Tinc VPN on OpenBSD

Install tinc package:

pkg_add tinc

Choose name for your private network. I named it work.

Create directory for storing virtual networks configuration

test -d /etc/tinc/work/hosts || mkdir -p /etc/tinc/work/hosts

And put tinc config into it:

cat > /etc/tinc/work/tinc.conf << EOF
Name = client1
ConnectTo = server
Device = /dev/tap0
EOF

Generate private/public key pair:

tincd -n work -K

It will show the message like this:

Generating 2048 bits keys:
..........................................................+++++ p
......+++++ q
Done.
Please enter a file to save private RSA key to [/etc/tinc/work/rsa_key.priv]:<Press Enter>
Please enter a file to save public RSA key to [/etc/tinc/work/hosts/client1]:<Press Enter>

Copy host configuration file from your VPN server and put it to /etc/tinc/work/hosts/server. It should look like this one:

Address = vpn.svyrydiuk.eu
Subnet = 10.0.0.0/24

-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAvpQDmw2xTwmBq65hBkoEIGjtfRfLGPDj1+Y0PbLLZQ/GZSdevcii
....
....
EyoSBS6xle/uvuoRDa57Pj366EZVzTm1a0dFLZmtQVOgxOPmpQ4jVTUCAwEAAQ==
-----END RSA PUBLIC KEY-----

Do the same with host configuration file you have on your client host. Copy it to VPN server

Also create tinc-up and tinc-down scripts on client in /etc/tinc/work:

#!/bin/sh
# /etc/tinc/work/tinc-up
ifconfig $INTERFACE 10.0.0.100 netmask 255.255.255.0


#!/bin/sh
# /etc/tinc/work/tinc-down
ifconfig $INTERFACE down


chmod +x tinc-[ud]*


rcctl enable tincd
rcctl set tincd flags "-U _tinc --chroot --net=work"
rcctl start tincd

In case of errors run:

tincd –no-detach –config=/etc/tinc/work -d 3 –net work