-> [[!meta title="simple-bridging-with-dhcp-client-side"]]
->
-> # Company: PowerCraft Technology
-> # Author: Copyright Jelle de Jong <jelledejong@powercraft.nl>
-> # Note: Please send me an email if you enhanced the document
-> # Date: 2010-05-24 / 2010-07-04
-> # License: CC-BY-SA
->
-> # This document is free documentation; you can redistribute it and/or
-> # modify it under the terms of the Creative Commons Attribution Share
-> # Alike as published by the Creative Commons Foundation; either version
-> # 3.0 of the License, or (at your option) any later version.
-> #
-> # This document is distributed in the hope that it will be useful,
-> # but WITHOUT ANY WARRANTY; without even the implied warranty of
-> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-> # Creative Commons BY-SA License for more details.
-> #
-> # http://creativecommons.org/licenses/by-sa/
->
-> #-----------------------------------------------------------------------
->
-> # for commercial support contact me, part of the revenue go back to tinc
->
-> #-----------------------------------------------------------------------
->
-> # http://www.tinc-vpn.org/
-> # http://www.tinc-vpn.org/documentation/tinc_toc
->
-> #-----------------------------------------------------------------------
->
-> # this is the configuration of the roxy system
->
-> #-----------------------------------------------------------------------
->
-> unset LANG LANGUAGE LC_ALL
-> apt-get update; apt-get dist-upgrade
->
-> apt-cache show tinc
-> apt-get install tinc/testing
->
-> #-----------------------------------------------------------------------
->
-> /etc/init.d/tinc stop
->
-> #-----------------------------------------------------------------------
->
-> # ls -hal /dev/net/tun
-> crw------- 1 root root 10, 200 May 24 15:53 /dev/net/tun
->
-> # grep tinc /etc/services
-> tinc 655/tcp # tinc control port
-> tinc 655/udp
->
-> # getent services tinc/udp
-> tinc 655/udp
-> # getent services tinc/tcp
-> tinc 655/tcp
->
-> cat /usr/share/doc/tinc/README.Debian
-> zcat /usr/share/doc/tinc/README.gz | less
-> zcat /usr/share/doc/tinc/NEWS.gz | less
-> cat /usr/share/doc/tinc/examples/tinc-up
-> w3m /usr/share/doc/tinc/tinc_0.html
->
-> #-----------------------------------------------------------------------
->
-> vim /etc/default/tinc
-> EXTRA="-d"
-> cat /etc/default/tinc
->
-> # less /etc/init.d/tinc
->
-> #-----------------------------------------------------------------------
->
-> ifconfig -a
-> route -n
->
-> #-----------------------------------------------------------------------
->
-> # ifconfig -a
-> eth0 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6c
-> inet addr:84.245.9.246 Bcast:84.245.9.255 Mask:255.255.255.0
-> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
-> RX packets:4863 errors:0 dropped:0 overruns:0 frame:0
-> TX packets:2958 errors:0 dropped:0 overruns:0 carrier:0
-> collisions:0 txqueuelen:1000
-> RX bytes:4302418 (4.1 MiB) TX bytes:303100 (295.9 KiB)
-> Interrupt:10 Base address:0x1000
->
-> eth1 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6d
-> UP BROADCAST MULTICAST MTU:1500 Metric:1
-> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
-> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
-> collisions:0 txqueuelen:1000
-> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
-> Interrupt:11 Base address:0x1400
->
-> eth2 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6e
-> UP BROADCAST MULTICAST MTU:1500 Metric:1
-> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
-> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
-> collisions:0 txqueuelen:1000
-> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
-> Interrupt:15 Base address:0x1800
->
-> lo Link encap:Local Loopback
-> inet addr:127.0.0.1 Mask:255.0.0.0
-> UP LOOPBACK RUNNING MTU:16436 Metric:1
-> RX packets:1200 errors:0 dropped:0 overruns:0 frame:0
-> TX packets:1200 errors:0 dropped:0 overruns:0 carrier:0
-> collisions:0 txqueuelen:0
-> RX bytes:96572 (94.3 KiB) TX bytes:96572 (94.3 KiB)
->
-> # route -n
-> Kernel IP routing table
-> Destination Gateway Genmask Flags Metric Ref Use Iface
-> 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
-> 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0
->
-> #-----------------------------------------------------------------------
