projects / wiki / blob
? search:


44e68565f63e2de1cac13a7e4b1327accda90345
[wiki] / examples / bridging-with-dhcp.mdwn
1 [[!meta title="creating a bridge to bridge tinc-vpn dhcp system to connect netwerk segments"]]
2
3 # this docu is still in progress # jelle
4
5 ------------------------------------------------------------------------
6
7 # Company:  PowerCraft Technology
8 # Author:   Copyright Jelle de Jong <jelledejong@powercraft.nl>
9 # Note:     Please send me an email if you enhanced the document
10 # Date:     2009-09-15
11 # License:  CC-BY-SA
12
13 # This document is free documentation; you can redistribute it and/or
14 # modify it under the terms of the Creative Commons Attribution Share
15 # Alike as published by the Creative Commons Foundation; either version
16 # 3.0 of the License, or (at your option) any later version.
17 #
18 # This document is distributed in the hope that it will be useful,
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 # Creative Commons BY-SA License for more details.
22 #
23 # http://creativecommons.org/licenses/by-sa/
24
25 ------------------------------------------------------------------------
26
27 # information: http://www.tinc-vpn.org/
28
29 ------------------------------------------------------------------------
30
31 # this is scally02 test system location leiden
32
33 ------------------------------------------------------------------------
34
35 apt-get update; apt-get dist-upgrade
36
37 apt-cache show tinc
38 apt-get install tinc/unstable
39 apt-get install bridge-utils/unstable
40
41 ------------------------------------------------------------------------
42
43 /etc/init.d/tinc stop
44
45 ------------------------------------------------------------------------
46
47 # ls -hal /dev/net/tun
48 crw-rw-rw- 1 root root 10, 200 2009-09-11 15:37 /dev/net/tun
49
50 # grep tinc /etc/services
51 tinc        655/tcp             # tinc control port
52 tinc        655/udp
53
54 cat /usr/share/doc/tinc/README.Debian
55 zcat /usr/share/doc/tinc/README.gz | less
56 zcat /usr/share/doc/tinc/NEWS.gz | less
57 cat /usr/share/doc/tinc/examples/tinc-up
58 w3m /usr/share/doc/tinc/tinc_0.html
59
60 http://www.tinc-vpn.org/documentation/tinc_toc
61
62 sudo vim /etc/default/tinc
63 EXTRA="-d"
64 cat /etc/default/tinc
65
66 less /etc/init.d/tinc
67
68 ------------------------------------------------------------------------
69
70 ifconfig -a
71 route -n
72
73 ------------------------------------------------------------------------
74
75 # ifconfig -a
76 eth0      Link encap:Ethernet  HWaddr 00:26:18:6a:a0:52
77           inet6 addr: fe80::226:18ff:fe6a:a052/64 Scope:Link
78           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
79           RX packets:35 errors:0 dropped:0 overruns:0 frame:0
80           TX packets:5879 errors:0 dropped:0 overruns:0 carrier:1
81           collisions:0 txqueuelen:1000
82           RX bytes:5958 (5.8 KiB)  TX bytes:594793 (580.8 KiB)
83           Interrupt:28
84
85 lo        Link encap:Local Loopback
86           inet addr:127.0.0.1  Mask:255.0.0.0
87           inet6 addr: ::1/128 Scope:Host
88           UP LOOPBACK RUNNING  MTU:16436  Metric:1
89           RX packets:838 errors:0 dropped:0 overruns:0 frame:0
90           TX packets:838 errors:0 dropped:0 overruns:0 carrier:0
91           collisions:0 txqueuelen:0
92           RX bytes:87938 (85.8 KiB)  TX bytes:87938 (85.8 KiB)
93
