--- /dev/null
+> [[!meta title="simple-bridging-with-dhcp-client-side"]]
+>
+> # Company: PowerCraft Technology
+> # Author: Copyright Jelle de Jong <jelledejong@powercraft.nl>
+> # Note: Please send me an email if you enhanced the document
+> # Date: 2010-05-24
+> # License: CC-BY-SA
+>
+> # This document is free documentation; you can redistribute it and/or
+> # modify it under the terms of the Creative Commons Attribution Share
+> # Alike as published by the Creative Commons Foundation; either version
+> # 3.0 of the License, or (at your option) any later version.
+> #
+> # This document is distributed in the hope that it will be useful,
+> # but WITHOUT ANY WARRANTY; without even the implied warranty of
+> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+> # Creative Commons BY-SA License for more details.
+> #
+> # http://creativecommons.org/licenses/by-sa/
+>
+> #-----------------------------------------------------------------------
+>
+> # for commercial support contact me, part of the revenue go back to tinc
+>
+> #-----------------------------------------------------------------------
+>
+> # http://www.tinc-vpn.org/
+> # http://www.tinc-vpn.org/documentation/tinc_toc
+>
+> #-----------------------------------------------------------------------
+>
+> # this is the configuration of the roxy system
+>
+> #-----------------------------------------------------------------------
+>
+> unset LANG LANGUAGE LC_ALL
+> apt-get update; apt-get dist-upgrade
+>
+> apt-cache show tinc
+> apt-get install tinc/testing
+>
+> #-----------------------------------------------------------------------
+>
+> /etc/init.d/tinc stop
+>
+> #-----------------------------------------------------------------------
+>
+> # ls -hal /dev/net/tun
+> crw------- 1 root root 10, 200 May 24 15:53 /dev/net/tun
+>
+> # grep tinc /etc/services
+> tinc 655/tcp # tinc control port
+> tinc 655/udp
+>
+> # getent services tinc/udp
+> tinc 655/udp
+> # getent services tinc/tcp
+> tinc 655/tcp
+>
+> cat /usr/share/doc/tinc/README.Debian
+> zcat /usr/share/doc/tinc/README.gz | less
+> zcat /usr/share/doc/tinc/NEWS.gz | less
+> cat /usr/share/doc/tinc/examples/tinc-up
+> w3m /usr/share/doc/tinc/tinc_0.html
+>
+> #-----------------------------------------------------------------------
+>
+> vim /etc/default/tinc
+> EXTRA="-d"
+> cat /etc/default/tinc
+>
+> # less /etc/init.d/tinc
+>
+> #-----------------------------------------------------------------------
+>
+> ifconfig -a
+> route -n
+>
+> #-----------------------------------------------------------------------
+>
+> # ifconfig -a
+> eth0 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6c
+> inet addr:84.245.9.246 Bcast:84.245.9.255 Mask:255.255.255.0
+> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+> RX packets:4863 errors:0 dropped:0 overruns:0 frame:0
+> TX packets:2958 errors:0 dropped:0 overruns:0 carrier:0
+> collisions:0 txqueuelen:1000
+> RX bytes:4302418 (4.1 MiB) TX bytes:303100 (295.9 KiB)
+> Interrupt:10 Base address:0x1000
+>
+> eth1 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6d
+> UP BROADCAST MULTICAST MTU:1500 Metric:1
+> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+> collisions:0 txqueuelen:1000
+> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
+> Interrupt:11 Base address:0x1400
+>
+> eth2 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6e
+> UP BROADCAST MULTICAST MTU:1500 Metric:1
+> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+> collisions:0 txqueuelen:1000
+> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
+> Interrupt:15 Base address:0x1800
+>
+> lo Link encap:Local Loopback
+> inet addr:127.0.0.1 Mask:255.0.0.0
+> UP LOOPBACK RUNNING MTU:16436 Metric:1
+> RX packets:1200 errors:0 dropped:0 overruns:0 frame:0
