Install Tinc & create mesh VPN

Connect to the server with Putty or another ssh-client

ssh user@server

* Load the latest updates and install tinc

apt-get updates; apt-get upgrade
apt-get install tinc

* Navigate to the tinc folder and edit the config file nets.boot by pasting the parameter “mws” (without the “”) inside.

cd /etc/tinc/
vi nets.boot

Create a new folder named mws inside the tinc folder

mkdir mws

* Change into the mws folder

cd mws

* Create a new configuration file inside the mws directory and edit it

touch tinc.conf
vi tinc.conf

Paste following configuration inside

Name = dfk
#BindToAddress = * 656
#Mode = switch
ConnectTo = dfk
GraphDumpFile = /var/log/mws.tinc.graph
ProcessPriority = high
MaxTimeout = 5

Generate a private & public key pair

openssl genpkey -algorithm RSA -out rsa_key.priv -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in rsa_key.priv -out rsa_key.pub

Ensure that only you can edit the private key by setting the rights on it

chmod 600 rsa_key.priv

Create a “hosts” folder inside the mws directory

mkdir hosts

change into the hosts folder

cd hosts

* create a file inside the directory

touch dfk

Edit the dfk file

vi dfk

* Paste folowing configuration inside

Address = backup.dfkg.org 656
Subnet = 10.0.17.101
Compression = 10

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SDtzb2vtWXhliyWCCLG
fZZbdmJkwhxMBI3Eure7pbiID5XBd45vioBuZPr3nQHHapnfUxToPr9IhbW2TSzB
1uMqOldFoacGSXwKBg1GmJh+eymZfcnrvglPQBaI6TDflFeyyQAEokLQQTJUbwPO
2lVWgthMvbw4ucJXww9wLDJqoqd4SclfzMGzSUM+rbacIEa7YuDnzKbr75GMqNpI
BUMkPSarmEM4yf9NicvVxosBu+qf04dsyBhKOfhS/IbpYBxtmTbujWg0D7NHpoAU
xHQ8gpXoeqG0DffxWjLttWfywA/mVqFbeq1ABYcJl57isKLihA76vjbnBq767YnH
DwIDAQAB
-----END PUBLIC KEY-----

Create a second configuration “city” file by creating a copy of dfk

cp dfk city

* Edit the city file

vi city

remove the Private key
Edit the Address line and add the IP of your node (your ip)
```
Address =
```
Edit the Subnet configuration line and add a new IP-Address
```
Subnet = 10.0.17.#
```

paste the public key

cd /etc/tinc/mws/
cat rsa_key.pub >> /etc/tinc/mws/hosts/washington

Create additional config files with the configuration of the other nodes

touch tokyo
vi tokyo

add the config inside

Address = 192.168.90.188
Subnet = 10.0.17.109
Compression = 10
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppTYgEHOLF8Hgt9jlZHx
u5yqNcvNmU2kBmqxBKHMWl63CG/W4SLa9hu13uH+SNKcPF3jslpH8BdYArt5l4cT
MJ1rI2rpDlLQoRBOOU3d+llyNiyEi+1WaHLgp4Q1RjhR1k5MkBzwjsYkV2J1czoW
GFHzvtpQ/ouhvTX/Pr18Q0lDZomkaz6qXMZbGtTDsaF98oq7ZCarx+28TVyX9W25
3uyYS4t+V+6so8xKboTiLbshR2ImfLSoFl8dRoouIjiDV0qiYEGfZaD7CK7Q7X7+
eYa8v6zAAh+pW5zwkMw7BBYIIA0LdRWumL5vORZNGpkjZPwCDDQnvfY5kkEXub0n
KQIDAQAB
-----END PUBLIC KEY-----

Create Up script

cd /etc/tinc/
touch tinc-up
vi tinc-up

add folling config inside (your subnet ip)

#!/bin/bash

ip link set $INTERFACE up
ip addr add 10.0.17.110/24 dev $INTERFACE

Create Down script

cd /etc/tinc/
touch tinc-down
vi tinc-down

add folling config inside (your subnet ip)

#!/bin/bash
ip addr del 10.0.17.110/24 dev $INTERFACE
ip link set $INTERFACE down

Make both scripts executable

chmod +x tinc-down
chmod + xtinc-up

start tinc service

systemctl start tinc.service

check the logs to check is everything running smooth

journalctl -u tinc.service

To connect automatic other peers add following line in the tinc.conf

#ConnectTo = tokyo

Show the tinc graph list

cat /var/log/mws.tinc.graph