Tinc provides an open-source L2/L3 VPN implementation.

Tinc generally relies on public-key cryptography. It requires to generate a private and public key for each peer and exchange only the public keys. While the private key is best never disclosed outside the peer where it was generated.

The Tinc init script combines both UCI settings and the contents of the /etc/tinc directory to a full configuration located in the /tmp/tinc directory.

The Tinc UCI config contains two types of sections:

UCI section Mapped config Generated config Description
tinc-net /etc/tinc/<NETNAME> /tmp/tinc/<NETNAME>/tinc.conf Defines the VPN network settings.
tinc-host /etc/tinc/<NETNAME>/hosts/<NODENAME> /tmp/tinc/<NETNAME>/hosts/<NODENAME> Defines the VPN peer settings.

The Tinc keys generated by default:

Key file Description
/etc/tinc/<NETNAME>/ed25519_key.priv Ed25519 private key.
/etc/tinc/<NETNAME>/ed25519_key.pub Ed25519 public key.
/etc/tinc/<NETNAME>/rsa_key.priv RSA private key.
/etc/tinc/<NETNAME>/rsa_key.pub RSA public key.

Public keys for each peer need to be stored either in UCI host sections or in host files using the same format as the generated keys.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2023/10/31 23:12
  • by vgaetera