Skip to content

MatthiasLohr/ansible-role-tincvpn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
defaults
defaults
 
 
doc
doc
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Ansible Role for tinc VPN

This is an Ansible role for setting up one or many tinc VPN networks (https://www.tinc-vpn.org/).

Usage

Add role to your requirements.yml:

- src: https://github.com/MatthiasLohr/ansible-role-tincvpn
  name: matthiaslohr.tincvpn

It's also possible to specify the version to be installed by using the version parameters. Please read the Ansible Galaxy Documentation for details.

Set tincvpn_defaul_ip for your hosts in inventory file:

[all]
node1 tincvpn_default_ip=192.168.255.1
node2 tincvpn_default_ip=192.168.255.2
node3 tincvpn_default_ip=192.168.255.3

Simple playbook example:

- hosts: all
  roles:
    - matthiaslohr.tincvpn

For examples how to configure multiple tinc networks in parallel, take a look at the documentation.

Host Variables

Variable Name Default Value Description
tincvpn_{{ tincvpn_network }}_ip none tinc IP address of this node (should be part of tincvpn_subnet)

Role Variables

Variable Name Default Value Description
tincvpn_network "default" Name of the tinc network (e.g. tinc configuration folder name).
tincvpn_interface "tincvpn-{{ tincvpn_network }}" Name for the network interface used by tinc.
tincvpn_subnet "192.168.255.0/24" Subnet used by tinc.
tincvpn_mode "switch" Tinc Mode setting.
tincvpn_port 655 Tinc listening port.
tincvpn_extra_hosts [] Additional tinc hosts available (not covered by playbook, read Additional Hosts).
tincvpn_key_bits 2048 Length of RSA private key.
tincvpn_connect_to [] Nodes to connect to by default. You can give a single nodename as string or multiple nodes as list of strings.
tincvpn_routes [] Add routes using the tinc VPN network interface.
tincvpn_local_directory "{{ inventory_dir }}/tincvpn-hosts/{{ tincvpn_network }}" Where to save host public keys locally.
tincvpn_custom_config {} Dictionary with tinc vpn custom config parameters. ex.: PingInterval: "60"
tincvpn_custom_up_scripts [] Custom commands set for tinc-up script template.
tincvpn_custom_down_scripts [] Custom commands set for tinc-down script template.

Configuration Tweaks

Additional Hosts

In case you want to connect to a node that is not included in the Ansible inventory (e.g. a central router you want to connect to), it is possible to configure additional hosts via playbook variables:

tincvpn_extra_hosts:
  - name: externalnode1
    address: externalnode1.example.com
    public_key: |
      -----BEGIN RSA PUBLIC KEY-----
      ...
      -----END RSA PUBLIC KEY-----

  - name: externalnode2
    address: externalnode2.example.com
    public_key: |
      -----BEGIN RSA PUBLIC KEY-----
      ...
      -----END RSA PUBLIC KEY-----

Custom Routes

tincvpn_routes:
  - network: "192.168.254.0/24"
    gateway: "192.168.255.1"

About

Ansible Role for setting up a tinc VPN network

mlohr.com/ansible-role-for-tinc-vpn/

Topics

ansible ansible-role vpn tinc ansible-galaxy

Resources

Readme

License

MIT license
Activity

Stars

16 stars

Watchers

4 watching

Forks

11 forks
Report repository

Releases

9 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages