Tincd experiment to debug all the headaches we're having:

• Create three AWS nodes
• Set them up with debian dotfiles
• Install tinc

Now we have a brady bunch.

Following this guide: https://linode.com/docs/networking/vpn/how-to-set-up-tinc-peer-to-peer-vpn/

Step 0: Set Up Nodes

A bit painful. Still need to smooth this out.

Ubuntu flavor of cloud-init will accept bash scripts with a shebang. AWS cloud init will not.

More info: https://stackoverflow.com/a/17827406/463213

Need to mime-encode everything. (Maybe as simple as copying and pasting a URL?)

Cannot customize machine name for curl-pipe-to-bash (had to download, sed -i, replace blackbeard with other, etc.)

Tincd installation process does not get hostname dynamically, does not intelligently pick ip address. pick a random ip in 100-200 range. 0-100 is reserved, 200+ is the high seas

Most painful part is, we cannot SSH in. Script is supposed to check for existence of /home/ubuntu/.ssh/authorized_keys and copy it into our user's authorized keys, but this did not work. Had to manually SSH into the machine, run cat command, log out, then try again.

Real solution: have a reserved private/public key pair, hard code public key.

Step 1: Prep Nodes

Update aptitude and install the necessary packages:

sudo apt update && sudo apt upgrade
sudo apt -y install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev

Step 2: Install Tinc

Install tinc from source:

#!/bin/bash

cd /tmp
wget https://tinc-vpn.org/packages/tinc-1.0.33.tar.gz
tar -xf tinc-1.0.33.tar.gz
cd tinc-1.0.33
./configure --prefix=
make
sudo make install

Step 3: Set Up Tinc

Create working directory for our network, which we'll call zombie:

sudo mkdir -p /etc/tinc/zombie/hosts

Create config file:

cat > EOF
Name = appserver
Device = /dev/net/tun
AddressFamily = ipv4

Next Steps

Fix this script: https://git.charlesreid1.com/dotfiles/debian/src/branch/master/dotfiles/scripts/tincd_install.sh