->
-> # client01 configuration
->
-> cat /etc/tinc/nets.boot
-> echo 'powercraft01' | sudo tee --append /etc/tinc/nets.boot
-> cat /etc/tinc/nets.boot
->
-> #-----------------------------------------------------------------------
->
-> sudo mkdir --verbose /etc/tinc/powercraft01/
-> sudo mkdir --verbose /etc/tinc/powercraft01/hosts/
-> sudo touch /etc/tinc/powercraft01/tinc.conf
->
-> #-----------------------------------------------------------------------
->
-> # on server
-> cat /etc/tinc/powercraft01/hosts/server01
->
-> # on client, copy cert data of server to client
-> sudo vim /etc/tinc/powercraft01/hosts/server01
->
-> # on client, add on head of file
-> Address = powercraft.nl 656
-> Address = 84.245.3.195 656
-> Address = tinc-vpn.powercraft.nl 656
-> Address = powercraft.nl 655
-> Address = 84.245.3.195 655
-> Address = tinc-vpn.powercraft.nl 655
->
-> #-----------------------------------------------------------------------
->
-> echo 'ConnectTo = server01
-> Device = /dev/net/tun
-> Interface = tun1
-> Mode = switch
-> Name = client01' | sudo tee /etc/tinc/powercraft01/tinc.conf
->
-> sudo cat /etc/tinc/powercraft01/tinc.conf
-> sudo chmod 644 /etc/tinc/powercraft01/tinc.conf
-> ls -hal /etc/tinc/powercraft01/tinc.conf
->
-> echo '#!/bin/sh
-> ifconfig $INTERFACE 0.0.0.0' | tee /etc/tinc/powercraft01/tinc-up
->
-> sudo cat /etc/tinc/powercraft01/tinc-up
-> sudo chmod 755 /etc/tinc/powercraft01/tinc-up
-> ls -hal /etc/tinc/powercraft01/tinc-up
->
-> echo '#!/bin/sh
-> # ifconfig tun1 hw ether 00:ff:5d:ea:b4:ec
-> ifup $INTERFACE &' | sudo tee /etc/tinc/powercraft01/hosts/server01-up
->
-> sudo cat /etc/tinc/powercraft01/hosts/server01-up
-> sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-up
-> ls -hal /etc/tinc/powercraft01/hosts/server01-up
->
-> echo '#!/bin/sh
-> ifconfig $INTERFACE down' | sudo tee /etc/tinc/powercraft01/tinc-down
->
-> sudo cat /etc/tinc/powercraft01/tinc-down
-> sudo chmod 755 /etc/tinc/powercraft01/tinc-down
-> ls -hal /etc/tinc/powercraft01/tinc-down
->
-> echo '#!/bin/sh
-> ifdown $INTERFACE' | sudo tee /etc/tinc/powercraft01/hosts/server01-down
->
-> sudo cat /etc/tinc/powercraft01/hosts/server01-down
-> sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-down
-> ls -hal /etc/tinc/powercraft01/hosts/server01-down
->
-> #-----------------------------------------------------------------------
->
-> sudo rm /etc/tinc/powercraft01/rsa_key.priv
-> sudo rm /etc/tinc/powercraft01/hosts/client10
-> sudo tincd -n powercraft01 -K
->
-> #-----------------------------------------------------------------------
->
-> # on client add on head of file
-> sudo vim /etc/tinc/powercraft01/hosts/client01
-> Compression = 9
-> PMTU = 1492
-> PMTUDiscovery = yes
-> Port = 656
-> # Cipher = aes-128-cbc
->
-> # on client
-> sudo cat /etc/tinc/powercraft01/hosts/client01
->
-> # on server, copy cert data of client to server
-> vim /etc/tinc/powercraft01/hosts/client01
->
-> #-----------------------------------------------------------------------
->
-> # watch out when using multiple dhcp clients there can be conflicts
->
-> echo 'interface "tun1" {
-> request subnet-mask, broadcast-address, time-offset,
-> host-name, netbios-scope, interface-mtu, ntp-servers;
-> }' | tee --append /etc/dhcp3/dhclient.conf
->
-> cat /etc/dhcp3/dhclient.conf
->
-> #-----------------------------------------------------------------------
->
-> vim /etc/network/interfaces
->
-> iface tun1 inet dhcp
-> pre-up ifconfig tun1 down || true
-> pre-up ifconfig tun1 hw ether 9a:f6:50:3b:c0:48 || true
-> post-up route del default dev tun1 || true
-> # pre-down /etc/init.d/munin-node stop || true
-> # post-up /etc/init.d/munin-node restart || true
-> # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/tun1/proxy_arp || true
-> # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/vlan4/proxy_arp || true
-> # optional # post-up route add -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
-> # optional # pre-down route del -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
->
-> #-----------------------------------------------------------------------
->
-> ifdown tun1; ifdown tun1
->
-> #-----------------------------------------------------------------------
->
-> sudo /etc/init.d/tinc stop
-> fg
