Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:tinc:client [2023/10/28 20:34] – [5. Network] vgaeteradocs:guide-user:services:vpn:tinc:client [2023/11/03 05:07] – [4. VPN service] vgaetera
Line 23: Line 23:
 VPN_SERV="SERVER_ADDRESS" VPN_SERV="SERVER_ADDRESS"
 VPN_PORT="655" VPN_PORT="655"
-VPN_ADDR="192.168.8.2/24" +VPN_ADDR="192.168.9.2/24" 
-VPN_ADDR6="fd00:8::2/64"+VPN_ADDR6="fd00:9::2/64"
 </code> </code>
  
 ==== 2. Key management ==== ==== 2. Key management ====
-Generate and exchange [[docs:guide-user:services:vpn:tinc:start#key_management|keys]] between server and client.+Generate and [[docs:guide-user:services:vpn:tinc:start#key_management|exchange keys]] between server and client.
  
 <code bash> <code bash>
 # Generate keys # Generate keys
 +mkdir -p /etc/tinc/${VPN_IF}
 tinc -n ${VPN_IF} generate-rsa-keys < /dev/null tinc -n ${VPN_IF} generate-rsa-keys < /dev/null
 tinc -n ${VPN_IF} generate-ed25519-keys < /dev/null tinc -n ${VPN_IF} generate-ed25519-keys < /dev/null
-mkdir -/etc/tinc/${VPN_IF}/hosts +VPN_SPUB="$(sed -e "s/^.*\s//" server.pub)" 
-ln -/etc/tinc/${VPN_IF}/ed25519_key.pub +VPN_CPUB="$(sed -e "s/^.*\s//" /etc/tinc/${VPN_IF}/ed25519_key.pub)"
-/etc/tinc/${VPN_IF}/hosts/client+
 </code> </code>
  
Line 52: Line 52:
 uci set tinc.${VPN_IF}.Interface="${VPN_IF}" uci set tinc.${VPN_IF}.Interface="${VPN_IF}"
 uci set tinc.${VPN_IF}.Name="client" uci set tinc.${VPN_IF}.Name="client"
 +uci set tinc.${VPN_IF}.ConnectTo="server"
 uci -q delete tinc.server uci -q delete tinc.server
 uci set tinc.server="tinc-host" uci set tinc.server="tinc-host"
Line 57: Line 58:
 uci set tinc.server.net="${VPN_IF}" uci set tinc.server.net="${VPN_IF}"
 uci set tinc.server.Name="server" uci set tinc.server.Name="server"
 +uci set tinc.server.PublicKey="1"
 +uci set tinc.server.Ed25519PublicKey="${VPN_SPUB}"
 uci set tinc.server.Address="${VPN_SERV}" uci set tinc.server.Address="${VPN_SERV}"
 uci set tinc.server.Port="${VPN_PORT}" uci set tinc.server.Port="${VPN_PORT}"
Line 66: Line 69:
 uci set tinc.client.net="${VPN_IF}" uci set tinc.client.net="${VPN_IF}"
 uci set tinc.client.Name="client" uci set tinc.client.Name="client"
 +uci set tinc.client.PublicKey="1"
 +uci set tinc.client.Ed25519PublicKey="${VPN_CPUB}"
 uci add_list tinc.client.Subnet="${VPN_ADDR%.*}.2/32" uci add_list tinc.client.Subnet="${VPN_ADDR%.*}.2/32"
 uci add_list tinc.client.Subnet="${VPN_ADDR6%:*}:2/128" uci add_list tinc.client.Subnet="${VPN_ADDR6%:*}:2/128"
Line 83: Line 88:
 uci set network.${VPN_IF}.ip6addr="${VPN_ADDR6}" uci set network.${VPN_IF}.ip6addr="${VPN_ADDR6}"
 uci set network.${VPN_IF}.device="${VPN_IF}" uci set network.${VPN_IF}.device="${VPN_IF}"
-uci -q delete network.${VPN_IF}_ep 
-uci set network.${VPN_IF}_ep="rule" 
-uci set network.${VPN_IF}_ep.dest="${VPN_SERV}/32" 
-uci set network.${VPN_IF}_ep.lookup="main" 
-uci set network.${VPN_IF}_ep.priority="25000" 
 for IPV in 4 6 for IPV in 4 6
 do case ${IPV} in do case ${IPV} in
Line 93: Line 93:
 (6) VPN_DST="::/0" ;; (6) VPN_DST="::/0" ;;
 esac esac
 +uci set network.lan.ip${IPV}table="1"
 +uci set network.${VPN_IF}.ip${IPV}table="2"
 uci -q delete network.${VPN_IF}_rt${IPV%4} uci -q delete network.${VPN_IF}_rt${IPV%4}
 uci set network.${VPN_IF}_rt${IPV%4}="route${IPV%4}" uci set network.${VPN_IF}_rt${IPV%4}="route${IPV%4}"
 uci set network.${VPN_IF}_rt${IPV%4}.interface="${VPN_IF}" uci set network.${VPN_IF}_rt${IPV%4}.interface="${VPN_IF}"
 uci set network.${VPN_IF}_rt${IPV%4}.target="${VPN_DST}" uci set network.${VPN_IF}_rt${IPV%4}.target="${VPN_DST}"
-uci set network.lan.ip${IPV}table="1" +uci -q delete network.lan_${VPN_IF}${IPV%4
-uci set network.${VPN_IF}.ip${IPV}table="2" +uci set network.lan_${VPN_IF}${IPV%4}="rule${IPV%4}" 
-uci -q delete network.default${IPV%4} +uci set network.lan_${VPN_IF}${IPV%4}.in="lan
-uci set network.default${IPV%4}="rule${IPV%4}" +uci set network.lan_${VPN_IF}${IPV%4}.lookup="2" 
-uci set network.default${IPV%4}.lookup="2" +uci set network.lan_${VPN_IF}${IPV%4}.priority="30000"
-uci set network.default${IPV%4}.priority="30000"+
 done done
 uci commit network uci commit network
 service network restart service network restart
 </code> </code>
- 
-Configure [[docs:guide-user:services:vpn:tinc:extras#dynamic_connection|dynamic connection]] if necessary. 
  
 ===== Testing ===== ===== Testing =====
  • Last modified: 2023/11/17 09:13
  • by vgaetera