> [[!meta title="creating a bridge to bridge tinc-vpn dhcp system to connect netwerk segments"]] > > # this docu is still in progress # jelle > > ------------------------------------------------------------------------ > > # Company: PowerCraft Technology > # Author: Copyright Jelle de Jong > # Note: Please send me an email if you enhanced the document > # Date: 2009-09-15 > # License: CC-BY-SA > > # This document is free documentation; you can redistribute it and/or > # modify it under the terms of the Creative Commons Attribution Share > # Alike as published by the Creative Commons Foundation; either version > # 3.0 of the License, or (at your option) any later version. > # > # This document is distributed in the hope that it will be useful, > # but WITHOUT ANY WARRANTY; without even the implied warranty of > # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > # Creative Commons BY-SA License for more details. > # > # http://creativecommons.org/licenses/by-sa/ > > ------------------------------------------------------------------------ > > # information: http://www.tinc-vpn.org/ > > ------------------------------------------------------------------------ > > apt-get update; apt-get dist-upgrade > > apt-cache show tinc > apt-get install tinc/unstable > apt-get install bridge-utils/unstable > > ------------------------------------------------------------------------ > > /etc/init.d/tinc stop > > ------------------------------------------------------------------------ > > # ls -hal /dev/net/tun > crw-rw-rw- 1 root root 10, 200 2009-09-11 15:37 /dev/net/tun > > # grep tinc /etc/services > tinc 655/tcp # tinc control port > tinc 655/udp > > cat /usr/share/doc/tinc/README.Debian > zcat /usr/share/doc/tinc/README.gz | less > zcat /usr/share/doc/tinc/NEWS.gz | less > cat /usr/share/doc/tinc/examples/tinc-up > w3m /usr/share/doc/tinc/tinc_0.html > > http://www.tinc-vpn.org/documentation/tinc_toc > > sudo vim /etc/default/tinc > EXTRA="-d" > cat /etc/default/tinc > > less /etc/init.d/tinc > > ------------------------------------------------------------------------ > > ifconfig -a > route -n > > ------------------------------------------------------------------------ > > # ifconfig -a > eth0 Link encap:Ethernet HWaddr 00:26:18:6a:a0:52 > inet6 addr: fe80::226:18ff:fe6a:a052/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:35 errors:0 dropped:0 overruns:0 frame:0 > TX packets:5879 errors:0 dropped:0 overruns:0 carrier:1 > collisions:0 txqueuelen:1000 > RX bytes:5958 (5.8 KiB) TX bytes:594793 (580.8 KiB) > Interrupt:28 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:838 errors:0 dropped:0 overruns:0 frame:0 > TX packets:838 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:87938 (85.8 KiB) TX bytes:87938 (85.8 KiB) > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.79.163.113 P-t-P:10.64.64.64 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:4833 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4645 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:952105 (929.7 KiB) TX bytes:319496 (312.0 KiB) > > # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 > > ------------------------------------------------------------------------ > > # client02 configuration > ------------------------------------------------------------------------ > > cat /etc/tinc/nets.boot > echo 'myvpn01' | sudo tee --append /etc/tinc/nets.boot > cat /etc/tinc/nets.boot > > ------------------------------------------------------------------------ > > sudo mkdir --verbose /etc/tinc/myvpn01/ > sudo mkdir --verbose /etc/tinc/myvpn01/hosts/ > sudo