Install Tinc & create mesh VPN
- Connect to the server with Putty or another ssh-client
ssh user@server
* Load the latest updates and install tinc
apt-get updates; apt-get upgrade apt-get install tinc
* Navigate to the tinc folder and edit the config file nets.boot by pasting the parameter “mws” (without the “”) inside.
cd /etc/tinc/ vi nets.boot
- Create a new folder named mws inside the tinc folder
mkdir mws
* Change into the mws folder
cd mws
* Create a new configuration file inside the mws directory and edit it
touch tinc.conf vi tinc.conf
- Paste following configuration inside
Name = dfk #BindToAddress = * 656 #Mode = switch ConnectTo = dfk GraphDumpFile = /var/log/mws.tinc.graph ProcessPriority = high MaxTimeout = 5
- Generate a private & public key pair
openssl genpkey -algorithm RSA -out rsa_key.priv -pkeyopt rsa_keygen_bits:2048 openssl rsa -pubout -in rsa_key.priv -out rsa_key.pub
- Ensure that only you can edit the private key by setting the rights on it
chmod 600 rsa_key.priv
- Create a “hosts” folder inside the mws directory
mkdir hosts
- change into the hosts folder
cd hosts
* create a file inside the directory
touch dfk
- Edit the dfk file
vi dfk
* Paste folowing configuration inside
Address = backup.dfkg.org 656 Subnet = 10.0.17.101 Compression = 10 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SDtzb2vtWXhliyWCCLG fZZbdmJkwhxMBI3Eure7pbiID5XBd45vioBuZPr3nQHHapnfUxToPr9IhbW2TSzB 1uMqOldFoacGSXwKBg1GmJh+eymZfcnrvglPQBaI6TDflFeyyQAEokLQQTJUbwPO 2lVWgthMvbw4ucJXww9wLDJqoqd4SclfzMGzSUM+rbacIEa7YuDnzKbr75GMqNpI BUMkPSarmEM4yf9NicvVxosBu+qf04dsyBhKOfhS/IbpYBxtmTbujWg0D7NHpoAU xHQ8gpXoeqG0DffxWjLttWfywA/mVqFbeq1ABYcJl57isKLihA76vjbnBq767YnH DwIDAQAB -----END PUBLIC KEY-----
- Create a second configuration “city” file by creating a copy of dfk
cp dfk city
* Edit the city file
vi city
- remove the Private key
- Edit the Address line and add the IP of your node (your ip)
Address =
- Edit the Subnet configuration line and add a new IP-Address
Subnet = 10.0.17.#
-
paste the public key
cd /etc/tinc/mws/ cat rsa_key.pub >> /etc/tinc/mws/hosts/washington
-
Create additional config files with the configuration of the other nodes
touch tokyo vi tokyo
-
add the config inside
Address = 192.168.90.188 Subnet = 10.0.17.109 Compression = 10 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppTYgEHOLF8Hgt9jlZHx u5yqNcvNmU2kBmqxBKHMWl63CG/W4SLa9hu13uH+SNKcPF3jslpH8BdYArt5l4cT MJ1rI2rpDlLQoRBOOU3d+llyNiyEi+1WaHLgp4Q1RjhR1k5MkBzwjsYkV2J1czoW GFHzvtpQ/ouhvTX/Pr18Q0lDZomkaz6qXMZbGtTDsaF98oq7ZCarx+28TVyX9W25 3uyYS4t+V+6so8xKboTiLbshR2ImfLSoFl8dRoouIjiDV0qiYEGfZaD7CK7Q7X7+ eYa8v6zAAh+pW5zwkMw7BBYIIA0LdRWumL5vORZNGpkjZPwCDDQnvfY5kkEXub0n KQIDAQAB -----END PUBLIC KEY-----
-
Create Up script
cd /etc/tinc/ touch tinc-up vi tinc-up
- add folling config inside (your subnet ip)
#!/bin/bash ip link set $INTERFACE up ip addr add 10.0.17.110/24 dev $INTERFACE
- Create Down script
cd /etc/tinc/ touch tinc-down vi tinc-down
- add folling config inside (your subnet ip)
#!/bin/bash ip addr del 10.0.17.110/24 dev $INTERFACE ip link set $INTERFACE down
- Make both scripts executable
chmod +x tinc-down chmod + xtinc-up
- start tinc service
systemctl start tinc.service
- check the logs to check is everything running smooth
journalctl -u tinc.service
- To connect automatic other peers add following line in the tinc.conf
#ConnectTo = tokyo
- Show the tinc graph list
cat /var/log/mws.tinc.graph