94 ppp0      Link encap:Point-to-Point Protocol
95           inet addr:10.79.163.113  P-t-P:10.64.64.64  Mask:255.255.255.255
96           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
97           RX packets:4833 errors:0 dropped:0 overruns:0 frame:0
98           TX packets:4645 errors:0 dropped:0 overruns:0 carrier:0
99           collisions:0 txqueuelen:3
100           RX bytes:952105 (929.7 KiB)  TX bytes:319496 (312.0 KiB)
101
102 # route -n
103 Kernel IP routing table
104 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
105 10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
106 0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
107
108 ------------------------------------------------------------------------
109
110 # client02 configuration
111 ------------------------------------------------------------------------
112
113 cat /etc/tinc/nets.boot
114 echo 'myvpn01' | sudo tee --append /etc/tinc/nets.boot
115 cat /etc/tinc/nets.boot
116
117 ------------------------------------------------------------------------
118
119 sudo mkdir --verbose /etc/tinc/myvpn01/
120 sudo mkdir --verbose /etc/tinc/myvpn01/hosts/
121 sudo touch /etc/tinc/myvpn01/tinc.conf
122
123 ------------------------------------------------------------------------
124
125 # on server
126 cat /etc/tinc/myvpn01/hosts/server01
127
128 # on client, copy cert data of server to client
129 sudo vim /etc/tinc/myvpn01/hosts/server01
130
131 # add on head of file
132 Address = 712.661.21.23 # only on client
133
134 ------------------------------------------------------------------------
135
136 echo 'ConnectTo = server01
137 Device = /dev/net/tun
138 Interface = tun0
139 Mode = switch
140 PMTU = 1280
141 PMTUDiscovery = yes
142 Name = client02' | sudo tee /etc/tinc/myvpn01/tinc.conf
143
144 sudo cat /etc/tinc/myvpn01/tinc.conf
145 sudo chmod 644 /etc/tinc/myvpn01/tinc.conf
146 ls -hal /etc/tinc/myvpn01/tinc.conf
147
148 echo '#!/bin/sh
149 ifconfig $INTERFACE 0.0.0.0
150 brctl addif br0 $INTERFACE
151 ifconfig $INTERFACE up' | tee /etc/tinc/myvpn01/tinc-up
152
153 sudo cat /etc/tinc/myvpn01/tinc-up
154 sudo chmod 755 /etc/tinc/myvpn01/tinc-up
155 ls -hal /etc/tinc/myvpn01/tinc-up
156
157 echo '#!/bin/sh
158 ifup br0 &' | sudo tee /etc/tinc/myvpn01/hosts/server01-up
159
160 sudo cat /etc/tinc/myvpn01/hosts/server01-up
161 sudo chmod 755 /etc/tinc/myvpn01/hosts/server01-up
162 ls -hal /etc/tinc/myvpn01/hosts/server01-up
163
164 echo '#!/bin/sh
165 brctl delif br0 $INTERFACE
166 ifconfig $INTERFACE down' | sudo tee /etc/tinc/myvpn01/tinc-down
167
168 sudo cat /etc/tinc/myvpn01/tinc-down
169 sudo chmod 755 /etc/tinc/myvpn01/tinc-down
170 ls -hal /etc/tinc/myvpn01/tinc-down
171
172 echo '#!/bin/sh
173 ifdown br0
174 ifconfig br0 0.0.0.0' | sudo tee /etc/tinc/myvpn01/hosts/server01-down
175
176 sudo cat /etc/tinc/myvpn01/hosts/server01-down
177 sudo chmod 755 /etc/tinc/myvpn01/hosts/server01-down
178 ls -hal /etc/tinc/myvpn01/hosts/server01-down
179
180 ------------------------------------------------------------------------
181
182 sudo rm /etc/tinc/myvpn01/rsa_key.priv
183 sudo rm /etc/tinc/myvpn01/hosts/client02
184 sudo tincd -n myvpn01 -K
185
186 ------------------------------------------------------------------------
187
188 # on client add on head of file
189 sudo vim /etc/tinc/myvpn01/hosts/client02
190 Compression = 9
191 TCPOnly = yes
192
193 # on client
194 sudo cat /etc/tinc/myvpn01/hosts/client02