+> TX packets:1200 errors:0 dropped:0 overruns:0 carrier:0
+> collisions:0 txqueuelen:0
+> RX bytes:96572 (94.3 KiB) TX bytes:96572 (94.3 KiB)
+>
+> # route -n
+> Kernel IP routing table
+> Destination Gateway Genmask Flags Metric Ref Use Iface
+> 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
+> 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0
+>
+> #-----------------------------------------------------------------------
+>
+> # client01 configuration
+>
+> cat /etc/tinc/nets.boot
+> echo 'powercraft01' | sudo tee --append /etc/tinc/nets.boot
+> cat /etc/tinc/nets.boot
+>
+> #-----------------------------------------------------------------------
+>
+> sudo mkdir --verbose /etc/tinc/powercraft01/
+> sudo mkdir --verbose /etc/tinc/powercraft01/hosts/
+> sudo touch /etc/tinc/powercraft01/tinc.conf
+>
+> #-----------------------------------------------------------------------
+>
+> # on server
+> cat /etc/tinc/powercraft01/hosts/server01
+>
+> # on client, copy cert data of server to client
+> sudo vim /etc/tinc/powercraft01/hosts/server01
+>
+> # on client, add on head of file
+> Address = powercraft.nl 656
+> Address = 84.245.3.195 656
+> Address = tinc-vpn.powercraft.nl 656
+> Address = powercraft.nl 655
+> Address = 84.245.3.195 655
+> Address = tinc-vpn.powercraft.nl 655
+>
+> #-----------------------------------------------------------------------
+>
+> echo 'ConnectTo = server01
+> Device = /dev/net/tun
+> Interface = tun1
+> Mode = switch
+> Name = client01' | sudo tee /etc/tinc/powercraft01/tinc.conf
+>
+> sudo cat /etc/tinc/powercraft01/tinc.conf
+> sudo chmod 644 /etc/tinc/powercraft01/tinc.conf
+> ls -hal /etc/tinc/powercraft01/tinc.conf
+>
+> echo '#!/bin/sh
+> ifconfig $INTERFACE 0.0.0.0' | tee /etc/tinc/powercraft01/tinc-up
+>
+> sudo cat /etc/tinc/powercraft01/tinc-up
+> sudo chmod 755 /etc/tinc/powercraft01/tinc-up
+> ls -hal /etc/tinc/powercraft01/tinc-up
+>
+> echo '#!/bin/sh
+> # ifconfig tun1 hw ether 00:ff:5d:ea:b4:ec
+> ifup $INTERFACE &' | sudo tee /etc/tinc/powercraft01/hosts/server01-up
+>
+> sudo cat /etc/tinc/powercraft01/hosts/server01-up
+> sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-up
+> ls -hal /etc/tinc/powercraft01/hosts/server01-up
+>
+> echo '#!/bin/sh
+> ifconfig $INTERFACE down' | sudo tee /etc/tinc/powercraft01/tinc-down
+>
+> sudo cat /etc/tinc/powercraft01/tinc-down
+> sudo chmod 755 /etc/tinc/powercraft01/tinc-down
+> ls -hal /etc/tinc/powercraft01/tinc-down
+>
+> echo '#!/bin/sh
+> ifdown $INTERFACE' | sudo tee /etc/tinc/powercraft01/hosts/server01-down
+>
+> sudo cat /etc/tinc/powercraft01/hosts/server01-down
+> sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-down
+> ls -hal /etc/tinc/powercraft01/hosts/server01-down
+>
+> #-----------------------------------------------------------------------
+>
+> sudo rm /etc/tinc/powercraft01/rsa_key.priv
+> sudo rm /etc/tinc/powercraft01/hosts/client10
+> sudo tincd -n powercraft01 -K
+>
+> #-----------------------------------------------------------------------
+>
+> # on client add on head of file
+> sudo vim /etc/tinc/powercraft01/hosts/client01
+> Compression = 9
+> PMTU = 1492
+> PMTUDiscovery = yes
+> Port = 656
+> # Cipher = aes-128-cbc
+>
+> # on client
+> sudo cat /etc/tinc/powercraft01/hosts/client01
+>
+> # on server, copy cert data of client to server
+> vim /etc/tinc/powercraft01/hosts/client01
+>
+> #-----------------------------------------------------------------------
+>
+> echo 'interface "tun1" {
+> request subnet-mask, broadcast-address, time-offset,
+> host-name, netbios-scope, interface-mtu, ntp-servers;
+> }' | tee --append /etc/dhcp3/dhclient.conf
+>
+> cat /etc/dhcp3/dhclient.conf
+>
+> #-----------------------------------------------------------------------
