TINC Mini-Howto
So you want to setup Tinc and you're in a hurry? This page will help you.
This page assumes you're running a Linux > 2.4.0 kernel.
Your net: 192.168.10.0/24, your ip: 192.168.10.23
Your external ip: 100.1.2.3
The other side (the network you wish to have a tunnel to): 192.168.98.0/24, your ip: 192.168.98.1
Their external ip: 50.1.2.3
It is assumed that 'the other side' is the server-side, you are the client.
- Step 1:
Make sure you have the TUN/TAP-device in your kernel.
- Step 2:
Pick a name for the tunnel. In this example we use "twwh" (transwarpwormhole :-]).
In /etc/tinc, create the directory twwh and twwh/hosts.
- Step 3:
On the server-side, create a file /etc/tinc/twwh/tinc.conf with contents:
# set this to the interface of your internet-connection, or leave it out
#BindToInterface
Device=/dev/net/tun
Mode=switch
# pick a name here, I chose 'twwhserver', but something else is ok too. but make sure
# it's a unique name on your TINC-tunnel-network!!
Name=twwhserver
PrivateKeyFile=/etc/tinc/twwh/rsa_key.priv
- Step 4:
Generate key-files; run (on the server) tincd -n twwh -K
If all went well, a file /etc/tinc/twwh/hosts/twwhserver was created. Edit that file and add to the top:
Compression=9
Subnet=192.168.98.0/24
Address=50.1.2.3
Now copy this file (/etc/tinc/twwh/hosts/twwhserver) to the /etc/tinc/twwh/hosts-directory on the client!
- Step 5:
On the client-side, create a file /etc/tinc/twwh/tinc.conf with contents:
ConnectTo=twwhserver
Device=/dev/net/tun
Mode=switch
# pick a name here, I chose 'twwhclient', but something else is ok too. but make sure
# it's a unique name on your TINC-tunnel-network!!
Name=twwhclient
PrivateKeyFile=/etc/tinc/rsa_key.priv
- Step 6:
Generate key-files; run tincd -n twwh -K
If all went well, a file /etc/tinc/twwh/hosts/twwhclient was created. Edit that file and add to the top:
Compression=9
Subnet=192.168.10.0/24
Address=100.1.2.3
Now copy this file (/etc/tinc/twwh/hosts/twwhclient) to the /etc/tinc/twwh/hosts-directory on the server!
- Step 7:
On the server, create a file /etc/tinc/twwh/tinc-up script with contents:
#!/bin/sh
ifconfig $INTERFACE 192.168.98.1 netmask 255.255.255.0
route add -host 192.168.10.23 dev $INTERFACE
route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.10.23
On the client, create a file /etc/tinc/twwh/tinc-up script with contents:
#!/bin/sh
ifconfig $INTERFACE 192.168.10.23 netmask 255.255.255.0
route add -host 192.168.98.1 dev $INTERFACE
route add -net 192.168.98.0 netmask 255.255.255.0 gw 192.168.98.1
Don't forget to make tinc-up executable (chmod +x /etc/tinc/twwh/tinc-up) on both the client and the server!
You can now start tinc: tincd -n twwh
Done!
Common errors:
- Make sure that the firewalls allow on BOTH the client AND the server traffic to port 655/tcp and 655/udp
- Make sure that /etc/tinc/twwh/tinc-up is executable
- If you get "bogus data received from..." in the output of syslogd, you did something wrong with the keys
- If the routing is ok, the tunnel is ok but still you don't get any traffic across the bridge, make sure the 'Mode='-line in tinc.conf is the same on both the client and the server
For a more elaborate manual on TINC, visit the documentation-page on the official site: http://tinc.nl.linux.org/documentation/tinc.html
If you have any suggestions or whatsoever, contact me at: folkert@vanheusden.com