Tinc Konfiguartion für ein Freifunk Netz in einer Region. Hier am Beispiel Stuttgart und Umkreis. Es wird OLSR durch den Tunnel genutzt.
- opkg update
- opkg install tinc
- mkdir /etc/tinc
- mkdir /etc/tinc/stuttgart
- mkdir /etc/tinc/stuttgart/hosts
- vi /etc/tinc/stuttgart/tinc.conf
# Kurzname des Routers/Computers Name = radevormwald1 # Mit folgenden Computern versuchen zu verbinden ConnectTo = radevormwald2 ConnectTo = weinstadt3 # Arbeitsweise des VPN Mode = Switch # Wird nur benötigt wenn tinc hinter Router erreichbar sein soll TCPOnly = yes BlockingTCP=yes # alternativen Port zu 655 verwenden #Port = 8656
- vi /etc/tinc/stuttgart/tinc-up
#!/bin/sh ifup stuttgart
- vi /etc/tinc/stuttgart/tinc-down
#!/bin/sh ifdown stuttgart
- chmod +x /etc/tinc/stuttgart/tinc-*
- tincd -n stuttgart -K (bei den Dateinamen einfach Eingabe drücken)
Generating 2048 bits keys: ................++++++ p ...................++++++ q Done. Please enter a file to save private RSA key to [/etc/tinc/stuttgart/rsa_key.priv]: Please enter a file to save public RSA key to [/etc/tinc/stuttgart/hosts/weinstadt1]:
- vi /etc/tinc/stuttgart/hosts/radevormwald1
Address = mail6.albi.info -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKe+pEuYsGXl6/tUDqc1/ZUE/3jK/IumPIljMBZr+cDB2G2DRGIKzkK1 1rM9BBusMIrhubmXz35FGY1Fx/CBt4RzbFbujdBdkK0eXm0D9dSNAugXenAsu0bB 64zkp5WuCQNaYgYXs37u5vAj08/ReY9HPPLcKClsY77L5KB28TEHAgMBAAE= -----END RSA PUBLIC KEY-----
- Interface im System anlegen: vi /etc/config/network (am Ende hinzufügen)
config interface 'stuttgart'
option ifname 'stuttgart'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '172.21.255.57'
- Tinc Config vom System anpassen: vi /etc/config/tinc (Alles löschen und folgendes eintragen)
config tinc-net stuttgart
option enabled 1
option debug 3
- OLSR für VPN aktivieren: vi /etc/config/olsrd (am Ende hinzufügen)
config Interface
option interface 'stuttgart'
option LinkQualityMult 'default 0.4'
option HelloInterval '30.0'
option HelloValidityTime '180.0'
option MidInterval '60.0'
option MidValidityTime '300.0'
option HnaInterval '60.0'
option HnaValidityTime '300.0'
option ignore '0'
- Kopiere Public Key aus /etc/tinc/stuttgart/hosts/ zu deinem Gegenüber und kopiere seine Datei zu dir ins hosts Verzeichnis
- tincd -n stuttgart --debug=3
- logread
Hier nochmals alle Public Keys die beim vpn stuttgart mitmachen
# cat vpngw Name = vpngw Address = vpngw.freifunk-stuttgart.de Subnet = 172.21.255.1/32 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAuLleC4lO7mGNZRjoIr3nmrT3NWiB3HHSxONlD/loT3+hA9HjNOdD YRSQTpHRQd05bS8JgqVawCl6F/8344p0zjKPj91FfJxgitc0ykmCKxyFaDVJWxhO aZJjWn/hD3DenCM7rXRvRjC0tcIIIFlWdMngj6xkHBygD1+NF8/kU6v+oeijd2PE rRB7Oz6+vCqYPJ/92NFQpO1aVC3lPm+pO3LKT0GhzzV4rlpUxjllMXl1NK+LaLfo ZmP7UpyxDJ3cGW8F0bQ3MAcv5RFL5e2P7VI5t9gyao+iq7tx7bZCSlWL3Gv/Hh0r qyFRbbhAl+s9U/hGUtLzKzrQA+fGgRDbhwIDAQAB -----END RSA PUBLIC KEY-----
# cat weinstadt1 Address = mail6.albi.info Address = server.albi.xipx.de Address = albi.dyndns.info Port = 8656 Subnet = 172.21.84.235/32 Subnet = 172.21.77.0/24 