Install tinc package:
pkg_add tinc
apt-get install tinc
Choose a name for your private network. I named it home.
Create directory for storing virtual networks configuration:
[ $(uname) == NetBSD ] && export VPN_DIR=/usr/pkg/etc/tinc/home || export VPN_DIR=/etc/tinc/home
test -d "${VPN_DIR}/hosts" || mkdir -p "${VPN_DIR}/hosts"
/usr/pkg/etc/tinc/home/
Put tinc.conf file within created directory:
cat > /etc/tinc/home/tinc.conf << EOF
Name = client1
ConnectTo = orange.svyrydiuk.eu
EOF
Generate private/public key pair:
tincd -n home -K
It will show the message like this one:
Generating 2048 bits keys:
..........................................................+++++ p
......+++++ q
Done.
Please enter a file to save private RSA key to [/etc/tinc/home/rsa_key.priv]:<Press Enter>
Please enter a file to save public RSA key to [/etc/tinc/home/hosts/client1]:<Press Enter>
Copy host configuration file from your VPN server to the client host. In my case, the VPN server host is orange.svyrydiuk.eu.
Configuration file is /etc/tinc/home/hosts/orange on both server and client.
Address = orange.svyrydiuk.eu
Subnet = 10.0.0.0/24
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAvpQDmw2xTwmBq65hBkoEIGjtfRfLGPDj1+Y0PbLLZQ/GZSdevcii
....
....
EyoSBS6xle/uvuoRDa57Pj366EZVzTm1a0dFLZmtQVOgxOPmpQ4jVTUCAwEAAQ==
-----END RSA PUBLIC KEY-----
Do the same with the host configuration file you have on your client host. Copy it to VPN server.
Create tinc-up and tinc-down scripts on the client host and put them into /etc/tinc/home:
tinc-up script
#!/bin/sh
# /etc/tinc/home/tinc-up
ifconfig $INTERFACE 10.0.0.2 netmask 255.255.255.0
10.0.0.2 above is the client’s internal IP address on your VPN. If you want to join more than a few hosts into your private network, probably it will be good to set up DHCP server. It will automatically assign an IP address and other network configuration parameters to each host on your VPN.
tinc-down script
#!/bin/sh
# /etc/tinc/home/tinc-down
ifconfig $INTERFACE down
Set the executable flag on both scripts:
chmod +x /etc/tinc/home/tinc-[ud]*
Permanently enable and start tinc service:
rcctl enable tincd
rcctl set tincd flags "-U _tinc --chroot --net=home"
rcctl start tincd
systemctl enable tinc@home
systemctl start tinc@home
rcctl check tincd
If you get a message that says ‘tincd(ok)’ - your VPN is probably ready to use. Otherwise, work on configuration errors and try again.
systemctl status tinc@home
* tinc@home.service - Tinc net home
Loaded: loaded (/lib/systemd/system/tinc@.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-08-26 09:47:44 CEST; 4h 2min ago
Docs: info:tinc
man:tinc(8)
man:tinc.conf(5)
http://tinc-vpn.org/docs/
Main PID: 16836 (tincd)
Tasks: 1 (limit: 2229)
Memory: 748.0K
CGroup: /system.slice/system-tinc.slice/tinc@home.service
`-16836 /usr/sbin/tincd -n home -D -c /etc/tinc/home
In case of errors have a look at log records or run tincd as a foreground process with debug enabled:
tincd --no-detach -d 3 --net home