195
196 # on server, copy cert data of client to server
197 vim /etc/tinc/myvpn01/hosts/client02
198
199 ------------------------------------------------------------------------
200
201 # cat /etc/network/interfaces
202 auto lo
203   iface lo inet loopback
204
205 auto ppp0
206   iface ppp0 inet ppp
207   provider mobile-vodafone
208
209 auto eth0
210   iface eth0 inet manual
211   pre-up brctl addbr br0
212   pre-up ifconfig eth0 down
213   pre-up brctl addif br0 eth0
214   pre-up ifconfig eth0 up
215   post-down ifconfig eth0 down
216   post-down brctl delif br0 eth0
217   post-down ifconfig br0 down
218   post-down brctl delbr br0
219
220 iface br0 inet dhcp
221   post-up route del default dev br0
222
223 ------------------------------------------------------------------------
224
225 echo 'interface "br0" {
226   request subnet-mask, broadcast-address, time-offset,
227     host-name, netbios-scope, interface-mtu, ntp-servers;
228 }' | tee --append /etc/dhcp3/dhclient.conf
229
230 cat /etc/dhcp3/dhclient.conf
231
232 ------------------------------------------------------------------------
233
234 sudo /etc/init.d/tinc stop
235 fg
236 sudo /usr/sbin/tincd --net myvpn01 --no-detach --debug=5
237
238 ------------------------------------------------------------------------
239
240 # sudo /usr/sbin/tincd --net myvpn01 --no-detach --debug=5
241 tincd 1.0.9 (Dec 26 2008 14:50:38) starting, debug level 5
242
243 ------------------------------------------------------------------------
244
245 ifconfig -a
246 route -n
247 brctl show
248 brctl showmacs br0
249
250 ------------------------------------------------------------------------
251
252 # ifconfig -a
253 br0       Link encap:Ethernet  HWaddr 00:26:18:6a:a0:52
254           inet addr:10.10.3.116  Bcast:10.10.255.255  Mask:255.255.0.0
255           inet6 addr: fe80::226:18ff:fe6a:a052/64 Scope:Link
256           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
257           RX packets:2479 errors:0 dropped:0 overruns:0 frame:0
258           TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
259           collisions:0 txqueuelen:0
260           RX bytes:209742 (204.8 KiB)  TX bytes:10280 (10.0 KiB)
261
262 eth0      Link encap:Ethernet  HWaddr 00:26:18:6a:a0:52
263           inet6 addr: fe80::226:18ff:fe6a:a052/64 Scope:Link
264           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
265           RX packets:11 errors:0 dropped:0 overruns:0 frame:0
266           TX packets:2430 errors:0 dropped:0 overruns:0 carrier:1
267           collisions:0 txqueuelen:1000
268           RX bytes:1079 (1.0 KiB)  TX bytes:237231 (231.6 KiB)
269           Interrupt:28
270
271 lo        Link encap:Local Loopback
272           inet addr:127.0.0.1  Mask:255.0.0.0
273           inet6 addr: ::1/128 Scope:Host
274           UP LOOPBACK RUNNING  MTU:16436  Metric:1
275           RX packets:516 errors:0 dropped:0 overruns:0 frame:0
276           TX packets:516 errors:0 dropped:0 overruns:0 carrier:0
277           collisions:0 txqueuelen:0
278           RX bytes:63488 (62.0 KiB)  TX bytes:63488 (62.0 KiB)
279
280 ppp0      Link encap:Point-to-Point Protocol
281           inet addr:10.79.163.113  P-t-P:10.64.64.64  Mask:255.255.255.255
282           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
283           RX packets:2028 errors:0 dropped:0 overruns:0 frame:0
284           TX packets:1967 errors:0 dropped:0 overruns:0 carrier:0
