Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:user-guide:services:vpn.tinc [2018/03/03 20:25] – ↷ Links adapted because of a move operation | docs:guide-user:services:vpn:tinc [2023/10/28 21:58] – [Tinc] split to docs:guide-user:services:vpn:tinc:start vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Tinc ====== | ||
| + | ==== UCI network/ | ||
| + | The following helped this author have a more reliable coexistence between Tinc and the OpenWrt web interface managed Network/ | ||
| + | The info below is based on my experience setting up Tinc to let me route between private LANs. | ||
| + | |||
| + | Because the network management of UCI may tear down and build up the network or firewall settings I found it advantageous to use the Networking/ | ||
| + | That said, it still isn't 100% reliable for me yet when making significant network changes. | ||
| + | Reboot and verify changes come back online as expected. | ||
| + | |||
| + | I've evolved my tinc scripts into the four mostly generic scripts below. | ||
| + | You can get away with less but for routing between networks, these work with minimal thought. | ||
| + | |||
| + | <code bash> | ||
| + | NETNAME=" | ||
| + | |||
| + | cat << " | ||
| + | #!/bin/sh | ||
| + | NETADDR=" | ||
| + | ip address add ${NETADDR} dev ${INTERFACE} | ||
| + | EOF | ||
| + | |||
| + | cat << " | ||
| + | #!/bin/sh | ||
| + | ip link set dev ${INTERFACE} down | ||
| + | EOF | ||
| + | |||
| + | cat << " | ||
| + | #!/bin/sh | ||
| + | NODENAME=" | ||
| + | if [ ${NODE} != ${NODENAME} ] | ||
| + | then ip route add ${SUBNET} dev ${INTERFACE} | ||
| + | fi | ||
| + | EOF | ||
| + | |||
| + | cat << " | ||
| + | #!/bin/sh | ||
| + | NODENAME=" | ||
| + | if [ ${NODE} != ${NODENAME} ] | ||
| + | then ip route delete ${SUBNET} dev ${INTERFACE} | ||
| + | fi | ||
| + | EOF | ||
| + | </ | ||
| + | |||
| + | Unlike some some Tinc howtos for other distributions I did not have any iptables rules in the '' | ||
| + | The '' | ||
| + | If you've renamed this interface or want something else, change here. | ||
| + | |||
| + | The '' | ||
| + | You need to know this so the '' | ||
| + | Versions of tinc newer than 1.0.19 have a better way around this but I don't recall at the moment. | ||
| + | |||
| + | **NOTE:** I (user mbello, not the author of this guide) followed this entire guide and it worked brilliantly except for this '' | ||
| + | |||
| + | Instead I went into the OpenWrt LuCI web interface and under '' | ||
| + | This makes UCI aware of the Tinc network interface but it shouldn' | ||
| + | |||
| + | Then, under '' | ||
| + | |||
| + | Next, under '' | ||
| + | |||
| + | Finally, under '' | ||
| + | The summary table for me reads: '' | ||
| + | |||
| + | **NOTE:** I (user mnlipp, neither the author of this guide) had problems (using Chaos Calmer) with the coexistence of the '' | ||
| + | An '' | ||
| + | There seems to be a conflict (or race condition) between '' | ||
| + | Although the interface had been configured properly by '' | ||
| + | |||
| + | I think that '' | ||
| + | I could solve the problem by adding at the beginning of my '' | ||
| + | |||
| + | <code bash> | ||
| + | ubus -t 15 wait_for network.interface.INTERFACE | ||
| + | </ | ||
| + | |||
| + | **NOTE:** I (user mnlipp, neither the author of this guide) found that things stopped working with OpenWrt 21.02 (probably 21.0, but I didn't try that). | ||
| + | |||
| + | If you want to be compatible with the new '' | ||
| + | I don't know if this is the // | ||
| + | |||
| + | * Create and configure a new bride device called '' | ||
| + | * Configure '' | ||
| + | |||
| + | The job of the up/down scripts is now to attach/ | ||
| + | Note that PWD is the networks configuration directory. | ||
| + | |||
| + | <code bash> | ||
| + | NETNAME=" | ||
| + | |||
| + | cat << " | ||
| + | #!/bin/sh | ||
| + | BRIDGE=" | ||
| + | while ! brctl show ${BRIDGE} &> /dev/null | ||
| + | do sleep 1 | ||
| + | done | ||
| + | brctl addif ${BRIDGE} ${INTERFACE} | ||
| + | ip link set ${INTERFACE} up | ||
| + | EOF | ||
| + | |||
| + | cat << " | ||
| + | #!/bin/sh | ||
| + | BRIDGE=" | ||
| + | brctl delif ${BRIDGE} ${INTERFACE} | ||
| + | ip link set ${INTERFACE} down | ||
| + | EOF | ||
| + | </ | ||
| + | |||
| + | ==== References ==== | ||
| + | * [[http:// | ||
| + | * [[http:// | ||