Example: zeroconf IP and DNS configuration
This example describes how to setup a network with no centralized DHCP server and automatic DNS resolution and minimum configuration. You will need Avahi mDNS daemon up and running (not part of this guide, please refer to your distro): http://avahi.org/
Setting up Avahi hostname resolution:
This will allow your computer to resolve mDNS hostnames which
addresses in the form of something.local. In order to do it, edit
/etc/nsswitch.conf
and append ”mdns_minimal
[NOTFOUND=return]
” to your hosts:
line before
your dns
entry, for example my configuration is:
hosts: files myhostname mdns_minimal [NOTFOUND=return] dns
(Note that you can use a different top level domain than .local,
but in such case you need to use mdns
entry instead of
mdns_minimal
.)
Automatic ip assignment and network setup:
Follow the “how to configure” guide from the manual to create the key pair and folders, then
edit tinc.conf
and insert ”Mode =
switch
”, this will allow to make all nodes to listen to the
same subnet mask simplifying the configuration (although it’ll
increase traffic since all nodes will get the data). By default the
subnet mask is 169.254.0.0/16. We’ll change how
tinc-up
brings up the VPN interface; instead of using
ifconfig
to bring up the interface, we’ll use
avahi-autoipd
. This yields many advantages:
- The Avahi auto-IP daemon automatically assignes an IP address based off available pool.
- It’ll publish the hostname in the mDNS resolution network and will also act as controller for the Avahi daemon allowing to browse or publish Avahi services.
So in the tinc-up
script you’ll have a line like:
avahi-autoipd -D $INTERFACE
. That’s it! your VPN will
have auto assigned IP addresses, and automatically resolved DNS
entries once it’s up. In order to list the machines on the network
you can use this command: avahi-browse -d
networkname
.
Useful bits:
You can insert static hostname resolution for VPN nodes using
/etc/avahi/hosts
, much like /etc/hosts
.
You can manually ask for a preferred IP when calling
avahi-autoipd
by appending ”-S
wantedip”.
Example configuration:
In my configuration I have a PC everything connects to (alarmpi, reachable at LAN address 192.168.1.12 and public address alarmpi.example.com), and a laptop and a phone that can access it.
Alarmpi’s tinc.conf
:
Name = alarmpi
Mode = switch
The laptop’s tinc.conf
:
ConnectTo = alarmpi
Name = laptop
Mode = switch
The phone’s tinc.conf
:
ConnectTo = alarmpi
Name = phone
Mode = switch
Every node has the same tinc-up:
#!/bin/sh
avahi-autoipd -D $INTERFACE
hosts/alarmpi
:
Address = 192.168.1.12
Address = alarmpi.example.com
-----BEGIN RSA PUBLIC KEY-----
snip
-----END RSA PUBLIC KEY-----
hosts/laptop
:
-----BEGIN RSA PUBLIC KEY-----
snip
-----END RSA PUBLIC KEY-----
hosts/phone
:
-----BEGIN RSA PUBLIC KEY-----
snip
-----END RSA PUBLIC KEY-----