-> sudo /usr/sbin/tincd --net powercraft01 --no-detach --debug=5
->
-> #-----------------------------------------------------------------------
->
-> sudo /etc/init.d/tinc start
->
-> #-----------------------------------------------------------------------
->
-> # tincd --version
-> tinc version 1.0.13 (built Apr 13 2010 10:27:56, protocol 17)
->
-> #-----------------------------------------------------------------------
->
-> tincd -n powercraft01 -kUSR2
-> tail -n 100 /var/log/syslog
->
-> #-----------------------------------------------------------------------
->
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun:
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes in: 830
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes out: 914
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: Nodes:
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options c status 0018 nexthop client01 via client01 pmtu 1518 (min 0 max 1518)
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 at 84.245.3.195 port 656 cipher 91 digest 64 maclength 4 compression 9 options c status 001a nexthop server01 via server01 pmtu 1416 (min 1416 max 1416)
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of nodes.
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: Edges:
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 to server01 at 84.245.3.195 port 656 options c weight 413
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 to client01 at 84.245.9.246 port 655 options c weight 413
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of edges.
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: Subnet list:
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: 0:1b:21:61:af:d7#10 owner server01
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: 56:fc:c2:fd:69:10#10 owner server01
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: ea:3:e7:3d:46:20#10 owner client01
-> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of subnet list.
->
-> #-----------------------------------------------------------------------
->
-> # ifconfig -a
-> ifconfig tun1
-> route -n
->
-> #-----------------------------------------------------------------------
->
-> # ifconfig tun1
-> tun1 Link encap:Ethernet HWaddr ea:03:e7:3d:46:20
-> inet addr:192.168.3.201 Bcast:192.168.3.255 Mask:255.255.255.0
-> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
-> RX packets:27 errors:0 dropped:0 overruns:0 frame:0
-> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
-> collisions:0 txqueuelen:500
-> RX bytes:9342 (9.1 KiB) TX bytes:9088 (8.8 KiB)
->
-> # route -n
-> Kernel IP routing table
-> Destination Gateway Genmask Flags Metric Ref Use Iface
-> 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
-> 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tun1
-> 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0
->
-> #-----------------------------------------------------------------------
->
-> ping -c 2 192.168.3.1
-> ping -c 2 -M dont -s 1500 192.168.3.1
->
-> #-----------------------------------------------------------------------
->
-> lsof -i :655
-> lsof -i :656
->
-> #-----------------------------------------------------------------------
->
-> # Accept new connections for fordwarding designated from our virtual private netwerk to the local network
-> /sbin/iptables --append FORWARD --in-interface ${VPN01} --out-interface ${LAN01} --jump ACCEPT
-> /sbin/iptables --append FORWARD --in-interface ${LAN01} --out-interface ${VPN01} --jump ACCEPT
->
-> # Use masquerade so the outside world sees only one ip source for all outgoing trafic
-> /sbin/iptables --table nat --append POSTROUTING --out-interface ${VPN01} --jump MASQUERADE
->
-> #-----------------------------------------------------------------------
+ [[!meta title="simple-bridging-with-dhcp-client-side"]]
+
+ # Company: PowerCraft Technology
+ # Author: Copyright Jelle de Jong <jelledejong@powercraft.nl>
+ # Note: Please send me an email if you enhanced the document
+ # Date: 2010-05-24 / 2010-07-04
+ # License: CC-BY-SA
+
+ # This document is free documentation; you can redistribute it and/or
+ # modify it under the terms of the Creative Commons Attribution Share
+ # Alike as published by the Creative Commons Foundation; either version
+ # 3.0 of the License, or (at your option) any later version.
