--- /dev/null
+# Company: PowerCraft Technology
+# Author: Copyright Jelle de Jong <jelledejong@powercraft.nl>
+# Note: Please send me an email if you enhanced the document
+# Date: 2010-05-24
+# License: CC-BY-SA
+
+# This document is free documentation; you can redistribute it and/or
+# modify it under the terms of the Creative Commons Attribution Share
+# Alike as published by the Creative Commons Foundation; either version
+# 3.0 of the License, or (at your option) any later version.
+#
+# This document is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# Creative Commons BY-SA License for more details.
+#
+# http://creativecommons.org/licenses/by-sa/
+
+#-----------------------------------------------------------------------
+
+# for commercial support contact me, part of the revenue go back to tinc
+
+#-----------------------------------------------------------------------
+
+# http://www.tinc-vpn.org/
+# http://www.tinc-vpn.org/examples/bridging
+# http://www.tinc-vpn.org/documentation/tinc_toc
+
+#-----------------------------------------------------------------------
+
+# <@guus> Well all the tinc daemons together act like a single switcch
+# <@guus> And each node in the VPN is connected to a port of that switch
+# <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch
+
+#-----------------------------------------------------------------------
+
+unset LANG LANGUAGE LC_ALL
+apt-get update; apt-get dist-upgrade
+
+apt-cache show tinc
+apt-get install tinc
+apt-get install bridge-utils
+
+#-----------------------------------------------------------------------
+
+/etc/init.d/tinc stop
+
+#-----------------------------------------------------------------------
+
+# ls -hal /dev/net/tun
+crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun
+
+# grep tinc /etc/services
+tinc 655/tcp # tinc control port
+tinc 655/udp
+
+cat /usr/share/doc/tinc/README.Debian
+zcat /usr/share/doc/tinc/README.gz | less
+zcat /usr/share/doc/tinc/NEWS.gz | less
+cat /usr/share/doc/tinc/examples/tinc-up
+w3m /usr/share/doc/tinc/tinc_0.html
+
+cat /etc/default/tinc
+less /etc/init.d/tinc
+
+#-----------------------------------------------------------------------
+
+vim /etc/default/tinc
+EXTRA="-d"
+cat /etc/default/tinc
+
+#-----------------------------------------------------------------------
+
+cat /etc/tinc/nets.boot
+echo 'powercraft01' | tee --append /etc/tinc/nets.boot
+cat /etc/tinc/nets.boot
+
+#-----------------------------------------------------------------------
+
+ls -hal /etc/tinc/scallab01/
+mkdir --verbose /etc/tinc/powercraft01/
+mkdir --verbose /etc/tinc/powercraft01/hosts/
+touch /etc/tinc/powercraft01/tinc.conf
+
+#-----------------------------------------------------------------------
+
+vim /etc/network/interfaces
+
+# tinc-vpn: dhcp bridge
+auto br0
+ iface br0 inet static
+ address 192.168.3.1
+ netmask 255.255.255.0
+# pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7
+# pre-up /sbin/ifconfig eth2 0.0.0.0
+# bridge_ports eth2
+ bridge_ports tun1
+ bridge_maxwait 1
+ bridge_fd 2.5
+
+cat /etc/network/interfaces
+
+#-----------------------------------------------------------------------
+
+echo 'interface "br0" {
+ request subnet-mask, broadcast-address, time-offset,
+ host-name, netbios-scope, interface-mtu, ntp-servers;
+}' | tee --append /etc/dhcp3/dhclient.conf
+
+cat /etc/dhcp3/dhclient.conf
+
+#-----------------------------------------------------------------------
+
+vim /etc/dhcp3/dhcpd.conf
+
+subnet 192.168.3.0 netmask 255.255.255.0 {
+ range 192.168.3.200 192.168.3.240;
+ option routers 192.168.3.1;
+ option domain-name-servers 192.168.3.1;
+}
+
+#-----------------------------------------------------------------------
+
+ifdown br0
+ifup br0
+
+#-----------------------------------------------------------------------
+
+vim /etc/default/dhcp3-server
+ INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location
+
+/etc/init.d/dhcp3-server restart
+ps aux | grep dhcp
+tail -n 400 -f /var/log/syslog
+
+#-----------------------------------------------------------------------
+
+ifconfig br0
+route -n
+brctl show
+
+#-----------------------------------------------------------------------
+
+# ifconfig br0
+br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
+ inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
+ inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link
+ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+ RX packets:12 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:0
+ RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB)
+
+# route -n
+Kernel IP routing table
+Destination Gateway Genmask Flags Metric Ref Use Iface
+192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
+192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
+192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
+84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
