1 [[!meta title="creating a bridge to bridge tinc-vpn dhcp system to connect netwerk segments"]]
3 # this docu is still in progress # jelle
5 ------------------------------------------------------------------------
7 # Company: PowerCraft Technology
8 # Author: Copyright Jelle de Jong <jelledejong@powercraft.nl>
9 # Note: Please send me an email if you enhanced the document
13 # This document is free documentation; you can redistribute it and/or
14 # modify it under the terms of the Creative Commons Attribution Share
15 # Alike as published by the Creative Commons Foundation; either version
16 # 3.0 of the License, or (at your option) any later version.
18 # This document is distributed in the hope that it will be useful,
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 # Creative Commons BY-SA License for more details.
23 # https://creativecommons.org/licenses/by-sa/
25 ------------------------------------------------------------------------
27 # information: https://www.tinc-vpn.org/
29 ------------------------------------------------------------------------
31 apt-get update; apt-get dist-upgrade
34 apt-get install tinc/unstable
35 apt-get install bridge-utils/unstable
37 ------------------------------------------------------------------------
41 ------------------------------------------------------------------------
43 # ls -hal /dev/net/tun
44 crw-rw-rw- 1 root root 10, 200 2009-09-11 15:37 /dev/net/tun
46 # grep tinc /etc/services
47 tinc 655/tcp # tinc control port
50 cat /usr/share/doc/tinc/README.Debian
51 zcat /usr/share/doc/tinc/README.gz | less
52 zcat /usr/share/doc/tinc/NEWS.gz | less
53 cat /usr/share/doc/tinc/examples/tinc-up
54 w3m /usr/share/doc/tinc/tinc_0.html
56 https://www.tinc-vpn.org/documentation/tinc_toc
58 sudo vim /etc/default/tinc
64 ------------------------------------------------------------------------
69 ------------------------------------------------------------------------
72 eth0 Link encap:Ethernet HWaddr 00:26:18:6a:a0:52
73 inet6 addr: fe80::226:18ff:fe6a:a052/64 Scope:Link
74 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
75 RX packets:35 errors:0 dropped:0 overruns:0 frame:0
76 TX packets:5879 errors:0 dropped:0 overruns:0 carrier:1
77 collisions:0 txqueuelen:1000
78 RX bytes:5958 (5.8 KiB) TX bytes:594793 (580.8 KiB)
81 lo Link encap:Local Loopback
82 inet addr:127.0.0.1 Mask:255.0.0.0
83 inet6 addr: ::1/128 Scope:Host
84 UP LOOPBACK RUNNING MTU:16436 Metric:1
85 RX packets:838 errors:0 dropped:0 overruns:0 frame:0
86 TX packets:838 errors:0 dropped:0 overruns:0 carrier:0
87 collisions:0 txqueuelen:0
88 RX bytes:87938 (85.8 KiB) TX bytes:87938 (85.8 KiB)
90 ppp0 Link encap:Point-to-Point Protocol
91 inet addr:10.79.163.113 P-t-P:10.64.64.64 Mask:255.255.255.255
92 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
93 RX packets:4833 errors:0 dropped:0 overruns:0 frame:0
94 TX packets:4645 errors:0 dropped:0 overruns:0 carrier:0
95 collisions:0 txqueuelen:3
96 RX bytes:952105 (929.7 KiB) TX bytes:319496 (312.0 KiB)
99 Kernel IP routing table
100 Destination Gateway Genmask Flags Metric Ref Use Iface
101 10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
102 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
104 ------------------------------------------------------------------------
106 # client02 configuration
107 ------------------------------------------------------------------------
109 cat /etc/tinc/nets.boot
110 echo 'myvpn01' | sudo tee --append /etc/tinc/nets.boot
111 cat /etc/tinc/nets.boot
113 ------------------------------------------------------------------------
115 sudo mkdir --verbose /etc/tinc/myvpn01/
116 sudo mkdir --verbose /etc/tinc/myvpn01/hosts/
117 sudo touch /etc/tinc/myvpn01/tinc.conf
