Pkw2kKcLA /lSNMIN / /W66mM258BLo1XgEraUx5RcJ4hTxawhNTn0NTJVCbfUX6e5 QZErWdF0Qsnqh /wJE6i569fzKWOUdLHrN5dVzD /Q5zjMOwJf3rmcerS0oAFTxKDj Import for each other party the key like this /etc/tinc/dn42_yourpeer/hosts/: # address/port are optional, in case they're missing you only expect connections from that hostĪddress = Port = - BEGIN RSA PUBLIC KEY - MIIBCgKCAQEAoGeD5b1HKW2UAFpIPayxsOOYx5qC0oHrJnvcPH33jnDBGiOYJ9ma To generate a public/private key pair use: $ tincd -K For each key tinc should connect to or allow to connect, a file with the name of the peer in tincd -n twwh -K is required. Linux/iproute2 # !/bin/sh # set the interface up ip link set dev $ INTERFACE up # add transfer networks ip addr add 172.16.0.1/30 dev $ INTERFACE scope link ip addr add fe80::1/64 dev $ INTERFACE # add routes ip route add 172.16.0.1/30 dev $ INTERFACE table peersįor authentication tinc uses public key authentication instead of certificates or pre-shared keys. On startup it will execute /etc/tinc/dn42_yourpeer/tinc-up if it exists and is executable: Tinc requires to add manually ip addresses and routes to the tap/tun interfaces. # In newer versions (>= 1.1) you can use AutoConnect instead ConnectTo can be specified multiple times. # To discover other hosts, it is required to initially specify a number of hosts to connect to. # Only switch mode is feasible for dn42 peerings, since in router mode tinc takes care of routing decisions on its own ConfigurationĮxample /etc/tinc/dn42_yourpeer/nf: Interface = dn42_yourpeer One advantage of tinc is that you can have multiple peering over the same VPN configuration by opening multiple connections. In Switch mode tinc will act like a L2 network, in which the routing table reflects the peers mac addresses. This is the default mode, but it is unsuitable for dn42, because you cannot influence how tinc will route to a certain network. Tinc will spawn an interface on which it will act as a 元 network, routing according to announcements. ![]() ![]() In Router mode each peer announces the addresses/subnets it serves. A third mode, the hub mode, exists, but it's just a dumb router mode that keeps no routing table and broadcasts everything - don't use it. Tinc primarily operates in two modes: router and switch. Tinc is most notably powering the Freifunk communitys ICVPN (in L2/Switch-Mode) and ChaosVPN (in 元/Router-Mode). If that is not possible traffic may be routed via a shared neighbor. If nodes want to reach each other, they establish a direct connection. Tinc will use a bunch of nodes to build the network graph, which in return all nodes use to learn addresses from each other. It allows multiple parties to connect and discover each other independently, while minimizing points of failure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |