Tinc issues and questions

ssppcc

Hi all

I just install Tinc package to make a mesh VPN with my colleagues. When I try to start the tinc package the gui don´t do nothing. Using the debug option I can see and error "tinc can´t locate the tinc.conf file". This issue is solved witha this:

ln -s /usr/local/etc/tinc/ /usr/pbi/tinc-amd64/local/etc/tinc

In "Interfaces - Assign - Interface Groups" I can find the "tinc mesh VPN Interface group"
I need to assign a new member interface?? If I press add button I can only find my WAN, LAN interfaces.

In "Firewall -> Rules" I can find tinc. But I have many questions:

1. How can route traffic from my LAN to tinc vpn
2. It´s possible to run different tincs vpns ?
3. How can I make NAT rules ? (from tinc to my DMZ network for example)

In all cases, I can´t find the tun0 interface in the GUI, but I can find it via SSH with ifconfig.
Thanks a lot for your time

Kind regards

theebrownieee

I've got the same issue. I can get the tinc network up and running. The VPN connections are established pfSense can connect outward to the other servers, i.e ping out to another node, however if another node pings pfSense there isn't a response.

pfSalmon

Thank you to ssppcc for posting your solution.  I had to modify it slightly for my setup:

ln -s /usr/local/etc/tinc/ /usr/pbi/tinc-i386/local/etc/tinc

I've had trouble with this package not re-installing properly after firmware upgrades in the past, but re-installing the package always fixed it.  This time, the service would not start until I issued the above command in Diagnostics / Command Prompt.

nimamhd

I had same issue to run tinc on pfsense 2.2 and thank you very much, this is works, but how can fix this forever?

chopeta

@nimamhd:

I have same issue to run tinc on pfsense 2.2 and thank you very much, this is work, but how can fix this forever?

1. ssppcc - please check tinc docs. on their website; There's a tinc tab in the firewall>rules page - everything works just great
2. pfSalmon - thanks for sharing the 32-bits solution. Great!
3. nimamhd - I had the same question as you, but I rebooted pfSense after running the command and tinc was working fine.

But at the end I guess the tinc package maintainer should fix this in the code.

Big thanks to everyone for your help, to the package maintainer and to pfSense team to build such a great peace of software.

nimamhd

With fresh installation of pfsense 2.2 tinc was run properly.i think Update pfsense from 2.1.5  to 2.2 cause this issue for me.

Thanks all

Supermule

Some people have a hard time getting TINC to work.

Pls. post a guide with screendumps to show your config and how you did.

chopeta

@nimamhd:

With fresh installation of pfsense 2.2 tinc was run properly.i think Update pfsense from 2.1.5  to 2.2 cause this issue for me.

Thanks all

Agree. I was updating from 2.1.5 to 2.2 when I got the problem.

Anyway, it got fixed after 2 reboots and running the command

ln -s /usr/local/etc/tinc/ /usr/pbi/tinc-i386/local/etc/tinc

from Diagnostic > Command Prompt. Another reboot just in case and everything is running fine now.

I saw some commits on the tinc package on github - I have another box with 2.1.5 that I will upgrade next week - let's see how it goes.
https://github.com/pfsense/pfsense-packages/commits/master/config/tinc

Will also post my config. and how I made tinc work between 3 pfSense boxes + a few other servers running Proxmox and CentOS.

ssppcc

@nimamhd:

With fresh installation of pfsense 2.2 tinc was run properly.i think Update pfsense from 2.1.5  to 2.2 cause this issue for me.

I can´t reinstall my pfsense computer.
In the CLI with a netstat -r I can see the route.

Internet:
Destination        Gateway            Flags      Netif Expire
10.XX.XX.XX          link#9             U          tun0

But in Interfaces – Assign interfaces I can´t see "tinc" interface.

Some questions:

Do I need to create a group of interfaces in "Interfaces - Interfaces Group" ??

I can see in Firewall rules the tinc shape, I have an any/any from LAN interface but I can´t ping any tinc host.

I can´t see in Firewall rules the tinc interface.

Thanks in advance
Kind regards

nimamhd

Hello

here you are a sample configuration of tinc. i hope this will useful for you.

https://forum.pfsense.org/index.php?topic=90536.0

ioiioi

@ssppcc:

In all cases, I can´t find the tun0 interface in the GUI, but I can find it via SSH with ifconfig.

have ever fixed this problem?
I got the same here, and would like to do 1:1 nat on tun0. but can't see tun0 from the interface menu.
and of coz could not add rules for that.

nimamhd

@ioiioi:

@ssppcc:

In all cases, I can´t find the tun0 interface in the GUI, but I can find it via SSH with ifconfig.

have ever fixed this problem?
I got the same here, and would like to do 1:1 nat on tun0. but can't see tun0 from the interface menu.
and of coz could not add rules for that.

by default, tun interfaces have been hidden. you can unhide it in /etc/inc/util.inc or /etc/inc/utils.inc.
first backup the file and search for "function get_interface_list" function, then remove the "tun" from "array".
go to interface assign tab and press save, then you can add tun interface