I’m having trouble understanding how tinc configuration works. I understand configuring tinc on linux, and it’s not clear how the concepts map to the uci configuration.
Like, is tinc.server the local server, or is the one I’m connecting to? Is tinc.client the local server, or the nodes that connect to me? Where do I set up the files typically under ‘hosts/’?
Tinc doesn’t really have the concept of servers or hosts, just nodes that connect to other nodes. I’d like my openwrt to both ConnectTo a tinc node on another machine and accept incoming connections. So I’m kind of confused whether I should follow the tinc-server or tinc-client instructions for openwrt.
Has anyone set this up before and can translate the uci variables to the typical tinc.conf setup? The documentation doesn’t really discuss what’s going on conceptually, just examples with no explanation.
Server says you are setting up a daemon to list for connections. The only IP info is the once off host IP used to set which interface to listen on.
Client says it’s for connecting out . IP address set per connection,multiple would be possible.
See.
90 % of Tinc configuration is stored in standart UCI files .
The only files that are stored in /etc/tinc are keys for the hosts and tinc-up scripts .
So if you have 2 tinc network you will have this content :
root@la1store:~# find /etc/tinc/ -type f
/etc/tinc/storenet/rsa_key.pub /
/etc/tinc/storenet/rsa_key.priv
/etc/tinc/storenet/ed25519_key.priv
/etc/tinc/storenet/tinc-up
/etc/tinc/storenet/ed25519_key.pub
/etc/tinc/officenet/rsa_key.pub
/etc/tinc/officenet/rsa_key.priv
/etc/tinc/officenet/ed25519_key.priv
/etc/tinc/officenet/tinc-up
/etc/tinc/officenet/ed25519_key.pub
and in /etc/config/tinc you will have a tinc-net config by network , and X tinc-host for each network .
config tinc-net 'storenet'
option enabled '1'
option BindToAddress '* 12124'
option Name 'la1store'
option AddressFamily 'ipv4'
list ConnectTo 'nyc1store'
list ConnectTo 'mia1store'
option DeviceType 'tap'
option Mode 'switch'
option PrivateKeyFile '/etc/tinc/storenet/rsa_key.priv'
option ed25519privatekeyfile '/etc/tinc/storenet/ed25519_key.priv'
config tinc-host 'la1store'
option enabled '1'
option net 'storenet'
option Name 'la1store'
option Address 'la1.store.brand.com 12124'
option ClampMSS 'yes'
option Ed25519PublicKey 'xxxxxxx'
option PublicKey 'xxxxxxxxx'
Just a note on the side:
Tinc is probably not a good choice for new setups. The project is basically dead. The last release has been published 5 years ago and the development branch has not seen real work for 2 years.
You might want to have a look at Slack’s nebula: https://github.com/slackhq/nebula
Yes, that’s the documentation I’m not understanding. Can you explain further?
Why is there a client and server setup when tinc doesn’t have the concept of client or server?
There is no real distinction between a server and a client in tinc.
https://www.tinc-vpn.org/documentation-1.1/How-connections-work.html
Why does the “VPN service” setup in both the client and server involve setting up both tinc.client and tinc.server? Why are they both set to “tinc-host”?
Which variable corresponds to the network name as you would specify with ‘tinc -n NETNAME start’
Where do I put the content of /usr/local/etc/tinc/NETNAME/hosts?
Thanks so much, this maps to my understanding of tinc configuration. I was able to get a tinc connection using this example.
I did have to create empty host files in /etc/tinc/NET/hosts for each node before uci was able to populate them.
Can you give us ,which version of OpenWrt ,and which version of tinc package you are using ?
23.05.4 on r6220, using the kernel img. Fresh install of tinc, I won’t be at the location for a while so I’d just assume the latest.
Specifically, the behavior I saw was that I set up tinc the Linux way, creating my own hosts files. Then I configured /etc/config/tinc, saw that lines from both sources ended up in /tmp/tinc/net/hosts, so I deleted the hosts files I made and then tinc failed with a missing file error. Touching the files in /etc/tinc/net/hosts allowed it to proceed.