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKe+pEuYsGXl6/tUDqc1/ZUE/3jK/IumPIljMBZr+cDB2G2DRGIKzkK1 1rM9BBusMIrhubmXz35FGY1Fx/CBt4RzbFbujdBdkK0eXm0D9dSNAugXenAsu0bB 64zkp5WuCQNaYgYXs37u5vAj08/ReY9HPPLcKClsY77L5KB28TEHAgMBAAE= -----END RSA PUBLIC KEY-----
# cat weinstadt3 Address = mail6.albi.info Address = server.albi.xipx.de Address = albi.dyndns.info Port = 8658 Subnet = 172.21.255.84/32 #Subnet = 172.21.77.0/24 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEA5YpEO0P24u8Tu0BJhDSwrwUJWCZwVxK4T4qDmk48+t1xU0dMy7qs UnovyVrlXrlJUu3BY/+CAvOLVGJOaesZELga7oHN/0ea9eSJjybJXoXAOJW3vbia +7x2fpT4xyBriefxiEiVRdXSdQq/VUkZihvtQ9Hi1+SlH4k9+VpGMj9xJoItjT9H 4vc705yOnk+/fBCiyI5Jc1Rsgd77LeB4tIFEBGaq2Aa3ZAAftT8cdtch5olz2s6p GBdCnQZJHasj9ui7opn6d9KQh/pzoACDn9sncpSEyBw/SPoq5iVQvqIV3ERXETbO FEDiPphpTaouk92Z+z/sr1HMCfM9GnQzawIDAQAB -----END RSA PUBLIC KEY-----
# cat radevormwald1 Address = kamino.dyndns.info Address = vm8m4ykavdlgi9ue.myfritz.net # Port = 8656 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAtLObbD3RI/nZkgTfn1BEDf8zCkbweT7rNqmS2IGkGXsJPXOyhnbP 4JLuGVDqEZ5PPX1/wbDkcqrhYDADcUJ2pbnjQrF0cqfqOgoeNfG4c7uVUuoj86UZ IBXIJNqu+fP+DsjMS68zTr6nYWwMb1MfM1emLfowULQ3wdY4aozq3U03ylQ4Xpb3 3qeGvUXIx5F30xIS7LQuSsfyEGSJtrvPVZrIbBe2jBQUQimj3Iq2Rf1m+URBzbhe 2pgcd2WRlFA0IeWrO2YEhXAIinfsx2vezKbz0IH3gKgb/wCSdhskg1k2eDr8Lw0u SfktgiQhdjsXbpucUlnyWYKWYMBvSbDMawIDAQAB -----END RSA PUBLIC KEY-----
Alte Sachen die nicht mehr benötigt werden
- Automatischer Start: vi /etc/init.d/S52tincd
#!/bin/sh
. /etc/functions.sh
NETS="stuttgart"
case "$1" in
start)
echo -n "Starting tinc:"
for n in $NETS ; do
echo -n " $n"
tincd -n $n --debug=3
done
echo "."
sleep 2
;;
stop)
for n in $NETS ; do
tincd -n $n -k
done
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 start|stop|restart"
;;
esac
- Firewall anpassen (nur nötig wenn sie aktiviert ist): vi /etc/local.fw-tinc
#!/bin/sh
# Place your firewall addons here or use /etc/local.fw-xxx
# configuration
NETS="stuttgart"
case $1 in
start)
# Allow tinc ports to WAN interface
iptables -A INPUT -i $WANDEV -p tcp --dport 655 -j ACCEPT
iptables -A INPUT -i $WANDEV -p tcp --dport 8655:8659 -j ACCEPT
for TAPDEV in $NETS; do
# Allow all traffic through the tunnel
iptables -I OUTPUT -o $TAPDEV -j ACCEPT
iptables -I INPUT -i $TAPDEV -j ACCEPT
iptables -I FORWARD -o $TAPDEV -j ACCEPT
iptables -I FORWARD -i $TAPDEV -j ACCEPT
# Masquerade LAN traffic through the tunnel
iptables -t nat -A POSTROUTING -o $TAPDEV -s $LANNET/$LANPRE -j MASQUERADE
iptables -I FORWARD -i $LANDEV -o $TAPDEV -j ACCEPT
iptables -I FORWARD -i $TAPDEV -o $LANDEV -j ACCEPT
done
;;
stop)
iptables -D INPUT -i $WANDEV -p tcp --dport 655 -j ACCEPT
iptables -D INPUT -i $WANDEV -p tcp --dport 8655:8659 -j ACCEPT
for TAPDEV in $NETS; do
iptables -D OUTPUT -o $TAPDEV -j ACCEPT
iptables -D INPUT -i $TAPDEV -j ACCEPT
iptables -D FORWARD -o $TAPDEV -j ACCEPT
iptables -D FORWARD -i $TAPDEV -j ACCEPT
iptables -t nat -D POSTROUTING -o $TAPDEV -s $LANNET/$LANPRE -j MASQUERADE
iptables -D FORWARD -i $LANDEV -o $TAPDEV -j ACCEPT
iptables -D FORWARD -i $TAPDEV -o $LANDEV -j ACCEPT
done
;;
esac
Page last modified on 15 December 2013 21:08 Uhr