1 [[!meta title="simple-bridging-with-dhcp-server-side"]]
3 # Company: PowerCraft Technology
4 # Author: Copyright Jelle de Jong <jelledejong@powercraft.nl>
5 # Note: Please send me an email if you enhanced the document
6 # Date: 2010-05-24 / 2010-07-04
9 # This document is free documentation; you can redistribute it and/or
10 # modify it under the terms of the Creative Commons Attribution Share
11 # Alike as published by the Creative Commons Foundation; either version
12 # 3.0 of the License, or (at your option) any later version.
14 # This document is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # Creative Commons BY-SA License for more details.
19 # http://creativecommons.org/licenses/by-sa/
21 #-----------------------------------------------------------------------
23 # for commercial support contact me, part of the revenue go back to tinc
25 #-----------------------------------------------------------------------
27 # http://www.tinc-vpn.org/
28 # http://www.tinc-vpn.org/examples/bridging
29 # http://www.tinc-vpn.org/documentation/tinc_toc
31 #-----------------------------------------------------------------------
33 # <@guus> Well all the tinc daemons together act like a single switcch
34 # <@guus> And each node in the VPN is connected to a port of that switch
35 # <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch
37 #-----------------------------------------------------------------------
39 unset LANG LANGUAGE LC_ALL
40 apt-get update; apt-get dist-upgrade
44 apt-get install bridge-utils
46 #-----------------------------------------------------------------------
50 #-----------------------------------------------------------------------
52 # ls -hal /dev/net/tun
53 crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun
55 # grep tinc /etc/services
56 tinc 655/tcp # tinc control port
59 cat /usr/share/doc/tinc/README.Debian
60 zcat /usr/share/doc/tinc/README.gz | less
61 zcat /usr/share/doc/tinc/NEWS.gz | less
62 cat /usr/share/doc/tinc/examples/tinc-up
63 w3m /usr/share/doc/tinc/tinc_0.html
68 #-----------------------------------------------------------------------
74 #-----------------------------------------------------------------------
76 cat /etc/tinc/nets.boot
77 echo 'powercraft01' | tee --append /etc/tinc/nets.boot
78 cat /etc/tinc/nets.boot
80 #-----------------------------------------------------------------------
82 ls -hal /etc/tinc/scallab01/
83 mkdir --verbose /etc/tinc/powercraft01/
84 mkdir --verbose /etc/tinc/powercraft01/hosts/
85 touch /etc/tinc/powercraft01/tinc.conf
87 #-----------------------------------------------------------------------
89 vim /etc/network/interfaces
91 # tinc-vpn: dhcp bridge
96 # pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7
97 # pre-up /sbin/ifconfig eth2 0.0.0.0
102 post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/br0/proxy_arp # optional
104 cat /etc/network/interfaces
106 #-----------------------------------------------------------------------
108 echo 'interface "br0" {
109 request subnet-mask, broadcast-address, time-offset,
110 host-name, netbios-scope, interface-mtu, ntp-servers;
111 }' | tee --append /etc/dhcp3/dhclient.conf
113 cat /etc/dhcp3/dhclient.conf
115 #-----------------------------------------------------------------------
117 vim /etc/dhcp3/dhcpd.conf
119 subnet 192.168.3.0 netmask 255.255.255.0 {
120 range 192.168.3.200 192.168.3.240;
121 option routers 192.168.3.1;
122 option domain-name-servers 192.168.3.1;
125 #-----------------------------------------------------------------------
130 #-----------------------------------------------------------------------
132 vim /etc/default/dhcp3-server
133 INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location
135 /etc/init.d/dhcp3-server restart
137 tail -n 400 -f /var/log/syslog
139 #-----------------------------------------------------------------------
145 #-----------------------------------------------------------------------
148 br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
149 inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
150 inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link
151 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
152 RX packets:12 errors:0 dropped:0 overruns:0 frame:0
153 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
154 collisions:0 txqueuelen:0
155 RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB)
158 Kernel IP routing table
159 Destination Gateway Genmask Flags Metric Ref Use Iface
160 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
161 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
162 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
163 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
164 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1
167 bridge name bridge id STP enabled interfaces
168 br0 8000.000000000000 no
170 #-----------------------------------------------------------------------
172 echo 'AddressFamily = ipv4
173 Device = /dev/net/tun