touch /etc/tinc/myvpn01/tinc.conf > > ------------------------------------------------------------------------ > > # on server > cat /etc/tinc/myvpn01/hosts/server01 > > # on client, copy cert data of server to client > sudo vim /etc/tinc/myvpn01/hosts/server01 > > # add on head of file > Address = 712.661.21.23 # only on client > > ------------------------------------------------------------------------ > > echo 'ConnectTo = server01 > Device = /dev/net/tun > Interface = tun0 > Mode = switch > Name = client02' | sudo tee /etc/tinc/myvpn01/tinc.conf > > sudo cat /etc/tinc/myvpn01/tinc.conf > sudo chmod 644 /etc/tinc/myvpn01/tinc.conf > ls -hal /etc/tinc/myvpn01/tinc.conf > > echo '#!/bin/sh > ifconfig $INTERFACE 0.0.0.0 > brctl addif br0 $INTERFACE > ifconfig $INTERFACE up' | tee /etc/tinc/myvpn01/tinc-up > > sudo cat /etc/tinc/myvpn01/tinc-up > sudo chmod 755 /etc/tinc/myvpn01/tinc-up > ls -hal /etc/tinc/myvpn01/tinc-up > > echo '#!/bin/sh > ifup br0 &' | sudo tee /etc/tinc/myvpn01/hosts/server01-up > > sudo cat /etc/tinc/myvpn01/hosts/server01-up > sudo chmod 755 /etc/tinc/myvpn01/hosts/server01-up > ls -hal /etc/tinc/myvpn01/hosts/server01-up > > echo '#!/bin/sh > brctl delif br0 $INTERFACE > ifconfig $INTERFACE down' | sudo tee /etc/tinc/myvpn01/tinc-down > > sudo cat /etc/tinc/myvpn01/tinc-down > sudo chmod 755 /etc/tinc/myvpn01/tinc-down > ls -hal /etc/tinc/myvpn01/tinc-down > > echo '#!/bin/sh > ifdown br0 > ifconfig br0 0.0.0.0' | sudo tee /etc/tinc/myvpn01/hosts/server01-down > > sudo cat /etc/tinc/myvpn01/hosts/server01-down > sudo chmod 755 /etc/tinc/myvpn01/hosts/server01-down > ls -hal /etc/tinc/myvpn01/hosts/server01-down > > ------------------------------------------------------------------------ > > sudo rm /etc/tinc/myvpn01/rsa_key.priv > sudo rm /etc/tinc/myvpn01/hosts/client02 > echo 'PMTU = 1280 > PMTUDiscovery = yes' | sudo tee --append /etc/tinc/myvpn01/hosts/client02 > sudo tincd -n myvpn01 -K > > ------------------------------------------------------------------------ > > # on client add on head of file > sudo vim /etc/tinc/myvpn01/hosts/client02 > Compression = 9 > TCPOnly = yes > > # on client > sudo cat /etc/tinc/myvpn01/hosts/client02 > > # on server, copy cert data of client to server > vim /etc/tinc/myvpn01/hosts/client02 > > ------------------------------------------------------------------------ > > # cat /etc/network/interfaces > auto lo > iface lo inet loopback > > auto ppp0 > iface ppp0 inet ppp > provider mobile-vodafone > > auto eth0 > iface eth0 inet manual > pre-up brctl addbr br0 > pre-up ifconfig eth0 down > pre-up brctl addif br0 eth0 > pre-up ifconfig eth0 up > post-down ifconfig eth0 down > post-down brctl delif br0 eth0 > post-down ifconfig br0 down > post-down brctl delbr br0 > > iface br0 inet dhcp > post-up route del default dev br0 > > ------------------------------------------------------------------------ > > echo 'interface "br0" { > request subnet-mask, broadcast-address, time-offset, > host-name, netbios-scope, interface-mtu, ntp-servers; > }' | tee --append /etc/dhcp3/dhclient.conf > > cat /etc/dhcp3/dhclient.conf > > ------------------------------------------------------------------------ > > sudo /etc/init.d/tinc stop > fg > sudo /usr/sbin/tincd --net myvpn01 --no-detach --debug=5 > > ------------------------------------------------------------------------ > > # sudo /usr/sbin/tincd --net myvpn01 --no-detach --debug=5 > tincd 1.0.9 (Dec 26 2008 14:50:38) starting, debug level 5 > > ------------------------------------------------------------------------ > > ifconfig -a > route -n > brctl show > brctl showmacs br0 > > ------------------------------------------------------------------------ > > # ifconfig -a > br0 Link encap:Ethernet HWaddr 00:26:18:6a:a0:52 > inet addr:10.10.3.116 Bcast:10.10.255.255 Mask:255.255.0.0 > inet6 addr: fe80::226:18ff:fe6a:a052/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:2479 errors:0 dropped:0 overruns:0 frame:0 > TX packets:66 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:209742 (204.8 KiB) TX bytes:10280 (10.0 KiB) > > eth0 Link encap:Ethernet HWaddr 00:26:18:6a:a0:52 > inet6 addr: fe80::226:18ff:fe6a:a052/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:11 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2430 errors:0 dropped:0 overruns:0 carrier:1 > collisions:0 txqueuelen:1000 > RX bytes:1079 (1.0 KiB) TX bytes:237231 (231.6 KiB) > Interrupt:28 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:516 errors:0 dropped:0 overruns:0 frame:0 > TX packets:516 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:63488 (62.0 KiB) TX bytes:63488 (62.0 KiB) > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.79.163.113 P-t-P:10.64.64.64 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:2028 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1967 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:388056 (378.9 KiB) TX bytes:152260 (148.6 KiB) > > tun0 Link encap:Ethernet HWaddr 42:8f:ff:cf:51:a8 > inet6 addr: fe80::408f:ffff:fecf:51a8/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:2545 errors:0 dropped:0 overruns:0 frame:0 > TX packets:70 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:500 > RX bytes:249926 (244.0 KiB) TX bytes:10375 (10.1 KiB) > > # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0 > 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 > > # brctl show > bridge name bridge id STP enabled interfaces > br0 8000.0026186aa052 no eth0 > tun0 > # brctl showmacs br0 > port no mac addr is local? ageing timer > 2 00:01:36:05:ba:5f no 0.00 > 2 00:02:44:b0:d6:4a no 32.81 > 2 00:04:23:02:14:d2 no 32.36 > 2 00:04:75:f6:fb:34 no 181.26 > 2 00:08:02:1f:bb:2f no 116.37 > 2 00:08:a1:3f:f9:c6 no 181.46 > 2 00:08:a1:3f:f9:d8 no 32.93 > 2 00:0a:5e:43:85:80 no 7.87 > 2 00:0c:76:50:3a:1e no 226.27 > 2 00:10:22:fd:87:0d no 80.60 > 2 00:10:22:fd:88:66 no 78.88 > 2 00:10:83:57:a9:d9 no 51.13 > 2 00:10:b5:e8:04:5b no 6.80 > 2 00:11:09:a9:66:0c no 247.43 > 2 00:11:09:a9:66:49 no 149.78 > 2 00:11:09:a9:66:7c no 151.98 > 2 00:11:09:a9:66:b1 no 24.24 > 2 00:11:2f:48:16:ac no 0.25 > 2 00:11:85:d5:ae:b2 no 62.16 > 2 00:11:85:e9:de:ec no 2.29 > 2 00:12:79:91:3d:de no 15.00 > 2 00:13:20:82:bc:19 no 210.92 > 2 00:13:20:82:bc:82 no 266.75 > 2 00:13:21:cc:f1:42 no 12.52 > 2 00:15:f2:0b:c2:6a no 31.42 > 2 00:15:f2:4b:e9:8a no 13.65 > 2 00:17:31:77:d7:10 no 166.02 > 2 00:17:a4:df:77:99 no 288.48 > 2 00:18:f3:20:f3:aa no 128.37 > 2 00:18:f3:a3:a5:ec no 15.15 > 2 00:18:f3:a3:a5:f5 no 107.42 > 2 00:1b:11:63:e4:08 no 15.46 > 2 00:1b:11:63:e6:6a no 232.79 > 2 00:1b:11:63:ff:a7 no 251.39 > 2 00:1b:21:43:7c:85 no 3.41 > 2 00:1b:21:44:27:8b no 186.89 > 2 00:1c:c4:be:54:2e no 9.67 > 2 00:1e:8c:92:b3:bb no 6.91 > 2 00:20:6b:54:c1:85 no 202.51 > 2 00:20:af:aa:71:3d no 25.63 > 2 00:24:8c:3d:9e:e1 no 0.22 > 2 00:24:8c:8f:bb:68 no 127.07 > 1 00:26:18:6a:a0:52 yes 0.00 > 2 00:40:01:30:29:01 no 27.75 > 2 00:69:00:12:1e:5c no 218.41 > 2 00:69:00:12:25:84 no 133.35 > 2 00:e0:4b:0c:75:2d no 54.79 > 2 00:e0:4c:02:7c:fb no 9.09 > 2 00:e0:4c:43:c0:e2 no 194.68 > 2 42:8f:ff:cf:51:a8 yes 0.00 > > ------------------------------------------------------------------------