119 ------------------------------------------------------------------------
122 cat /etc/tinc/myvpn01/hosts/server01
124 # on client, copy cert data of server to client
125 sudo vim /etc/tinc/myvpn01/hosts/server01
127 # add on head of file
128 Address = 712.661.21.23 # only on client
130 ------------------------------------------------------------------------
132 echo 'ConnectTo = server01
133 Device = /dev/net/tun
136 Name = client02' | sudo tee /etc/tinc/myvpn01/tinc.conf
138 sudo cat /etc/tinc/myvpn01/tinc.conf
139 sudo chmod 644 /etc/tinc/myvpn01/tinc.conf
140 ls -hal /etc/tinc/myvpn01/tinc.conf
143 ifconfig $INTERFACE 0.0.0.0
144 brctl addif br0 $INTERFACE
145 ifconfig $INTERFACE up' | tee /etc/tinc/myvpn01/tinc-up
147 sudo cat /etc/tinc/myvpn01/tinc-up
148 sudo chmod 755 /etc/tinc/myvpn01/tinc-up
149 ls -hal /etc/tinc/myvpn01/tinc-up
152 ifup br0 &' | sudo tee /etc/tinc/myvpn01/hosts/server01-up
154 sudo cat /etc/tinc/myvpn01/hosts/server01-up
155 sudo chmod 755 /etc/tinc/myvpn01/hosts/server01-up
156 ls -hal /etc/tinc/myvpn01/hosts/server01-up
159 brctl delif br0 $INTERFACE
160 ifconfig $INTERFACE down' | sudo tee /etc/tinc/myvpn01/tinc-down
162 sudo cat /etc/tinc/myvpn01/tinc-down
163 sudo chmod 755 /etc/tinc/myvpn01/tinc-down
164 ls -hal /etc/tinc/myvpn01/tinc-down
168 ifconfig br0 0.0.0.0' | sudo tee /etc/tinc/myvpn01/hosts/server01-down
170 sudo cat /etc/tinc/myvpn01/hosts/server01-down
171 sudo chmod 755 /etc/tinc/myvpn01/hosts/server01-down
172 ls -hal /etc/tinc/myvpn01/hosts/server01-down
174 ------------------------------------------------------------------------
176 sudo rm /etc/tinc/myvpn01/rsa_key.priv
177 sudo rm /etc/tinc/myvpn01/hosts/client02
179 PMTUDiscovery = yes' | sudo tee --append /etc/tinc/myvpn01/hosts/client02
180 sudo tincd -n myvpn01 -K
182 ------------------------------------------------------------------------
184 # on client add on head of file
185 sudo vim /etc/tinc/myvpn01/hosts/client02
190 sudo cat /etc/tinc/myvpn01/hosts/client02
192 # on server, copy cert data of client to server
193 vim /etc/tinc/myvpn01/hosts/client02
195 ------------------------------------------------------------------------
197 # cat /etc/network/interfaces
199 iface lo inet loopback
203 provider mobile-vodafone
206 iface eth0 inet manual
207 pre-up brctl addbr br0
208 pre-up ifconfig eth0 down
209 pre-up brctl addif br0 eth0
210 pre-up ifconfig eth0 up
211 post-down ifconfig eth0 down
212 post-down brctl delif br0 eth0
213 post-down ifconfig br0 down
214 post-down brctl delbr br0
217 post-up route del default dev br0
219 ------------------------------------------------------------------------
221 echo 'interface "br0" {
222 request subnet-mask, broadcast-address, time-offset,
223 host-name, netbios-scope, interface-mtu, ntp-servers;
224 }' | tee --append /etc/dhcp3/dhclient.conf
226 cat /etc/dhcp3/dhclient.conf
228 ------------------------------------------------------------------------
230 sudo /etc/init.d/tinc stop
232 sudo /usr/sbin/tincd --net myvpn01 --no-detach --debug=5
234 ------------------------------------------------------------------------
236 # sudo /usr/sbin/tincd --net myvpn01 --no-detach --debug=5
237 tincd 1.0.9 (Dec 26 2008 14:50:38) starting, debug level 5
239 ------------------------------------------------------------------------
246 ------------------------------------------------------------------------
249 br0 Link encap:Ethernet HWaddr 00:26:18:6a:a0:52
250 inet addr:10.10.3.116 Bcast:10.10.255.255 Mask:255.255.0.0
251 inet6 addr: fe80::226:18ff:fe6a:a052/64 Scope:Link
252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
253 RX packets:2479 errors:0 dropped:0 overruns:0 frame:0