+>
+> vim /etc/network/interfaces
+>
+> iface tun1 inet dhcp
+> pre-up ifconfig tun1 down || true
+> pre-up ifconfig tun1 hw ether 9a:f6:50:3b:c0:48 || true
+> post-up route del default dev tun1 || true
+> # pre-down /etc/init.d/munin-node stop || true
+> # post-up /etc/init.d/munin-node restart || true
+>
+> #-----------------------------------------------------------------------
+>
+> ifdown tun1; ifdown tun1
+>
+> #-----------------------------------------------------------------------
+>
+> sudo /etc/init.d/tinc stop
+> fg
+> sudo /usr/sbin/tincd --net powercraft01 --no-detach --debug=5
+>
+> #-----------------------------------------------------------------------
+>
+> sudo /etc/init.d/tinc start
+>
+> #-----------------------------------------------------------------------
+>
+> # tincd --version
+> tinc version 1.0.13 (built Apr 13 2010 10:27:56, protocol 17)
+>
+> #-----------------------------------------------------------------------
+>
+> tincd -n powercraft01 -kUSR2
+> tail -n 100 /var/log/syslog
+>
+> #-----------------------------------------------------------------------
+>
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun:
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes in: 830
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes out: 914
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: Nodes:
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options c status 0018 nexthop client01 via client01 pmtu 1518 (min 0 max 1518)
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 at 84.245.3.195 port 656 cipher 91 digest 64 maclength 4 compression 9 options c status 001a nexthop server01 via server01 pmtu 1416 (min 1416 max 1416)
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of nodes.
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: Edges:
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 to server01 at 84.245.3.195 port 656 options c weight 413
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 to client01 at 84.245.9.246 port 655 options c weight 413
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of edges.
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: Subnet list:
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: 0:1b:21:61:af:d7#10 owner server01
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: 56:fc:c2:fd:69:10#10 owner server01
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: ea:3:e7:3d:46:20#10 owner client01
+> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of subnet list.
+>
+> #-----------------------------------------------------------------------
+>
+> # ifconfig -a
+> ifconfig tun1
+> route -n
+>
+> #-----------------------------------------------------------------------
+>
+> # ifconfig tun1
+> tun1 Link encap:Ethernet HWaddr ea:03:e7:3d:46:20
+> inet addr:192.168.3.201 Bcast:192.168.3.255 Mask:255.255.255.0
+> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+> RX packets:27 errors:0 dropped:0 overruns:0 frame:0
+> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
+> collisions:0 txqueuelen:500
+> RX bytes:9342 (9.1 KiB) TX bytes:9088 (8.8 KiB)
+>
+> # route -n
+> Kernel IP routing table
+> Destination Gateway Genmask Flags Metric Ref Use Iface
+> 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
+> 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tun1
+> 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0
+>
+> #-----------------------------------------------------------------------
+>
+> ping -c 2 192.168.3.1
+> ping -c 2 -M dont -s 1500 192.168.3.1
+>
+> #-----------------------------------------------------------------------
+>
+> lsof -i :655
+> lsof -i :656
+>
+> #-----------------------------------------------------------------------
projects / wiki / commitdiff