Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:tinc:client [2023/10/29 02:02] – [5. Network] optimize code vgaeteradocs:guide-user:services:vpn:tinc:client [2023/11/03 05:07] – [4. VPN service] vgaetera
Line 28: Line 28:
  
 ==== 2. Key management ==== ==== 2. Key management ====
-Generate and exchange [[docs:guide-user:services:vpn:tinc:start#key_management|keys]] between server and client.+Generate and [[docs:guide-user:services:vpn:tinc:start#key_management|exchange keys]] between server and client.
  
 <code bash> <code bash>
 # Generate keys # Generate keys
-mkdir -p /etc/tinc/${VPN_IF}/hosts+mkdir -p /etc/tinc/${VPN_IF}
 tinc -n ${VPN_IF} generate-rsa-keys < /dev/null tinc -n ${VPN_IF} generate-rsa-keys < /dev/null
 tinc -n ${VPN_IF} generate-ed25519-keys < /dev/null tinc -n ${VPN_IF} generate-ed25519-keys < /dev/null
-ln -/etc/tinc/${VPN_IF}/ed25519_key.pub \ +VPN_SPUB="$(sed -e "s/^.*\s//" server.pub)" 
-/etc/tinc/${VPN_IF}/hosts/client+VPN_CPUB="$(sed -e "s/^.*\s//" /etc/tinc/${VPN_IF}/ed25519_key.pub)"
 </code> </code>
  
Line 52: Line 52:
 uci set tinc.${VPN_IF}.Interface="${VPN_IF}" uci set tinc.${VPN_IF}.Interface="${VPN_IF}"
 uci set tinc.${VPN_IF}.Name="client" uci set tinc.${VPN_IF}.Name="client"
 +uci set tinc.${VPN_IF}.ConnectTo="server"
 uci -q delete tinc.server uci -q delete tinc.server
 uci set tinc.server="tinc-host" uci set tinc.server="tinc-host"
Line 57: Line 58:
 uci set tinc.server.net="${VPN_IF}" uci set tinc.server.net="${VPN_IF}"
 uci set tinc.server.Name="server" uci set tinc.server.Name="server"
 +uci set tinc.server.PublicKey="1"
 +uci set tinc.server.Ed25519PublicKey="${VPN_SPUB}"
 uci set tinc.server.Address="${VPN_SERV}" uci set tinc.server.Address="${VPN_SERV}"
 uci set tinc.server.Port="${VPN_PORT}" uci set tinc.server.Port="${VPN_PORT}"
Line 66: Line 69:
 uci set tinc.client.net="${VPN_IF}" uci set tinc.client.net="${VPN_IF}"
 uci set tinc.client.Name="client" uci set tinc.client.Name="client"
 +uci set tinc.client.PublicKey="1"
 +uci set tinc.client.Ed25519PublicKey="${VPN_CPUB}"
 uci add_list tinc.client.Subnet="${VPN_ADDR%.*}.2/32" uci add_list tinc.client.Subnet="${VPN_ADDR%.*}.2/32"
 uci add_list tinc.client.Subnet="${VPN_ADDR6%:*}:2/128" uci add_list tinc.client.Subnet="${VPN_ADDR6%:*}:2/128"
  • Last modified: 2023/11/17 09:13
  • by vgaetera