1 [[!meta title="simple-bridging-with-dhcp-client-side"]]
3 # Company: PowerCraft Technology
4 # Author: Copyright Jelle de Jong <jelledejong@powercraft.nl>
5 # Note: Please send me an email if you enhanced the document
6 # Date: 2010-05-24 / 2010-07-04
9 # This document is free documentation; you can redistribute it and/or
10 # modify it under the terms of the Creative Commons Attribution Share
11 # Alike as published by the Creative Commons Foundation; either version
12 # 3.0 of the License, or (at your option) any later version.
14 # This document is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # Creative Commons BY-SA License for more details.
19 # https://creativecommons.org/licenses/by-sa/
21 #-----------------------------------------------------------------------
23 # for commercial support contact me, part of the revenue go back to tinc
25 #-----------------------------------------------------------------------
27 # https://www.tinc-vpn.org/
28 # https://www.tinc-vpn.org/documentation/tinc_toc
30 #-----------------------------------------------------------------------
32 # this is the configuration of the roxy system
34 #-----------------------------------------------------------------------
36 unset LANG LANGUAGE LC_ALL
37 apt-get update; apt-get dist-upgrade
40 apt-get install tinc/testing
42 #-----------------------------------------------------------------------
46 #-----------------------------------------------------------------------
48 # ls -hal /dev/net/tun
49 crw------- 1 root root 10, 200 May 24 15:53 /dev/net/tun
51 # grep tinc /etc/services
52 tinc 655/tcp # tinc control port
55 # getent services tinc/udp
57 # getent services tinc/tcp
60 cat /usr/share/doc/tinc/README.Debian
61 zcat /usr/share/doc/tinc/README.gz | less
62 zcat /usr/share/doc/tinc/NEWS.gz | less
63 cat /usr/share/doc/tinc/examples/tinc-up
64 w3m /usr/share/doc/tinc/tinc_0.html
66 #-----------------------------------------------------------------------
72 # less /etc/init.d/tinc
74 #-----------------------------------------------------------------------
79 #-----------------------------------------------------------------------
82 eth0 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6c
83 inet addr:84.245.9.246 Bcast:84.245.9.255 Mask:255.255.255.0
84 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
85 RX packets:4863 errors:0 dropped:0 overruns:0 frame:0
86 TX packets:2958 errors:0 dropped:0 overruns:0 carrier:0
87 collisions:0 txqueuelen:1000
88 RX bytes:4302418 (4.1 MiB) TX bytes:303100 (295.9 KiB)
89 Interrupt:10 Base address:0x1000
91 eth1 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6d
92 UP BROADCAST MULTICAST MTU:1500 Metric:1
93 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
94 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
95 collisions:0 txqueuelen:1000
96 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
97 Interrupt:11 Base address:0x1400
99 eth2 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6e
100 UP BROADCAST MULTICAST MTU:1500 Metric:1
101 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
102 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
103 collisions:0 txqueuelen:1000
104 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
105 Interrupt:15 Base address:0x1800
107 lo Link encap:Local Loopback
108 inet addr:127.0.0.1 Mask:255.0.0.0
109 UP LOOPBACK RUNNING MTU:16436 Metric:1
110 RX packets:1200 errors:0 dropped:0 overruns:0 frame:0
111 TX packets:1200 errors:0 dropped:0 overruns:0 carrier:0
112 collisions:0 txqueuelen:0
113 RX bytes:96572 (94.3 KiB) TX bytes:96572 (94.3 KiB)
116 Kernel IP routing table
117 Destination Gateway Genmask Flags Metric Ref Use Iface
118 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
119 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0
121 #-----------------------------------------------------------------------
123 # client01 configuration
125 cat /etc/tinc/nets.boot
126 echo 'powercraft01' | sudo tee --append /etc/tinc/nets.boot
127 cat /etc/tinc/nets.boot
129 #-----------------------------------------------------------------------
131 sudo mkdir --verbose /etc/tinc/powercraft01/
132 sudo mkdir --verbose /etc/tinc/powercraft01/hosts/
133 sudo touch /etc/tinc/powercraft01/tinc.conf
135 #-----------------------------------------------------------------------
138 cat /etc/tinc/powercraft01/hosts/server01
140 # on client, copy cert data of server to client
141 sudo vim /etc/tinc/powercraft01/hosts/server01
143 # on client, add on head of file
144 Address = powercraft.nl 656
145 Address = 84.245.3.195 656
146 Address = tinc-vpn.powercraft.nl 656
147 Address = powercraft.nl 655
148 Address = 84.245.3.195 655
149 Address = tinc-vpn.powercraft.nl 655
151 #-----------------------------------------------------------------------
153 echo 'ConnectTo = server01
154 Device = /dev/net/tun
157 Name = client01' | sudo tee /etc/tinc/powercraft01/tinc.conf
159 sudo cat /etc/tinc/powercraft01/tinc.conf
160 sudo chmod 644 /etc/tinc/powercraft01/tinc.conf
161 ls -hal /etc/tinc/powercraft01/tinc.conf
164 ifconfig $INTERFACE 0.0.0.0' | tee /etc/tinc/powercraft01/tinc-up
166 sudo cat /etc/tinc/powercraft01/tinc-up
167 sudo chmod 755 /etc/tinc/powercraft01/tinc-up
168 ls -hal /etc/tinc/powercraft01/tinc-up
171 # ifconfig tun1 hw ether 00:ff:5d:ea:b4:ec
172 ifup $INTERFACE &' | sudo tee /etc/tinc/powercraft01/hosts/server01-up
174 sudo cat /etc/tinc/powercraft01/hosts/server01-up
175 sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-up
176 ls -hal /etc/tinc/powercraft01/hosts/server01-up
179 ifconfig $INTERFACE down' | sudo tee /etc/tinc/powercraft01/tinc-down
181 sudo cat /etc/tinc/powercraft01/tinc-down
182 sudo chmod 755 /etc/tinc/powercraft01/tinc-down
183 ls -hal /etc/tinc/powercraft01/tinc-down
