Linux box as network gateway
Donald Pearson
donaldwhpearson at gmail.com
Wed Mar 19 20:09:50 CET 2014
By the way, if you create a layer 2 vpn using bridging like this, I suggest
installing ebtables on your tinc box so that you can put in some layer 2
firewall rules. An interesting result when you don't do this is DHCP
traversing the VPN. Much to my surprise I've seen hosts on one site
receive DHCP from a site across the VPN, ultimately using the remote router
as its gateway.
You would think the local server would be faster and always win, but that's
not always the case.
On Wed, Mar 19, 2014 at 3:03 PM, Donald Pearson
<donaldwhpearson at gmail.com>wrote:
> Well you use brctl to bridge the virtual adapter (interface) to a real
> physical interface, and that's represented by an additional virtual
> interface which is the bridge itself. That bridge is what you configure
> with an IP on your LAN statically or via DHCP.
>
> If you do all this ahead of time you don't even need a tinc-up script.
>
> If you want the bridge to be built up when tinc connects it would look
> something like this. Do the inverse for a tinc-down
>
> tinc.conf
> Name = Alpha
> ConnectTo = Beta
> ConnectTo = Charlie
> Device = /dev/net/tun
> Mode = switch
> PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
> #
> #
>
> Tinc-up
> #!/bin/sh
> modprobe tun
> ifconfig vpn 0.0.0.0
> ifconfig vpn up
> ifconfig eth1 0.0.0.0
> ifconfig eth1 up
>
> brctl addbr bridge
> brctl addif bridge vpn
> brctl addif bridge eth1
> ifconfig bridge 10.10.0.1 netmask 255.255.0.0
> route add default gw 10.10.0.254 bridge
> ifconfig bridge up
>
>
>
>
> On Wed, Mar 19, 2014 at 2:44 PM, Aaron Anderson <anderson.aaron at gmail.com>wrote:
>
>> Does connecting to that machine get you access to other machines on
>> the network? That's what I'm having trouble with. I want to connect to
>> machines that do not have tinc installed.
>>
>> On Wed, Mar 19, 2014 at 2:30 PM, vmlinux <vmlinux at charter.net> wrote:
>> > Aaron Anderson said on 03/19/2014 01:23 PM:
>> >> I do already have those installed. I was really hoping for someone who
>> >> had some already working configs or examples.
>> >
>> > # /etc/tinc/myvpn/tinc.conf
>> > Name = mynode
>> > AddressFamily = ipv4
>> > interface = tinc0
>> >
>> > # /etc/tinc/myvpn/tinc-up
>> > #!/bin/bash
>> > ifconfig $INTERFACE 10.10.10.1 netmask 255.255.255.0
>> >
>> > # /etc/tinc/myvpn/tinc-down
>> > #!/bin/bash
>> > ifconfig $INTERFACE down
>> >
>> > # tincd -n myvpn
>> >
>> > _______________________________________________
>> > tinc mailing list
>> > tinc at tinc-vpn.org
>> > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140319/0c152927/attachment.html>
More information about the tinc
mailing list