285           collisions:0 txqueuelen:3
286           RX bytes:388056 (378.9 KiB)  TX bytes:152260 (148.6 KiB)
287
288 tun0      Link encap:Ethernet  HWaddr 42:8f:ff:cf:51:a8
289           inet6 addr: fe80::408f:ffff:fecf:51a8/64 Scope:Link
290           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
291           RX packets:2545 errors:0 dropped:0 overruns:0 frame:0
292           TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
293           collisions:0 txqueuelen:500
294           RX bytes:249926 (244.0 KiB)  TX bytes:10375 (10.1 KiB)
295
296 # route -n
297 Kernel IP routing table
298 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
299 10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
300 10.10.0.0       0.0.0.0         255.255.0.0     U     0      0        0 br0
301 0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
302
303 # brctl show
304 bridge name bridge id       STP enabled interfaces
305 br0     8000.0026186aa052   no      eth0
306                             tun0
307 # brctl showmacs br0
308 port no mac addr        is local?   ageing timer
309   2 00:01:36:05:ba:5f   no         0.00
310   2 00:02:44:b0:d6:4a   no        32.81
311   2 00:04:23:02:14:d2   no        32.36
312   2 00:04:75:f6:fb:34   no       181.26
313   2 00:08:02:1f:bb:2f   no       116.37
314   2 00:08:a1:3f:f9:c6   no       181.46
315   2 00:08:a1:3f:f9:d8   no        32.93
316   2 00:0a:5e:43:85:80   no         7.87
317   2 00:0c:76:50:3a:1e   no       226.27
318   2 00:10:22:fd:87:0d   no        80.60
319   2 00:10:22:fd:88:66   no        78.88
320   2 00:10:83:57:a9:d9   no        51.13
321   2 00:10:b5:e8:04:5b   no         6.80
322   2 00:11:09:a9:66:0c   no       247.43
323   2 00:11:09:a9:66:49   no       149.78
324   2 00:11:09:a9:66:7c   no       151.98
325   2 00:11:09:a9:66:b1   no        24.24
326   2 00:11:2f:48:16:ac   no         0.25
327   2 00:11:85:d5:ae:b2   no        62.16
328   2 00:11:85:e9:de:ec   no         2.29
329   2 00:12:79:91:3d:de   no        15.00
330   2 00:13:20:82:bc:19   no       210.92
331   2 00:13:20:82:bc:82   no       266.75
332   2 00:13:21:cc:f1:42   no        12.52
333   2 00:15:f2:0b:c2:6a   no        31.42
334   2 00:15:f2:4b:e9:8a   no        13.65
335   2 00:17:31:77:d7:10   no       166.02
336   2 00:17:a4:df:77:99   no       288.48
337   2 00:18:f3:20:f3:aa   no       128.37
338   2 00:18:f3:a3:a5:ec   no        15.15
339   2 00:18:f3:a3:a5:f5   no       107.42
340   2 00:1b:11:63:e4:08   no        15.46
341   2 00:1b:11:63:e6:6a   no       232.79
342   2 00:1b:11:63:ff:a7   no       251.39
343   2 00:1b:21:43:7c:85   no         3.41
344   2 00:1b:21:44:27:8b   no       186.89
345   2 00:1c:c4:be:54:2e   no         9.67
346   2 00:1e:8c:92:b3:bb   no         6.91
347   2 00:20:6b:54:c1:85   no       202.51
348   2 00:20:af:aa:71:3d   no        25.63
349   2 00:24:8c:3d:9e:e1   no         0.22
350   2 00:24:8c:8f:bb:68   no       127.07
351   1 00:26:18:6a:a0:52   yes        0.00
352   2 00:40:01:30:29:01   no        27.75
353   2 00:69:00:12:1e:5c   no       218.41
354   2 00:69:00:12:25:84   no       133.35
355   2 00:e0:4b:0c:75:2d   no        54.79
356   2 00:e0:4c:02:7c:fb   no         9.09
357   2 00:e0:4c:43:c0:e2   no       194.68
358   2 42:8f:ff:cf:51:a8   yes        0.00
359
360 ------------------------------------------------------------------------
tinc wiki contents