Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:tinc:client [2023/10/28 20:15] – created vgaeteradocs:guide-user:services:vpn:tinc:client [2023/11/03 05:07] – [4. VPN service] vgaetera
Line 23: Line 23:
 VPN_SERV="SERVER_ADDRESS" VPN_SERV="SERVER_ADDRESS"
 VPN_PORT="655" VPN_PORT="655"
-VPN_ADDR="192.168.8.2/24" +VPN_ADDR="192.168.9.2/24" 
-VPN_ADDR6="fd00:8::2/64"+VPN_ADDR6="fd00:9::2/64"
 </code> </code>
  
 ==== 2. Key management ==== ==== 2. Key management ====
-Generate and exchange [[docs:guide-user:services:vpn:tinc:start#key_management|keys]] between server and client.+Generate and [[docs:guide-user:services:vpn:tinc:start#key_management|exchange keys]] between server and client.
  
 <code bash> <code bash>
 # Generate keys # Generate keys
 +mkdir -p /etc/tinc/${VPN_IF}
 tinc -n ${VPN_IF} generate-rsa-keys < /dev/null tinc -n ${VPN_IF} generate-rsa-keys < /dev/null
 tinc -n ${VPN_IF} generate-ed25519-keys < /dev/null tinc -n ${VPN_IF} generate-ed25519-keys < /dev/null
-mkdir -/etc/tinc/${VPN_IF}/hosts +VPN_SPUB="$(sed -e "s/^.*\s//" server.pub)" 
-ln -/etc/tinc/${VPN_IF}/ed25519_key.pub +VPN_CPUB="$(sed -e "s/^.*\s//" /etc/tinc/${VPN_IF}/ed25519_key.pub)"
-/etc/tinc/${VPN_IF}/hosts/client+
 </code> </code>
  
Line 52: Line 52:
 uci set tinc.${VPN_IF}.Interface="${VPN_IF}" uci set tinc.${VPN_IF}.Interface="${VPN_IF}"
 uci set tinc.${VPN_IF}.Name="client" uci set tinc.${VPN_IF}.Name="client"
 +uci set tinc.${VPN_IF}.ConnectTo="server"
 uci -q delete tinc.server uci -q delete tinc.server
 uci set tinc.server="tinc-host" uci set tinc.server="tinc-host"
Line 57: Line 58:
 uci set tinc.server.net="${VPN_IF}" uci set tinc.server.net="${VPN_IF}"
 uci set tinc.server.Name="server" uci set tinc.server.Name="server"
 +uci set tinc.server.PublicKey="1"
 +uci set tinc.server.Ed25519PublicKey="${VPN_SPUB}"
 uci set tinc.server.Address="${VPN_SERV}" uci set tinc.server.Address="${VPN_SERV}"
 uci set tinc.server.Port="${VPN_PORT}" uci set tinc.server.Port="${VPN_PORT}"
Line 66: Line 69:
 uci set tinc.client.net="${VPN_IF}" uci set tinc.client.net="${VPN_IF}"
 uci set tinc.client.Name="client" uci set tinc.client.Name="client"
 +uci set tinc.client.PublicKey="1"
 +uci set tinc.client.Ed25519PublicKey="${VPN_CPUB}"
 uci add_list tinc.client.Subnet="${VPN_ADDR%.*}.2/32" uci add_list tinc.client.Subnet="${VPN_ADDR%.*}.2/32"
 uci add_list tinc.client.Subnet="${VPN_ADDR6%:*}:2/128" uci add_list tinc.client.Subnet="${VPN_ADDR6%:*}:2/128"
Line 83: Line 88:
 uci set network.${VPN_IF}.ip6addr="${VPN_ADDR6}" uci set network.${VPN_IF}.ip6addr="${VPN_ADDR6}"
 uci set network.${VPN_IF}.device="${VPN_IF}" uci set network.${VPN_IF}.device="${VPN_IF}"
-uci -q delete network.${VPN_IF}_ep 
-uci set network.${VPN_IF}_ep="rule" 
-uci set network.${VPN_IF}_ep.dest="${VPN_SERV}/32" 
-uci set network.${VPN_IF}_ep.lookup="main" 
-uci set network.${VPN_IF}_ep.priority="25000" 
 for IPV in 4 6 for IPV in 4 6
 do case ${IPV} in do case ${IPV} in
-(4) VPN_INET="0.0.0.0/0" ;; +(4) VPN_DST="0.0.0.0/0" ;; 
-(6) VPN_INET="::/0" ;;+(6) VPN_DST="::/0" ;;
 esac esac
 +uci set network.lan.ip${IPV}table="1"
 +uci set network.${VPN_IF}.ip${IPV}table="2"
 uci -q delete network.${VPN_IF}_rt${IPV%4} uci -q delete network.${VPN_IF}_rt${IPV%4}
 uci set network.${VPN_IF}_rt${IPV%4}="route${IPV%4}" uci set network.${VPN_IF}_rt${IPV%4}="route${IPV%4}"
 uci set network.${VPN_IF}_rt${IPV%4}.interface="${VPN_IF}" uci set network.${VPN_IF}_rt${IPV%4}.interface="${VPN_IF}"
-uci set network.${VPN_IF}_rt${IPV%4}.target="${VPN_INET}" +uci set network.${VPN_IF}_rt${IPV%4}.target="${VPN_DST}" 
-uci set network.lan.ip${IPV}table="1" +uci -q delete network.lan_${VPN_IF}${IPV%4
-uci set network.${VPN_IF}.ip${IPV}table="2" +uci set network.lan_${VPN_IF}${IPV%4}="rule${IPV%4}" 
-uci -q delete network.default${IPV%4} +uci set network.lan_${VPN_IF}${IPV%4}.in="lan
-uci set network.default${IPV%4}="rule${IPV%4}" +uci set network.lan_${VPN_IF}${IPV%4}.lookup="2" 
-uci set network.default${IPV%4}.lookup="2" +uci set network.lan_${VPN_IF}${IPV%4}.priority="30000"
-uci set network.default${IPV%4}.priority="30000"+
 done done
 uci commit network uci commit network
 service network restart service network restart
 </code> </code>
- 
-Configure [[docs:guide-user:services:vpn:tinc:extras#dynamic_connection|dynamic connection]] if necessary. 
  
 ===== Testing ===== ===== Testing =====
  • Last modified: 2023/11/17 09:13
  • by vgaetera