Tutorial

[blha303]

Had a bit of fun trying to set this up on my edgerouter, thought I'd document my steps in the hopes this might be included in the readme. It took a couple hours to get everything running with no other tutorial available.

Create files in /config: tinc-up

#!/bin/sh
ip link set $INTERFACE up
ip addr add  192.168.1.1/24 dev $INTERFACE

tinc-down

#!/bin/sh
ip addr del 192.168.1.1/24 dev $INTERFACE
ip link set $INTERFACE down

tinc-rsa.key: generate an rsa key pair, print the public key for later

openssl genrsa -out /config/tinc-rsa.key 4096 # you may want to generate this locally or use 2048, it'll go faster
openssl rsa -pubout -in tinc-rsa.key

I found that enabling debug logging in tinc was helpful:

$ sudo su
# vi /etc/init.d/tinc
 NETS=""
+EXTRA="-d3"
# /etc/init.d/tinc restart
$ show tinc networkname logging

If you're adding a subnet route to a host, ensure you add a line to tinc-up and tinc-down, between the link and addr lines:

ip route add 172.16.1.0/24 dev $INTERFACE # up
ip route del 172.16.1.0/24 dev $INTERFACE # down

Here's my config after setting things up, modified for this tutorial:

 protocols tinc networkname {
     addressfamily ipv4
     connectto friend1
     connectto friend2
     enabled true
     host localname {
         address 127.1.0.1
         publickey MIICCgKCAgEAzvRq+pasteYourFullPublicKeyHereRemovingNewlines==
         subnet 192.168.1.1/32
     }
     host friend1 {
         address 127.1.0.2
         publickey MIICCgKCAgEAzvRq+pasteYourFullPublicKeyHereRemovingNewlines==
         subnet 192.168.1.2/32
         subnet 172.16.1.1/24
     }
     host friend2 {
         address 127.1.0.3
         publickey
         subnet 192.168.1.3/32
         subnet 172.16.2.1/24
     }
     interface tun0
     name localname
     privatekeyfile /config/tinc-rsa.key
     tinc-down /config/tinc-down
     tinc-up /config/tinc-up
 }

[ShaneMcC]

Hi,

Thanks for this - I'll have a look at getting this added to the README or wiki :)