Tinc VPN on OpenBSD and Linux

Install tinc package:

OpenBSD

pkg_add tinc

Debian/Ubuntu

apt install tinc

Choose name for your private network. I named it home.

Create directory for storing virtual networks configuration

test -d /etc/tinc/home/hosts || mkdir -p /etc/tinc/home/hosts

And put tinc config into it:

cat > /etc/tinc/home/tinc.conf << EOF
Name = client1
ConnectTo = orange.svyrydiuk.eu
EOF

Generate private/public key pair:

tincd -n home -K

It will show the message like this:

Generating 2048 bits keys:
..........................................................+++++ p
......+++++ q
Done.
Please enter a file to save private RSA key to [/etc/tinc/home/rsa_key.priv]:<Press Enter>
Please enter a file to save public RSA key to [/etc/tinc/home/hosts/client1]:<Press Enter>

Copy host configuration file from your VPN server host to the client host. In my case, VPN server host is orange.svyrydiuk.eu.

Configuration file is /etc/tinc/home/hosts/orange on both server and client.

Address = orange.svyrydiuk.eu
Subnet = 10.0.0.0/24

-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAvpQDmw2xTwmBq65hBkoEIGjtfRfLGPDj1+Y0PbLLZQ/GZSdevcii
....
....
EyoSBS6xle/uvuoRDa57Pj366EZVzTm1a0dFLZmtQVOgxOPmpQ4jVTUCAwEAAQ==
-----END RSA PUBLIC KEY-----

Do the same with host configuration file you have on your client host. Copy it to VPN server.

Also create tinc-up and tinc-down scripts on client in /etc/tinc/home:

#!/bin/sh
# /etc/tinc/home/tinc-up
ifconfig $INTERFACE 10.0.0.100 netmask 255.255.255.0


#!/bin/sh
# /etc/tinc/home/tinc-down
ifconfig $INTERFACE down


chmod +x tinc-[ud]*

rcctl enable tincd
rcctl set tincd flags "-U _tinc --chroot --net=home"
rcctl start tincd

In case of errors have a look at log records or run tincd as a foreground process and debug enabled:

tincd --no-detach --config=/etc/tinc/home -d 3 --net home