![]() ![]() Rename this interface using netsh interface set interface name = "%INTERFACE%" newname = "tinc" where %INTERFACE% is the name of the interface from the previous step.To locate it you can either use netsh interface ipv4 show interfaces or you can find it in the control panel using control netconnections. Usually it’s called Ethernet 2, but the name might differ on different systems. Locate the newly created network adapter.Click yes when it ask you if you want to install the driver. Usually - cd "C:\Program Files\tinc\tap-win64". If it doesn’t, you’ll have to choose between your VPN provider and tinc (remove the one you don’t want). It will probably work, but no guarantees. When the device is set up, proceed to step 3. If it fails to install (usually an error that says something along the lines of “service is scheduled to install”), try a different manufacturer in that list - one whose name starts with TAP. In most cases you’ll only have one entry in the Model list, if not, just select the first one and click Next. In the Window that opens click “Next”, then select “Install the hardware that I manually select from a list (Advanced)”, click “Next” again, select “Network Adapters” and click “Next”, select something that looks like “TAP-* Provider V9” from the “Manufacturer list” (there’s probably going to be the name of your VPN provider where the star is). ![]() Sudo cat>/lib/systemd/system/rvice /lib/systemd/system/ /usr/ local/etc/tinc/%VPNNAME%/tinc-up /usr/ local/etc/tinc/VPNNAME/tinc-down “Add Legacy Hardware”. to do this you can run the following commands - 1 If you use systemd (which would be the case with most Linux distributions), it can be handy to set up a systemd service to easily manage tinc VPNs. If you use iptables, the command is sudo iptables -I INPUT -p udp -dport 655 -m state -state NEW -j ACCEPT SystemD service With ufw this can be done with sudo ufw allow 655/udp. You do not need to do this on machines that will only connect to the network and nothing else but won’t be used as a gateway by other peers. On machines you want peers to connect to when trying to connect to the network you will need to open udp port 655. For the rest of the machines the process is summarised in the appropriate section. ![]() For setup on the initial machine, just continue reading. Calling it ‘the server’ would be incorrect though, because with Tinc any node can accept connections and advertise systems connected to it to the whole network. The setup for the first machine is slightly different than the others. Download and install the latest version from here.Tar -xf -one-top-level -strip-components=1 To extract and compile Tinc, just run the following commands (assuming you saved the file as.Install dependencies $ sudo apt install -y build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev.You need to compile Tinc 1.1 from source. %FQDNORIP% with an accessible domain name or IP address of the host you’re setting up.Note that IP distribution is manual in router mode (default), so it’s up to you to keep track of assigned addresses. %IP% with the IP address you want your current device you to have.%VPNNAME% with any name you want to your network to have.In the following commands replace these. Also, while this guide is fairly step by step, I recommended to read the manual first. The instructions in this post are meant for Ubuntu, Windows and Android, and are based on these posts - 1 2. This seems to be a planned feature, but it is not implemented yet. This means that if you have a Tinc network and you add a machine to it, as long as it can connect to at least one machine that still accepts your key it will be able to reconnect and have his key redistributed across the network. Tinc 1.1 does have an option to add new machines easily but sadly it does not support excluding peers from the network (but neither does 1.0). The alternative however, is tinc 1.0 which requires you to distribute the keys of each peer manually, which is… a lot of work. Please note that at the time of writing Tinc 1.1 has not been released officially and as such might not be suitable for production use. ![]() While tinc doesn’t allow you to tunnel like other VPNs do, this can still be useful when you need to create a LAN-like system with multiple machines over the internet. What this means is that unlike your normal VPN systems like OpenVPN who will route all of your traffice through a single centralised server, Tinc will do attempt to set up direct connections between peers if possible. Tinc is a VPN daemon that implements mesh routing. ![]()
0 Comments
Leave a Reply. |