaron Anderson said on 03/19/2014 01:23 PM:<br>
>> I do already have those installed. I was really hoping for someone who<br>
>> had some already working configs or examples.<br>
><br>
> # /etc/tinc/myvpn/tinc.conf<br>
> Name = mynode<br>
> AddressFamily = ipv4<br>
> interface = tinc0<br>
><br>
> # /etc/tinc/myvpn/tinc-up<br>
> #!/bin/bash<br>
> ifconfig $INTERFACE 10.10.10.1 netmask 255.255.255.0<br>
><br>
> # /etc/tinc/myvpn/tinc-down<br>
> #!/bin/bash<br>
> ifconfig $INTERFACE down<br>
><br>
> # tincd -n myvpn<br>
><br>
> _______________________________________________<br>
> tinc mailing list<br>
> <a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
> <a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>