+ #
+ # This document is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ # Creative Commons BY-SA License for more details.
+ #
+ # https://creativecommons.org/licenses/by-sa/
+
+ #-----------------------------------------------------------------------
+
+ # for commercial support contact me, part of the revenue go back to tinc
+
+ #-----------------------------------------------------------------------
+
+ # https://www.tinc-vpn.org/
+ # https://www.tinc-vpn.org/documentation/tinc_toc
+
+ #-----------------------------------------------------------------------
+
+ # this is the configuration of the roxy system
+
+ #-----------------------------------------------------------------------
+
+ unset LANG LANGUAGE LC_ALL
+ apt-get update; apt-get dist-upgrade
+
+ apt-cache show tinc
+ apt-get install tinc/testing
+
+ #-----------------------------------------------------------------------
+
+ /etc/init.d/tinc stop
+
+ #-----------------------------------------------------------------------
+
+ # ls -hal /dev/net/tun
+ crw------- 1 root root 10, 200 May 24 15:53 /dev/net/tun
+
+ # grep tinc /etc/services
+ tinc 655/tcp # tinc control port
+ tinc 655/udp
+
+ # getent services tinc/udp
+ tinc 655/udp
+ # getent services tinc/tcp
+ tinc 655/tcp
+
+ cat /usr/share/doc/tinc/README.Debian
+ zcat /usr/share/doc/tinc/README.gz | less
+ zcat /usr/share/doc/tinc/NEWS.gz | less
+ cat /usr/share/doc/tinc/examples/tinc-up
+ w3m /usr/share/doc/tinc/tinc_0.html
+
+ #-----------------------------------------------------------------------
+
+ vim /etc/default/tinc
+ EXTRA="-d"
+ cat /etc/default/tinc
+
+ # less /etc/init.d/tinc
+
+ #-----------------------------------------------------------------------
+
+ ifconfig -a
+ route -n
+
+ #-----------------------------------------------------------------------
+
+ # ifconfig -a
+ eth0 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6c
+ inet addr:84.245.9.246 Bcast:84.245.9.255 Mask:255.255.255.0
+ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+ RX packets:4863 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:2958 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:1000
+ RX bytes:4302418 (4.1 MiB) TX bytes:303100 (295.9 KiB)
+ Interrupt:10 Base address:0x1000
+
+ eth1 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6d
+ UP BROADCAST MULTICAST MTU:1500 Metric:1
+ RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:1000
+ RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
+ Interrupt:11 Base address:0x1400
+
+ eth2 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6e
+ UP BROADCAST MULTICAST MTU:1500 Metric:1
+ RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:1000
+ RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
+ Interrupt:15 Base address:0x1800
+
+ lo Link encap:Local Loopback
+ inet addr:127.0.0.1 Mask:255.0.0.0
+ UP LOOPBACK RUNNING MTU:16436 Metric:1
+ RX packets:1200 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:1200 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:0
+ RX bytes:96572 (94.3 KiB) TX bytes:96572 (94.3 KiB)
+
+ # route -n
+ Kernel IP routing table
+ Destination Gateway Genmask Flags Metric Ref Use Iface
+ 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
+ 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0
+
+ #-----------------------------------------------------------------------
+
+ # client01 configuration
+
+ cat /etc/tinc/nets.boot
+ echo 'powercraft01' | sudo tee --append /etc/tinc/nets.boot
+ cat /etc/tinc/nets.boot
+
+ #-----------------------------------------------------------------------
+
+ sudo mkdir --verbose /etc/tinc/powercraft01/
+ sudo mkdir --verbose /etc/tinc/powercraft01/hosts/
+ sudo touch /etc/tinc/powercraft01/tinc.conf