186 ifdown $INTERFACE' | sudo tee /etc/tinc/powercraft01/hosts/server01-down
188 sudo cat /etc/tinc/powercraft01/hosts/server01-down
189 sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-down
190 ls -hal /etc/tinc/powercraft01/hosts/server01-down
192 #-----------------------------------------------------------------------
194 sudo rm /etc/tinc/powercraft01/rsa_key.priv
195 sudo rm /etc/tinc/powercraft01/hosts/client10
196 sudo tincd -n powercraft01 -K
198 #-----------------------------------------------------------------------
200 # on client add on head of file
201 sudo vim /etc/tinc/powercraft01/hosts/client01
206 # Cipher = aes-128-cbc
209 sudo cat /etc/tinc/powercraft01/hosts/client01
211 # on server, copy cert data of client to server
212 vim /etc/tinc/powercraft01/hosts/client01
214 #-----------------------------------------------------------------------
216 # watch out when using multiple dhcp clients there can be conflicts
218 echo 'interface "tun1" {
219 request subnet-mask, broadcast-address, time-offset,
220 host-name, netbios-scope, interface-mtu, ntp-servers;
221 }' | tee --append /etc/dhcp3/dhclient.conf
223 cat /etc/dhcp3/dhclient.conf
225 #-----------------------------------------------------------------------
227 vim /etc/network/interfaces
230 pre-up ifconfig tun1 down || true
231 pre-up ifconfig tun1 hw ether 9a:f6:50:3b:c0:48 || true
232 post-up route del default dev tun1 || true
233 # pre-down /etc/init.d/munin-node stop || true
234 # post-up /etc/init.d/munin-node restart || true
235 # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/tun1/proxy_arp || true
236 # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/vlan4/proxy_arp || true
237 # optional # post-up route add -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
238 # optional # pre-down route del -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
240 #-----------------------------------------------------------------------
242 ifdown tun1; ifdown tun1
244 #-----------------------------------------------------------------------
246 sudo /etc/init.d/tinc stop
248 sudo /usr/sbin/tincd --net powercraft01 --no-detach --debug=5
250 #-----------------------------------------------------------------------
252 sudo /etc/init.d/tinc start
254 #-----------------------------------------------------------------------
257 tinc version 1.0.13 (built Apr 13 2010 10:27:56, protocol 17)
259 #-----------------------------------------------------------------------
261 tincd -n powercraft01 -kUSR2
262 tail -n 100 /var/log/syslog
264 #-----------------------------------------------------------------------
266 May 24 19:43:59 roxy tinc.powercraft01[5104]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun:
267 May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes in: 830
268 May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes out: 914
269 May 24 19:43:59 roxy tinc.powercraft01[5104]: Nodes:
270 May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options c status 0018 nexthop client01 via client01 pmtu 1518 (min 0 max 1518)
271 May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 at 84.245.3.195 port 656 cipher 91 digest 64 maclength 4 compression 9 options c status 001a nexthop server01 via server01 pmtu 1416 (min 1416 max 1416)
272 May 24 19:43:59 roxy tinc.powercraft01[5104]: End of nodes.
273 May 24 19:43:59 roxy tinc.powercraft01[5104]: Edges:
274 May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 to server01 at 84.245.3.195 port 656 options c weight 413
275 May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 to client01 at 84.245.9.246 port 655 options c weight 413
276 May 24 19:43:59 roxy tinc.powercraft01[5104]: End of edges.
277 May 24 19:43:59 roxy tinc.powercraft01[5104]: Subnet list:
278 May 24 19:43:59 roxy tinc.powercraft01[5104]: 0:1b:21:61:af:d7#10 owner server01
279 May 24 19:43:59 roxy tinc.powercraft01[5104]: 56:fc:c2:fd:69:10#10 owner server01
280 May 24 19:43:59 roxy tinc.powercraft01[5104]: ea:3:e7:3d:46:20#10 owner client01
281 May 24 19:43:59 roxy tinc.powercraft01[5104]: End of subnet list.
283 #-----------------------------------------------------------------------
289 #-----------------------------------------------------------------------
292 tun1 Link encap:Ethernet HWaddr ea:03:e7:3d:46:20
293 inet addr:192.168.3.201 Bcast:192.168.3.255 Mask:255.255.255.0
294 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
295 RX packets:27 errors:0 dropped:0 overruns:0 frame:0
296 TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
297 collisions:0 txqueuelen:500
298 RX bytes:9342 (9.1 KiB) TX bytes:9088 (8.8 KiB)
301 Kernel IP routing table
302 Destination Gateway Genmask Flags Metric Ref Use Iface
303 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
304 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tun1
305 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0
307 #-----------------------------------------------------------------------
309 ping -c 2 192.168.3.1
310 ping -c 2 -M dont -s 1500 192.168.3.1
312 #-----------------------------------------------------------------------
317 #-----------------------------------------------------------------------
319 # Accept new connections for fordwarding designated from our virtual private netwerk to the local network
320 /sbin/iptables --append FORWARD --in-interface ${VPN01} --out-interface ${LAN01} --jump ACCEPT
321 /sbin/iptables --append FORWARD --in-interface ${LAN01} --out-interface ${VPN01} --jump ACCEPT
323 # Use masquerade so the outside world sees only one ip source for all outgoing trafic
324 /sbin/iptables --table nat --append POSTROUTING --out-interface ${VPN01} --jump MASQUERADE
326 #-----------------------------------------------------------------------
projects / wiki / blob