Last updated on September 28, 2020 by Dan Nanni
tinc
is an open-source VPN software with a number of powerful features not found in other VPN solutions. For example, tinc
VPN allows peers behind NAT to communicate with one another via VPN directly, not through a third party server. This makes tinc
a type of peer-to-peer VPN solution. Other features include full IPv6 support and path MTU discovery.
In this tinc
example, I will show you how to set up a VPN connection between two hosts via tinc
. Let's call these hosts alice
and bob
respectively. Note that these are just symbolic names used by tinc
, not necessarily hostnames. In this example, I assume that host bob
will initiate a VPN connection to host alice
.
tinc
on LinuxFirst, install tinc
on both hosts.
For CentOS system, first set up RepoForge repository, and then do the following.
$ sudo yum install tinc -y
For Debian/Ubuntu system:
$ sudo apt-get install tinc
tinc
Now, let's go ahead and configure tinc
VPN on both hosts as follows.
On host alice
, do the following.
$ sudo mkdir -p /etc/tinc/myvpn/hosts
Then create a tinc
configuration file called tinc.conf
, and host configuration file(s) as follows.
$ sudo vi /etc/tinc/myvpn/tinc.conf
Name = alice AddressFamily = ipv4 Interface = tun0
In the above example, the directory myvpn
under /etc/tinc
is the name of the VPN network to be established between alice
and bob
. VPN name can be any alphanumeric name without containing -
. In tinc.conf
, the Name
field indicates the name of tinc
-running local host, which doesn't have to be actual hostname. You can choose any generic name.
Next, create host configuration files which contain host-specific information.
$ sudo vi /etc/tinc/myvpn/hosts/alice
Address = 1.2.3.4 Subnet = 10.0.0.1/32
The name of host configuration file (e.g., alice
) should be the same as the one you defined in tinc.conf
. The Address
field indicates a globally routable public IP address associated with alice
. This field is required for at least one host in a given VPN network so that other hosts can initiate VPN connections to it. In this example, alice
will serve as the bootstrapping server, and so has a public IP address (e.g., 1.2.3.4
). The Subnet
field indicates the VPN IP address to be assigned to alice
.
The next step is to generate public/private keys.
$ sudo tincd -n myvpn -K4096
The above command will generate 4096
bit public/private keys for host alice
. The private key will be stored as /etc/tinc/myvpn/rsa_key.priv
, and the public key will be appended to /etc/tinc/myvpn/hosts/alice
.
Next, configure the scripts that will be run right after tinc
daemon gets started, as well as right before tinc daemon is terminated.
$ sudo vi /etc/tinc/myvpn/tinc-up
#!/bin/sh ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0
$ sudo vi /etc/tinc/myvpn/tinc-down
#!/bin/sh ifconfig $INTERFACE down
$ sudo chmod 755 /etc/tinc/myvpn/tinc-*
Now tinc configuration for host alice
is done. Similar to alice
, configure tinc
on host bob
as follows.
$ sudo mkdir -p /etc/tinc/myvpn $ sudo vi /etc/tinc/myvpn/tinc.conf
Name = bob AddressFamily = ipv4 Interface = tun0 ConnectTo = alice
In the above, note that unlike host alice
, I place ConnectTo
field in bob
's tinc
configuration, since host bob
will initiate a VPN connection to host alice
when tinc
daemon on host bob
is up.
$ sudo vi /etc/tinc/myvpn/hosts/bob
Subnet = 10.0.0.2/32
$ sudo tincd -n myvpn -K4096
Similarly, the bob
's private key will be stored as /etc/tinc/myvpn/rsa_key.priv
, and its public key will be added to /etc/tinc/myvpn/hosts/bob
.
$ sudo vi /etc/tinc/myvpn/tinc-up
ifconfig $INTERFACE 10.0.0.2 netmask 255.255.255.0
$ sudo vi /etc/tinc/myvpn/tinc-down
ifconfig $INTERFACE down
$ sudo chmod 755 /etc/tinc/myvpn/tinc-*
Once you are done with configuring tinc
on all hosts as above, copy each host's public key file onto the other host:
On host alice
:
$ scp /etc/tinc/myvpn/hosts/alice root@bob:/etc/tinc/myvpn/hosts/
On host bob
:
$ scp /etc/tinc/myvpn/hosts/bob root@alice:/etc/tinc/myvpn/hosts/
Finally, start tinc
daemon on them as follows. Since host bob
initiates a VPN connection, you will need to start tinc
daemon on host alice
first, and then host bob
.
$ sudo tincd -n myvpn
Two hosts should now be able to talk to each other via VPN IP addresses assigned to them.
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.
Xmodulo © 2021 ‒ About ‒ Write for Us ‒ Feed ‒ Powered by DigitalOcean