+
+ #-----------------------------------------------------------------------
+
+ # on server
+ cat /etc/tinc/powercraft01/hosts/server01
+
+ # on client, copy cert data of server to client
+ sudo vim /etc/tinc/powercraft01/hosts/server01
+
+ # on client, add on head of file
+ Address = powercraft.nl 656
+ Address = 84.245.3.195 656
+ Address = tinc-vpn.powercraft.nl 656
+ Address = powercraft.nl 655
+ Address = 84.245.3.195 655
+ Address = tinc-vpn.powercraft.nl 655
+
+ #-----------------------------------------------------------------------
+
+ echo 'ConnectTo = server01
+ Device = /dev/net/tun
+ Interface = tun1
+ Mode = switch
+ Name = client01' | sudo tee /etc/tinc/powercraft01/tinc.conf
+
+ sudo cat /etc/tinc/powercraft01/tinc.conf
+ sudo chmod 644 /etc/tinc/powercraft01/tinc.conf
+ ls -hal /etc/tinc/powercraft01/tinc.conf
+
+ echo '#!/bin/sh
+ ifconfig $INTERFACE 0.0.0.0' | tee /etc/tinc/powercraft01/tinc-up
+
+ sudo cat /etc/tinc/powercraft01/tinc-up
+ sudo chmod 755 /etc/tinc/powercraft01/tinc-up
+ ls -hal /etc/tinc/powercraft01/tinc-up
+
+ echo '#!/bin/sh
+ # ifconfig tun1 hw ether 00:ff:5d:ea:b4:ec
+ ifup $INTERFACE &' | sudo tee /etc/tinc/powercraft01/hosts/server01-up
+
+ sudo cat /etc/tinc/powercraft01/hosts/server01-up
+ sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-up
+ ls -hal /etc/tinc/powercraft01/hosts/server01-up
+
+ echo '#!/bin/sh
+ ifconfig $INTERFACE down' | sudo tee /etc/tinc/powercraft01/tinc-down
+
+ sudo cat /etc/tinc/powercraft01/tinc-down
+ sudo chmod 755 /etc/tinc/powercraft01/tinc-down
+ ls -hal /etc/tinc/powercraft01/tinc-down
+
+ echo '#!/bin/sh
+ ifdown $INTERFACE' | sudo tee /etc/tinc/powercraft01/hosts/server01-down
+
+ sudo cat /etc/tinc/powercraft01/hosts/server01-down
+ sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-down
+ ls -hal /etc/tinc/powercraft01/hosts/server01-down
+
+ #-----------------------------------------------------------------------
+
+ sudo rm /etc/tinc/powercraft01/rsa_key.priv
+ sudo rm /etc/tinc/powercraft01/hosts/client10
+ sudo tincd -n powercraft01 -K
+
+ #-----------------------------------------------------------------------
+
+ # on client add on head of file
+ sudo vim /etc/tinc/powercraft01/hosts/client01
+ Compression = 9
+ PMTU = 1492
+ PMTUDiscovery = yes
+ Port = 656
+ # Cipher = aes-128-cbc
+
+ # on client
+ sudo cat /etc/tinc/powercraft01/hosts/client01
+
+ # on server, copy cert data of client to server
+ vim /etc/tinc/powercraft01/hosts/client01
+
+ #-----------------------------------------------------------------------
+
+ # watch out when using multiple dhcp clients there can be conflicts
+
+ echo 'interface "tun1" {
+ request subnet-mask, broadcast-address, time-offset,
+ host-name, netbios-scope, interface-mtu, ntp-servers;
+ }' | tee --append /etc/dhcp3/dhclient.conf
+
+ cat /etc/dhcp3/dhclient.conf
+
+ #-----------------------------------------------------------------------
+
+ vim /etc/network/interfaces
+
+ iface tun1 inet dhcp
+ pre-up ifconfig tun1 down || true
+ pre-up ifconfig tun1 hw ether 9a:f6:50:3b:c0:48 || true
+ post-up route del default dev tun1 || true
+ # pre-down /etc/init.d/munin-node stop || true
+ # post-up /etc/init.d/munin-node restart || true
+ # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/tun1/proxy_arp || true
+ # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/vlan4/proxy_arp || true
+ # optional # post-up route add -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
+ # optional # pre-down route del -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
+
+ #-----------------------------------------------------------------------
+
+ ifdown tun1; ifdown tun1
+
+ #-----------------------------------------------------------------------
