Tinc basic setup
-
You need to make sure you adjust firewall rules in PF to allow the traffic you want over and above just allowing the initial VPN traffic.
-
Can you go into more detail on this?
I've added a rule to allow port 655. Is there anything else i need to do?
-
~~I think you need to point TINC at your LAN interface IP and not your WAN. It should match your Local IP as that is the interface TINC is bound to.
So port forward 655 from outside to 192.168.5.254.~~
EDIT: It looks like tinc binds to loopback so it should be available from all interfaces.
Also, make sure under rules there should be a tab called tinc. I don't think that shows up until the service is started. In there you need to add a rule to allow traffic to pass as there are not default rules on the interface.
-
~~I think you need to point TINC at your LAN interface IP and not your WAN. It should match your Local IP as that is the interface TINC is bound to.
So port forward 655 from outside to 192.168.5.254.~~
EDIT: It looks like tinc binds to loopback so it should be available from all interfaces.
Also, make sure under rules there should be a tab called tinc. I don't think that shows up until the service is started. In there you need to add a rule to allow traffic to pass as there are not default rules on the interface.
Sorry for late reply but I have already done this. It didn't help :(
Any more suggestions? -
Has anyone actually gotten tinc to work?
I can't find much about tinc anywhere here, but this thread.
Trying to get tinc up under 2.2-RC, so far no luck.
Posted some more detail in the 2.2-RC section, just wanted to know if anyone has it actually up and running, and if there's somewhere a 'cookbook'. -
Has anyone actually gotten tinc to work?
I can't find much about tinc anywhere here, but this thread.
Trying to get tinc up under 2.2-RC, so far no luck.
Posted some more detail in the 2.2-RC section, just wanted to know if anyone has it actually up and running, and if there's somewhere a 'cookbook'.I never got it working so I gave up.
-
Thanks for the reply.
Bummer, though; seemed just like what I needed… -
Have you looked here??
http://www.tinc-vpn.org/
-
Yup I followed their documentation.
-
Have you looked here??
http://www.tinc-vpn.org/
The issues are of a different nature. The docs there describe how to set up the config files, etc.
But these are the things I'd expect the GUI to take care of after I enter the subnets, etc. into the relevant fields.
But neither the key generation happens as expected, nor goes the link ever up or does tincd run.I'd figure whoever wrote the module would have gotten it to run or not have published the it. So a working sample config would be useful, as would be the knowledge if things are known to work or fail under 2.2-R
-
What have you running in the receaving end of your tinc side??
Try changing the tincclient IP (physical machine) to 10.1.1.20 for testing purposes.
And change the dubnets to /24 for starters.
-
I have two pfSense units.
Box A: has e.g. a public WAN DHCP IP given by the ISP of 1.2.3.4, and has a LAN IP subnet of 123.45.67.0/24 and a LAN IP of 123.45.67.254 which are public IPs which the ISP won't route.
Box B: has a single fixed IP of e.g. 5.6.7.8 which also is the routing gateway for 123.45.67.0/24. This box only has one active NIC, the WAN with the 5.6.7.8 IP address.
What I want to do, is to route all traffic from the internet that arrives for 123.45.67.0/24 at 5.6.7.8 through tinc to 1.2.3.4 where it's dumped onto the 123.45.67.0/24 LAN
While I might have assigned sub-optimal or even wrong netmasks, etc. I'm fairly certain that I know the proper local and remote IP, and that I got the public/private key stuff right (despite the fact that I had to generate it at the CLI and then paste it into the files, because the generate key pair check mark didn't do anything when selected and hitting the save button.
So even with no traffic flowing, I'd have expected at least tincd to come up, but no such luck. Since I'm running 2.2-RC, I don't know if the issue is with 2.2-RC, with tinc, or the combination of these, or if I just got things so wrong, it refused to even generate keys and start up the demon.
-
Yes but if you give the VPN the same internal IP as your own, then routing wont work afaik.
Thats why I wanted you to give your local subnet a different IP range. Then we can exclude the routing range.
