Tinc/NewNode: Difference between revisions
From charlesreid1
| Line 140: | Line 140: | ||
The setup with Tinc when there are multiple nodes is as follows: | The setup with Tinc when there are multiple nodes is as follows: | ||
jupiter = debian server, cronus = mac, maya = mac | rojo = debian server, jupiter = debian server, cronus = mac, maya = mac | ||
Rojo is a public server, so it serves as the furthest-upstream server. | |||
Jupiter | Jupiter, cronus, and maya are all on a private network behind a firewall, so they connect to each other and then one reaches out to connect to rojo. Tinc is a peer-to-peer VPN model, so that allows the flexible arrangement. | ||
Rojo will not connect to anyone, but will simply listen for incoming connections. | |||
Maya will be set to connect to | Jupiter will be set to connect to rojo when tinc starts. | ||
Maya and cronus will be set to connect to jupiter when tinc starts. | |||
'''tinc.conf on rojo:''' | |||
<pre> | |||
$ cat tinc.conf | |||
Name = rojo | |||
AddressFamily = any | |||
Device = /dev/net/tun | |||
Mode = switch | |||
</pre> | |||
'''tinc.conf on jupiter:''' | '''tinc.conf on jupiter:''' | ||
| Line 158: | Line 170: | ||
Device = /dev/net/tun | Device = /dev/net/tun | ||
Mode = switch | Mode = switch | ||
ConnectTo = rojo | |||
</pre> | </pre> | ||
| Line 179: | Line 192: | ||
ConnectTo = jupiter | ConnectTo = jupiter | ||
</pre> | </pre> | ||
==Flags== | ==Flags== | ||
Revision as of 02:18, 22 January 2018
Procedure for adding a new node (Mac):
Setting Up New Mac Node
Install:
$ brew install tinc
Prep directory structure:
mkdir -p /usr/local/etc/tinc/master/ cd /usr/local/etc/tinc/master/
Edit tinc.conf:
$ cat tinc.conf Name = cronus AddressFamily = any Mode = switch ConnectTo = jupiter
Edit tinc-up and tinc-down:
$ cat tinc-up #!/bin/sh ifconfig $INTERFACE 10.6.0.3 netmask 255.255.0.0 $ cat tinc-down #!/bin/sh ifconfig $INTERFACE down
Make executable:
$ chmod +x tinc-up tinc-down
Make hosts directory:
$ git clone https://charlesreid1.com:3000/charlesreid1/tinc-hosts.git hosts $ cd hosts
Edit the file cronus to add the IP and subnet for cronus:
$ cat hosts/cronus Address = 192.168.125.50 Subnet = 10.0.0.0/16
Generate a public key by running tinc with the -K flag, which will add the public key to the end of the cronus machine host file:
$ tincd -n master -K
Add cronus file the tinc-hosts repository and commit it.
Pull the updated cronus machine file on other machines (e.g. jupiter)
Setting Up New Debian Node
Install:
$ apt-get install tinc
Prep directory structure:
mkdir -p /etc/tinc/master/ cd /etc/tinc/master/
Edit tinc.conf:
$ cat tinc.conf Name = rojo AddressFamily = any Mode = switch
Edit tinc-up and tinc-down:
$ cat tinc-up #!/bin/sh ifconfig $INTERFACE 10.6.0.4 netmask 255.255.0.0 $ cat tinc-down #!/bin/sh ifconfig $INTERFACE down
Make executable:
$ chmod +x tinc-up tinc-down
Make hosts directory:
$ git clone https://charlesreid1.com:3000/charlesreid1/tinc-hosts.git hosts $ cd hosts
Edit the file cronus to add the IP and subnet for rojo:
$ cat hosts/rojo Address = charlesreid1.com Subnet = 10.0.0.0/16
Generate a public key by running tinc with the -K flag, which will add the public key to the end of the rojo machine host file:
$ tincd -n master -K
Add rojo file the tinc-hosts repository and commit it.
Pull the updated rojo machine file on other machines.
Network Architecture/Configuration
The setup with Tinc when there are multiple nodes is as follows:
rojo = debian server, jupiter = debian server, cronus = mac, maya = mac
Rojo is a public server, so it serves as the furthest-upstream server.
Jupiter, cronus, and maya are all on a private network behind a firewall, so they connect to each other and then one reaches out to connect to rojo. Tinc is a peer-to-peer VPN model, so that allows the flexible arrangement.
Rojo will not connect to anyone, but will simply listen for incoming connections.
Jupiter will be set to connect to rojo when tinc starts.
Maya and cronus will be set to connect to jupiter when tinc starts.
tinc.conf on rojo:
$ cat tinc.conf Name = rojo AddressFamily = any Device = /dev/net/tun Mode = switch
tinc.conf on jupiter:
$ cat tinc.conf Name = jupiter AddressFamily = any Device = /dev/net/tun Mode = switch ConnectTo = rojo
tinc.conf on cronus:
$ cat tinc.conf Name = cronus AddressFamily = any Mode = switch ConnectTo = jupiter
tinc.conf on maya:
$ cat tinc.conf Name = maya AddressFamily = any Mode = switch ConnectTo = jupiter