New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Package Request] Tinc #2556
Comments
In case someone starts on this, this comment might be of interest: #2354 (comment). Not sure if DSM is able to handle tun interfaces nowadays, but something to keep in mind. |
Tinc configuration involves editing the /etc/hosts file to add the vpn node entries, e.g.- 127.0.0.1 localhost node1
192.168.1.10 synologyNAS node1
10.0.0.1 node1
10.0.0.2 node2
10.0.0.3 node3 And then the Tinc configuration files located at /etc/tinc/meshVPNname, e.g.- Name = node1
AddressFamily = ipv4
Interface = tun0
ConnectTo = node2
ConnectTo = node3 tinc-up #!/bin/sh
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0 tinc-down #!/bin/sh
ifconfig $INTERFACE down And /etc/config/hosts/, e.g.- node1
node2
node3 The above node1, node2, and node3 files look like this; Address = a.public.ip.address
Subnet = 10.0.0.1/32
-----BEGIN RSA PUBLIC KEY-----
moo said the fat cow
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = someSkinnyCrypticCowConundrum These files are edited manually (e.g.- sudo nano), so there really is no need to have any DSM interaction. The important prerequisites is that Java is installed and that the tun0 interface can be created when executing Tinc, e.g.- sudo tinc -n meshVPNname When Tinc source code is built, it should use; ./configure --prefix=/ --exec-prefix=/usr --datadir=/etc --localstatedir=/var
make
make install This way the tinc.meshVPNname.pid is created in the /var/run/ folder, and the root Tinc config files are located in the /etc/tinc/ folder, and tincd and tinc are installed into /usr/sbin/ and tinc-gui is installed into /usr/bin/ Otherwise, it also needs to survive reboots (tinc and tinc networks are started). Things like; start|stop|restart|etc. can be accomplished in the tinc cli. Apart from OpenSSL (libssl-dev) and the various usual suspects (build tools), building Tinc from source also requires LZO (liblzo2-dev). The latest Tinc version should be used, e.g.- https://tinc-vpn.org/packages/tinc-1.1pre14.tar.gz If anyone is interested, I'll post a bounty on this accordingly. |
Creating tun0 interface is problematic because it is used by VPN Center (OpenVPN). |
Assuming OpenVPN is using tun0, Tinc can use tun1, tun2, tun3, or so forth, correct? Regarding QuickConnect... how does this use tun1000? Isn't QuickConnect a Synology [ddns] resolving service (e.g.- http://YourNAS.quickConnect.to)? |
Yes correct, but I would go with tun101, tun102, etc. No it If you use it then try ifconfig, tun1000 will show up. Now who will do backups with a remote DS? Or keep it connected 24/7 on OpenVPN and/or QC? |
I tried that, but on neither of my Synology NAS devices am I able to detect tun0 in use (running ifconfig when connecting using myNAS.quickConnect.to). It does not let me QuickConnect using SSH... only HTTP/HTTPS. When I run OpenVPS (via DSM) then tun0 is present. |
I want to configure my NAS devices so they can be nodes on my ElasticSearch cluster... nodes that basically house (backup) the cluster's data, and can serve as incubator nodes if all the other nodes go down/are taken down. For example, having a few nodes running on DigitalOcean, a few nodes on Linode, and a handful of nodes elsewhere, I am currently using my client devices (my desktop/workstation devices) as edge nodes, so whenever I need to take all of those hosted nodes offline, I have my edge nodes that reside on my workstation(s), from whence -at a latter time/date, I can then create new -empty- nodes on remote servers, and use my -populated- workstation node to get them going/up and operational. I want to simply move this to the NAS devices and off of my desktops. Tinc works wonderfully for this purpose. |
I guess you mean tun1000... You could install Easy Bootstrap Installer and choose for Entware-NG, it has 1.1pre14 on the feed. |
A few people seem to have done this already, see https://www.tinc-vpn.org/pipermail/tinc/2019-June/005464.html . |
Name: Tinc
Description: Virtual Private Network (VPN) daemon
Website: https://www.tinc-vpn.org
Software documentation: https://www.tinc-vpn.org/docs/
Build/Installation documentation: https://www.tinc-vpn.org/documentation-1.1/Installation.html
Source Code: https://www.tinc-vpn.org/packages/tinc-1.1pre14.tar.gz
License: GNU General Public License version 2
Mesh VPN over tun0 Interface.
The text was updated successfully, but these errors were encountered: