How to create multiple VPN tunnels between two hosts using tinc VPN

There are cases where you want to create more than one VPN tunnels between a pair of hosts. Why? With multiple tunnels, you could use each tunnel for a different purpose, achieving full isolation among traffic belonging to different tunnels. Depending on which tunnel traffic goes through, you could even apply different QoS or security policies to the underlying traffic.

Tinc VPN allows you to create multiple VPN tunnels between a pair of hosts. Here is how you can do it.

In this example, I am going to create two VPN tunnels between hosts alice and bob. I assume that alice serves as a tinc VPN bootstrapping point, while bob initiates a connection to alice. Two VPNs created between alice and bob are named vpn1 and vpn2.

In tinc, one tinc daemon can only manage one VPN, meaning that if you want to create multiple tunnels between two hosts, you need to run as many tinc daemons on each host.

Follow the tinc configuration instruction, provision two separate tinc VPNs named vpn1 and vpn2. If you follow the tinc configuration instruction, two sets of tinc configuration files will be stored in /etc/tinc/vpn1 and /etc/tinc/vpn2. Make sure to use two distinct tinc interface names (e.g., tun0, tun1) as well as two different subnets for these two VPNs.

One more step is needed since tinc daemon, by default, listens on port 655 for incoming connections, and thus you cannot run more than one tinc daemons with the default port setting. For two VPNs vpn1 and vpn2, you can use the default port for one VPN (e.g., vpn1), but need to use another port for the other VPN (e.g., vpn2).

In order to configure a port number to use for vpn2, do the following.

On both hosts alice and bob, append the following in /etc/tinc/vpn2/hosts/alice and /etc/tinc/vpn2/hosts/bob. The port number can be anything other than tinc's default port number 655.

Port = 700

Once tinc configurations are done, start two tinc daemons on each host as follows.

$ sudo tincd --net=vpn1
$ sudo tincd --net=vpn2

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

Support Xmodulo

Did you find this tutorial helpful? Then please be generous and support Xmodulo!

The following two tabs change content below.
Dan Nanni is the founder and also a regular contributor of He is a Linux/FOSS enthusiast who loves to get his hands dirty with his Linux box. He likes to procrastinate when he is supposed to be busy and productive. When he is otherwise free, he likes to watch movies and shop for the coolest gadgets.

Leave a comment

Your email address will not be published. Required fields are marked *