Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:tinc:client [2023/10/28 20:34] – [5. Network] vgaetera | docs:guide-user:services:vpn:tinc:client [2023/11/03 05:07] – [4. VPN service] vgaetera | ||
|---|---|---|---|
| Line 23: | Line 23: | ||
| VPN_SERV=" | VPN_SERV=" | ||
| VPN_PORT=" | VPN_PORT=" | ||
| - | VPN_ADDR=" | + | VPN_ADDR=" |
| - | VPN_ADDR6=" | + | VPN_ADDR6=" |
| </ | </ | ||
| ==== 2. Key management ==== | ==== 2. Key management ==== | ||
| - | Generate and exchange | + | Generate and [[docs: |
| <code bash> | <code bash> | ||
| # Generate keys | # Generate keys | ||
| + | mkdir -p / | ||
| tinc -n ${VPN_IF} generate-rsa-keys < /dev/null | tinc -n ${VPN_IF} generate-rsa-keys < /dev/null | ||
| tinc -n ${VPN_IF} generate-ed25519-keys < /dev/null | tinc -n ${VPN_IF} generate-ed25519-keys < /dev/null | ||
| - | mkdir -p /etc/tinc/${VPN_IF}/ | + | VPN_SPUB=" |
| - | ln -f / | + | VPN_CPUB=" |
| - | / | + | |
| </ | </ | ||
| Line 52: | Line 52: | ||
| uci set tinc.${VPN_IF}.Interface=" | uci set tinc.${VPN_IF}.Interface=" | ||
| uci set tinc.${VPN_IF}.Name=" | uci set tinc.${VPN_IF}.Name=" | ||
| + | uci set tinc.${VPN_IF}.ConnectTo=" | ||
| uci -q delete tinc.server | uci -q delete tinc.server | ||
| uci set tinc.server=" | uci set tinc.server=" | ||
| Line 57: | Line 58: | ||
| uci set tinc.server.net=" | uci set tinc.server.net=" | ||
| uci set tinc.server.Name=" | uci set tinc.server.Name=" | ||
| + | uci set tinc.server.PublicKey=" | ||
| + | uci set tinc.server.Ed25519PublicKey=" | ||
| uci set tinc.server.Address=" | uci set tinc.server.Address=" | ||
| uci set tinc.server.Port=" | uci set tinc.server.Port=" | ||
| Line 66: | Line 69: | ||
| uci set tinc.client.net=" | uci set tinc.client.net=" | ||
| uci set tinc.client.Name=" | uci set tinc.client.Name=" | ||
| + | uci set tinc.client.PublicKey=" | ||
| + | uci set tinc.client.Ed25519PublicKey=" | ||
| uci add_list tinc.client.Subnet=" | uci add_list tinc.client.Subnet=" | ||
| uci add_list tinc.client.Subnet=" | uci add_list tinc.client.Subnet=" | ||
| Line 83: | Line 88: | ||
| uci set network.${VPN_IF}.ip6addr=" | uci set network.${VPN_IF}.ip6addr=" | ||
| uci set network.${VPN_IF}.device=" | uci set network.${VPN_IF}.device=" | ||
| - | uci -q delete network.${VPN_IF}_ep | ||
| - | uci set network.${VPN_IF}_ep=" | ||
| - | uci set network.${VPN_IF}_ep.dest=" | ||
| - | uci set network.${VPN_IF}_ep.lookup=" | ||
| - | uci set network.${VPN_IF}_ep.priority=" | ||
| for IPV in 4 6 | for IPV in 4 6 | ||
| do case ${IPV} in | do case ${IPV} in | ||
| Line 93: | Line 93: | ||
| (6) VPN_DST="::/ | (6) VPN_DST="::/ | ||
| esac | esac | ||
| + | uci set network.lan.ip${IPV}table=" | ||
| + | uci set network.${VPN_IF}.ip${IPV}table=" | ||
| uci -q delete network.${VPN_IF}_rt${IPV%4} | uci -q delete network.${VPN_IF}_rt${IPV%4} | ||
| uci set network.${VPN_IF}_rt${IPV%4}=" | uci set network.${VPN_IF}_rt${IPV%4}=" | ||
| uci set network.${VPN_IF}_rt${IPV%4}.interface=" | uci set network.${VPN_IF}_rt${IPV%4}.interface=" | ||
| uci set network.${VPN_IF}_rt${IPV%4}.target=" | uci set network.${VPN_IF}_rt${IPV%4}.target=" | ||
| - | uci set network.lan.ip${IPV}table=" | + | uci -q delete |
| - | uci set network.${VPN_IF}.ip${IPV}table="2" | + | uci set network.lan_${VPN_IF}${IPV%4}="rule${IPV%4}" |
| - | uci -q delete network.default${IPV%4} | + | uci set network.lan_${VPN_IF}${IPV%4}.in=" |
| - | uci set network.default${IPV%4}="rule${IPV%4}" | + | uci set network.lan_${VPN_IF}${IPV%4}.lookup=" |
| - | uci set network.default${IPV%4}.lookup=" | + | uci set network.lan_${VPN_IF}${IPV%4}.priority=" |
| - | uci set network.default${IPV%4}.priority=" | + | |
| done | done | ||
| uci commit network | uci commit network | ||
| service network restart | service network restart | ||
| </ | </ | ||
| - | |||
| - | Configure [[docs: | ||
| ===== Testing ===== | ===== Testing ===== | ||