How to create multiple VPN tunnels between two hosts using tinc VPN

Last updated on July 1, 2020 by Dan Nanni

There are cases where you want to create more than one VPN tunnels between a pair of hosts. Why? With multiple tunnels, you could use each tunnel for a different purpose, achieving full isolation among traffic belonging to different tunnels. Depending on which tunnel traffic goes through, you could even apply different QoS or security policies to the underlying traffic.

Tinc VPN allows you to create multiple VPN tunnels between a pair of hosts. Here is how you can do it.

In this example, I am going to create two VPN tunnels between hosts alice and bob. I assume that alice serves as a tinc VPN bootstrapping point, while bob initiates a connection to alice. Two VPNs created between alice and bob are named vpn1 and vpn2.

In tinc, one tinc daemon can only manage one VPN, meaning that if you want to create multiple tunnels between two hosts, you need to run as many tinc daemons on each host.

Follow the tinc configuration instruction, provision two separate tinc VPNs named vpn1 and vpn2. If you follow the tinc configuration instruction, two sets of tinc configuration files will be stored in /etc/tinc/vpn1 and /etc/tinc/vpn2. Make sure to use two distinct tinc interface names (e.g., tun0, tun1) as well as two different subnets for these two VPNs.

One more step is needed since tinc daemon, by default, listens on port 655 for incoming connections, and thus you cannot run more than one tinc daemons with the default port setting. For two VPNs vpn1 and vpn2, you can use the default port for one VPN (e.g., vpn1), but need to use another port for the other VPN (e.g., vpn2).

In order to configure a port number to use for vpn2, do the following.

On both hosts alice and bob, append the following in /etc/tinc/vpn2/hosts/alice and /etc/tinc/vpn2/hosts/bob. The port number can be anything other than tinc's default port number 655.

Port = 700

Once tinc configurations are done, start two tinc daemons on each host as follows.

$ sudo tincd --net=vpn1
$ sudo tincd --net=vpn2

Support Xmodulo

This website is made possible by minimal ads and your gracious donation via PayPal or credit card

Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.