254 TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
255 collisions:0 txqueuelen:0
256 RX bytes:209742 (204.8 KiB) TX bytes:10280 (10.0 KiB)
258 eth0 Link encap:Ethernet HWaddr 00:26:18:6a:a0:52
259 inet6 addr: fe80::226:18ff:fe6a:a052/64 Scope:Link
260 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
261 RX packets:11 errors:0 dropped:0 overruns:0 frame:0
262 TX packets:2430 errors:0 dropped:0 overruns:0 carrier:1
263 collisions:0 txqueuelen:1000
264 RX bytes:1079 (1.0 KiB) TX bytes:237231 (231.6 KiB)
267 lo Link encap:Local Loopback
268 inet addr:127.0.0.1 Mask:255.0.0.0
269 inet6 addr: ::1/128 Scope:Host
270 UP LOOPBACK RUNNING MTU:16436 Metric:1
271 RX packets:516 errors:0 dropped:0 overruns:0 frame:0
272 TX packets:516 errors:0 dropped:0 overruns:0 carrier:0
273 collisions:0 txqueuelen:0
274 RX bytes:63488 (62.0 KiB) TX bytes:63488 (62.0 KiB)
276 ppp0 Link encap:Point-to-Point Protocol
277 inet addr:10.79.163.113 P-t-P:10.64.64.64 Mask:255.255.255.255
278 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
279 RX packets:2028 errors:0 dropped:0 overruns:0 frame:0
280 TX packets:1967 errors:0 dropped:0 overruns:0 carrier:0
281 collisions:0 txqueuelen:3
282 RX bytes:388056 (378.9 KiB) TX bytes:152260 (148.6 KiB)
284 tun0 Link encap:Ethernet HWaddr 42:8f:ff:cf:51:a8
285 inet6 addr: fe80::408f:ffff:fecf:51a8/64 Scope:Link
286 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
287 RX packets:2545 errors:0 dropped:0 overruns:0 frame:0
288 TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
289 collisions:0 txqueuelen:500
290 RX bytes:249926 (244.0 KiB) TX bytes:10375 (10.1 KiB)
293 Kernel IP routing table
294 Destination Gateway Genmask Flags Metric Ref Use Iface
295 10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
296 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
297 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
300 bridge name bridge id STP enabled interfaces
301 br0 8000.0026186aa052 no eth0
304 port no mac addr is local? ageing timer
305 2 00:01:36:05:ba:5f no 0.00
306 2 00:02:44:b0:d6:4a no 32.81
307 2 00:04:23:02:14:d2 no 32.36
308 2 00:04:75:f6:fb:34 no 181.26
309 2 00:08:02:1f:bb:2f no 116.37
310 2 00:08:a1:3f:f9:c6 no 181.46
311 2 00:08:a1:3f:f9:d8 no 32.93
312 2 00:0a:5e:43:85:80 no 7.87
313 2 00:0c:76:50:3a:1e no 226.27
314 2 00:10:22:fd:87:0d no 80.60
315 2 00:10:22:fd:88:66 no 78.88
316 2 00:10:83:57:a9:d9 no 51.13
317 2 00:10:b5:e8:04:5b no 6.80
318 2 00:11:09:a9:66:0c no 247.43
319 2 00:11:09:a9:66:49 no 149.78
320 2 00:11:09:a9:66:7c no 151.98
321 2 00:11:09:a9:66:b1 no 24.24
322 2 00:11:2f:48:16:ac no 0.25
323 2 00:11:85:d5:ae:b2 no 62.16
324 2 00:11:85:e9:de:ec no 2.29
325 2 00:12:79:91:3d:de no 15.00
326 2 00:13:20:82:bc:19 no 210.92
327 2 00:13:20:82:bc:82 no 266.75
328 2 00:13:21:cc:f1:42 no 12.52
329 2 00:15:f2:0b:c2:6a no 31.42
330 2 00:15:f2:4b:e9:8a no 13.65
331 2 00:17:31:77:d7:10 no 166.02
332 2 00:17:a4:df:77:99 no 288.48
333 2 00:18:f3:20:f3:aa no 128.37
334 2 00:18:f3:a3:a5:ec no 15.15
335 2 00:18:f3:a3:a5:f5 no 107.42
336 2 00:1b:11:63:e4:08 no 15.46
337 2 00:1b:11:63:e6:6a no 232.79
338 2 00:1b:11:63:ff:a7 no 251.39
339 2 00:1b:21:43:7c:85 no 3.41
340 2 00:1b:21:44:27:8b no 186.89
341 2 00:1c:c4:be:54:2e no 9.67
342 2 00:1e:8c:92:b3:bb no 6.91
343 2 00:20:6b:54:c1:85 no 202.51
344 2 00:20:af:aa:71:3d no 25.63
345 2 00:24:8c:3d:9e:e1 no 0.22
346 2 00:24:8c:8f:bb:68 no 127.07
347 1 00:26:18:6a:a0:52 yes 0.00
348 2 00:40:01:30:29:01 no 27.75
349 2 00:69:00:12:1e:5c no 218.41
350 2 00:69:00:12:25:84 no 133.35
351 2 00:e0:4b:0c:75:2d no 54.79
352 2 00:e0:4c:02:7c:fb no 9.09
353 2 00:e0:4c:43:c0:e2 no 194.68
354 2 42:8f:ff:cf:51:a8 yes 0.00
356 ------------------------------------------------------------------------