+
+ sudo /etc/init.d/tinc stop
+ fg
+ sudo /usr/sbin/tincd --net powercraft01 --no-detach --debug=5
+
+ #-----------------------------------------------------------------------
+
+ sudo /etc/init.d/tinc start
+
+ #-----------------------------------------------------------------------
+
+ # tincd --version
+ tinc version 1.0.13 (built Apr 13 2010 10:27:56, protocol 17)
+
+ #-----------------------------------------------------------------------
+
+ tincd -n powercraft01 -kUSR2
+ tail -n 100 /var/log/syslog
+
+ #-----------------------------------------------------------------------
+
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun:
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes in: 830
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes out: 914
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: Nodes:
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options c status 0018 nexthop client01 via client01 pmtu 1518 (min 0 max 1518)
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 at 84.245.3.195 port 656 cipher 91 digest 64 maclength 4 compression 9 options c status 001a nexthop server01 via server01 pmtu 1416 (min 1416 max 1416)
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: End of nodes.
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: Edges:
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 to server01 at 84.245.3.195 port 656 options c weight 413
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 to client01 at 84.245.9.246 port 655 options c weight 413
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: End of edges.
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: Subnet list:
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: 0:1b:21:61:af:d7#10 owner server01
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: 56:fc:c2:fd:69:10#10 owner server01
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: ea:3:e7:3d:46:20#10 owner client01
+ May 24 19:43:59 roxy tinc.powercraft01[5104]: End of subnet list.
+
+ #-----------------------------------------------------------------------
+
+ # ifconfig -a
+ ifconfig tun1
+ route -n
+
+ #-----------------------------------------------------------------------
+
+ # ifconfig tun1
+ tun1 Link encap:Ethernet HWaddr ea:03:e7:3d:46:20
+ inet addr:192.168.3.201 Bcast:192.168.3.255 Mask:255.255.255.0
+ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+ RX packets:27 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:500
+ RX bytes:9342 (9.1 KiB) TX bytes:9088 (8.8 KiB)
+
+ # route -n
+ Kernel IP routing table
+ Destination Gateway Genmask Flags Metric Ref Use Iface
+ 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
+ 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tun1
+ 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0
+
+ #-----------------------------------------------------------------------
+
+ ping -c 2 192.168.3.1
+ ping -c 2 -M dont -s 1500 192.168.3.1
+
+ #-----------------------------------------------------------------------
+
+ lsof -i :655
+ lsof -i :656
+
+ #-----------------------------------------------------------------------
+
+ # Accept new connections for fordwarding designated from our virtual private netwerk to the local network
+ /sbin/iptables --append FORWARD --in-interface ${VPN01} --out-interface ${LAN01} --jump ACCEPT
+ /sbin/iptables --append FORWARD --in-interface ${LAN01} --out-interface ${VPN01} --jump ACCEPT
+
+ # Use masquerade so the outside world sees only one ip source for all outgoing trafic
+ /sbin/iptables --table nat --append POSTROUTING --out-interface ${VPN01} --jump MASQUERADE
+
+ #-----------------------------------------------------------------------
projects / wiki / blobdiff