+0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1
+
+# brctl show
+bridge name bridge id STP enabled interfaces
+br0 8000.000000000000 no
+
+#-----------------------------------------------------------------------
+
+echo 'AddressFamily = ipv4
+Device = /dev/net/tun
+Interface = tun1
+Mode = switch
+Name = server01' | tee /etc/tinc/powercraft01/tinc.conf
+
+cat /etc/tinc/powercraft01/tinc.conf
+chmod 640 /etc/tinc/powercraft01/tinc.conf
+ls -hal /etc/tinc/powercraft01/tinc.conf
+
+echo '#!/bin/sh
+ifconfig $INTERFACE 0.0.0.0
+brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up
+
+cat /etc/tinc/powercraft01/tinc-up
+chmod 750 /etc/tinc/powercraft01/tinc-up
+ls -hal /etc/tinc/powercraft01/tinc-up
+
+echo '#!/bin/sh
+brctl delif br0 $INTERFACE
+ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down
+
+cat /etc/tinc/powercraft01/tinc-down
+chmod 750 /etc/tinc/powercraft01/tinc-down
+ls -hal /etc/tinc/powercraft01/tinc-down
+
+#-----------------------------------------------------------------------
+
+rm /etc/tinc/powercraft01/rsa_key.priv
+rm /etc/tinc/powercraft01/hosts/server01
+tincd -n powercraft01 -K
+
+#-----------------------------------------------------------------------
+
+getent services | grep 656
+
+#-----------------------------------------------------------------------
+
+vim /etc/tinc/powercraft01/hosts/server01
+
+# add on head of file
+Compression = 9
+PMTU = 1492
+PMTUDiscovery = yes
+Port = 656
+
+cat /etc/tinc/powercraft01/hosts/server01
+
+#-----------------------------------------------------------------------
+
+/etc/init.d/tinc stop
+fg
+/usr/sbin/tincd --net powercraft01 --no-detach --debug=5
+
+#-----------------------------------------------------------------------
+
+/etc/init.d/tinc restart
+tail --line=500 --follow /var/log/syslog
+
+#-----------------------------------------------------------------------
+
+ifconfig br0
+ifconfig tun1
+route -n
+brctl show br0
+brctl showmacs br0
+
+#-----------------------------------------------------------------------
+
+# ifconfig br0
+br0 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8
+ inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
+ inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link
+ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+ RX packets:17 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:0
+ RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB)
+
+# ifconfig tun1
+tun1 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8
+ inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link
+ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+ RX packets:8 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:500
+ RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB)
+
+# route -n
+Kernel IP routing table
+Destination Gateway Genmask Flags Metric Ref Use Iface
+192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
+192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
+192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
+84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
+0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1
+
+# brctl show br0
+bridge name bridge id STP enabled interfaces
+br0 8000.1eeb95c304d8 no tun1
+
+# brctl showmacs br0
+port no mac addr is local? ageing timer
+ 1 1e:eb:95:c3:04:d8 yes 0.00
+ 1 86:03:27:21:2e:60 no 44.19
+
+#-----------------------------------------------------------------------
+
+ps aux | grep tincd
+tincd -n powercraft01 -kUSR2
+tail -n 100 /var/log/syslog
+
+#-----------------------------------------------------------------------
+
+May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun:
+May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes in: 468
+May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes out: 0
+May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes:
+May 24 17:29:31 ashley tinc.powercraft01[11557]: server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518)
+May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes.
+May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges:
+May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges.
+May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list:
+May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:96:a:c8#10 owner server01
+May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list.
+
+#-----------------------------------------------------------------------
+
+tcpdump -n -i br0 broadcast
+tcpdump -n -i tun0 broadcast
+
+#-----------------------------------------------------------------------
+
+tcpdump -n -e -i br0 icmp
+tcpdump -A -p -n -i br0 port 80
+tcpdump -A -p -n -i br0
+
+tcpdump -i br0 host 84.245.3.195 -l
+
+#-----------------------------------------------------------------------
+
+cat /var/lib/dhcp3/dhcpd.leases
+
+#-----------------------------------------------------------------------
projects / wiki / commitdiff