176 Name = server01' | tee /etc/tinc/powercraft01/tinc.conf
178 cat /etc/tinc/powercraft01/tinc.conf
179 chmod 640 /etc/tinc/powercraft01/tinc.conf
180 ls -hal /etc/tinc/powercraft01/tinc.conf
183 ifconfig $INTERFACE 0.0.0.0
184 route add -net 192.168.30.0 netmask 255.255.255.0 br0 # optional subnet
185 brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up
187 cat /etc/tinc/powercraft01/tinc-up
188 chmod 750 /etc/tinc/powercraft01/tinc-up
189 ls -hal /etc/tinc/powercraft01/tinc-up
192 brctl delif br0 $INTERFACE
193 route del -net 192.168.30.0 netmask 255.255.255.0 br0 # optional subnet
194 ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down
196 cat /etc/tinc/powercraft01/tinc-down
197 chmod 750 /etc/tinc/powercraft01/tinc-down
198 ls -hal /etc/tinc/powercraft01/tinc-down
200 #-----------------------------------------------------------------------
202 rm /etc/tinc/powercraft01/rsa_key.priv
203 rm /etc/tinc/powercraft01/hosts/server01
204 tincd -n powercraft01 -K
206 #-----------------------------------------------------------------------
208 getent services | grep 656
210 #-----------------------------------------------------------------------
212 vim /etc/tinc/powercraft01/hosts/server01
214 # add on head of file
220 cat /etc/tinc/powercraft01/hosts/server01
222 #-----------------------------------------------------------------------
224 /etc/init.d/tinc stop
226 /usr/sbin/tincd --net powercraft01 --no-detach --debug=5
228 #-----------------------------------------------------------------------
230 /etc/init.d/tinc restart
231 tail --line=500 --follow /var/log/syslog
233 #-----------------------------------------------------------------------
241 #-----------------------------------------------------------------------
244 br0 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8
245 inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
246 inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link
247 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
248 RX packets:17 errors:0 dropped:0 overruns:0 frame:0
249 TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
250 collisions:0 txqueuelen:0
251 RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB)
254 tun1 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8
255 inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link
256 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
257 RX packets:8 errors:0 dropped:0 overruns:0 frame:0
258 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
259 collisions:0 txqueuelen:500
260 RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB)
263 Kernel IP routing table
264 Destination Gateway Genmask Flags Metric Ref Use Iface
265 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
266 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
267 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
268 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
269 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1
272 bridge name bridge id STP enabled interfaces
273 br0 8000.1eeb95c304d8 no tun1
276 port no mac addr is local? ageing timer
277 1 1e:eb:95:c3:04:d8 yes 0.00
278 1 86:03:27:21:2e:60 no 44.19
280 #-----------------------------------------------------------------------
283 tincd -n powercraft01 -kUSR2
284 tail -n 100 /var/log/syslog
286 #-----------------------------------------------------------------------
288 May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun:
289 May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes in: 468
290 May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes out: 0
291 May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes:
292 May 24 17:29:31 ashley tinc.powercraft01[11557]: server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518)
293 May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes.
294 May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges:
295 May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges.
296 May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list:
297 May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:96:a:c8#10 owner server01
298 May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list.
300 #-----------------------------------------------------------------------
302 tcpdump -n -i br0 broadcast
303 tcpdump -n -i tun0 broadcast
305 #-----------------------------------------------------------------------
307 tcpdump -n -e -i br0 icmp
308 tcpdump -A -p -n -i br0 port 80
309 tcpdump -A -p -n -i br0
311 tcpdump -i br0 host 84.245.3.195 -l
313 #-----------------------------------------------------------------------
315 cat /var/lib/dhcp3/dhcpd.leases
317 #-----------------------------------------------------------------------
322 # /sbin/iptables --append FORWARD --in-interface br0 --out-interface vlan2 --jump ACCEPT
323 /sbin/iptables --append FORWARD --in-interface ${VPN02} --source 192.168.3.150 --destination 192.168.2.206 --out-interface ${LAN01} --jump ACCEPT
325 #-----------------------------------------------------------------------