From: tuxcrafter Date: Mon, 24 May 2010 18:30:42 +0000 (+0200) Subject: (no commit message) X-Git-Url: http://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=dcd03ac22c509d8e5366f619fcf7ec9145112152;p=wiki --- diff --git a/examples/simple-bridging-with-dhcp-client-side.mdwn b/examples/simple-bridging-with-dhcp-client-side.mdwn new file mode 100644 index 0000000..9b22c4c --- /dev/null +++ b/examples/simple-bridging-with-dhcp-client-side.mdwn @@ -0,0 +1,311 @@ +> [[!meta title="simple-bridging-with-dhcp-client-side"]] +> +> # Company: PowerCraft Technology +> # Author: Copyright Jelle de Jong +> # Note: Please send me an email if you enhanced the document +> # Date: 2010-05-24 +> # License: CC-BY-SA +> +> # This document is free documentation; you can redistribute it and/or +> # modify it under the terms of the Creative Commons Attribution Share +> # Alike as published by the Creative Commons Foundation; either version +> # 3.0 of the License, or (at your option) any later version. +> # +> # This document is distributed in the hope that it will be useful, +> # but WITHOUT ANY WARRANTY; without even the implied warranty of +> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +> # Creative Commons BY-SA License for more details. +> # +> # http://creativecommons.org/licenses/by-sa/ +> +> #----------------------------------------------------------------------- +> +> # for commercial support contact me, part of the revenue go back to tinc +> +> #----------------------------------------------------------------------- +> +> # http://www.tinc-vpn.org/ +> # http://www.tinc-vpn.org/documentation/tinc_toc +> +> #----------------------------------------------------------------------- +> +> # this is the configuration of the roxy system +> +> #----------------------------------------------------------------------- +> +> unset LANG LANGUAGE LC_ALL +> apt-get update; apt-get dist-upgrade +> +> apt-cache show tinc +> apt-get install tinc/testing +> +> #----------------------------------------------------------------------- +> +> /etc/init.d/tinc stop +> +> #----------------------------------------------------------------------- +> +> # ls -hal /dev/net/tun +> crw------- 1 root root 10, 200 May 24 15:53 /dev/net/tun +> +> # grep tinc /etc/services +> tinc 655/tcp # tinc control port +> tinc 655/udp +> +> # getent services tinc/udp +> tinc 655/udp +> # getent services tinc/tcp +> tinc 655/tcp +> +> cat /usr/share/doc/tinc/README.Debian +> zcat /usr/share/doc/tinc/README.gz | less +> zcat /usr/share/doc/tinc/NEWS.gz | less +> cat /usr/share/doc/tinc/examples/tinc-up +> w3m /usr/share/doc/tinc/tinc_0.html +> +> #----------------------------------------------------------------------- +> +> vim /etc/default/tinc +> EXTRA="-d" +> cat /etc/default/tinc +> +> # less /etc/init.d/tinc +> +> #----------------------------------------------------------------------- +> +> ifconfig -a +> route -n +> +> #----------------------------------------------------------------------- +> +> # ifconfig -a +> eth0 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6c +> inet addr:84.245.9.246 Bcast:84.245.9.255 Mask:255.255.255.0 +> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 +> RX packets:4863 errors:0 dropped:0 overruns:0 frame:0 +> TX packets:2958 errors:0 dropped:0 overruns:0 carrier:0 +> collisions:0 txqueuelen:1000 +> RX bytes:4302418 (4.1 MiB) TX bytes:303100 (295.9 KiB) +> Interrupt:10 Base address:0x1000 +> +> eth1 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6d +> UP BROADCAST MULTICAST MTU:1500 Metric:1 +> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 +> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 +> collisions:0 txqueuelen:1000 +> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) +> Interrupt:11 Base address:0x1400 +> +> eth2 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6e +> UP BROADCAST MULTICAST MTU:1500 Metric:1 +> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 +> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 +> collisions:0 txqueuelen:1000 +> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) +> Interrupt:15 Base address:0x1800 +> +> lo Link encap:Local Loopback +> inet addr:127.0.0.1 Mask:255.0.0.0 +> UP LOOPBACK RUNNING MTU:16436 Metric:1 +> RX packets:1200 errors:0 dropped:0 overruns:0 frame:0 +> TX packets:1200 errors:0 dropped:0 overruns:0 carrier:0 +> collisions:0 txqueuelen:0 +> RX bytes:96572 (94.3 KiB) TX bytes:96572 (94.3 KiB) +> +> # route -n +> Kernel IP routing table +> Destination Gateway Genmask Flags Metric Ref Use Iface +> 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 +> 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0 +> +> #----------------------------------------------------------------------- +> +> # client01 configuration +> +> cat /etc/tinc/nets.boot +> echo 'powercraft01' | sudo tee --append /etc/tinc/nets.boot +> cat /etc/tinc/nets.boot +> +> #----------------------------------------------------------------------- +> +> sudo mkdir --verbose /etc/tinc/powercraft01/ +> sudo mkdir --verbose /etc/tinc/powercraft01/hosts/ +> sudo touch /etc/tinc/powercraft01/tinc.conf +> +> #----------------------------------------------------------------------- +> +> # on server +> cat /etc/tinc/powercraft01/hosts/server01 +> +> # on client, copy cert data of server to client +> sudo vim /etc/tinc/powercraft01/hosts/server01 +> +> # on client, add on head of file +> Address = powercraft.nl 656 +> Address = 84.245.3.195 656 +> Address = tinc-vpn.powercraft.nl 656 +> Address = powercraft.nl 655 +> Address = 84.245.3.195 655 +> Address = tinc-vpn.powercraft.nl 655 +> +> #----------------------------------------------------------------------- +> +> echo 'ConnectTo = server01 +> Device = /dev/net/tun +> Interface = tun1 +> Mode = switch +> Name = client01' | sudo tee /etc/tinc/powercraft01/tinc.conf +> +> sudo cat /etc/tinc/powercraft01/tinc.conf +> sudo chmod 644 /etc/tinc/powercraft01/tinc.conf +> ls -hal /etc/tinc/powercraft01/tinc.conf +> +> echo '#!/bin/sh +> ifconfig $INTERFACE 0.0.0.0' | tee /etc/tinc/powercraft01/tinc-up +> +> sudo cat /etc/tinc/powercraft01/tinc-up +> sudo chmod 755 /etc/tinc/powercraft01/tinc-up +> ls -hal /etc/tinc/powercraft01/tinc-up +> +> echo '#!/bin/sh +> # ifconfig tun1 hw ether 00:ff:5d:ea:b4:ec +> ifup $INTERFACE &' | sudo tee /etc/tinc/powercraft01/hosts/server01-up +> +> sudo cat /etc/tinc/powercraft01/hosts/server01-up +> sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-up +> ls -hal /etc/tinc/powercraft01/hosts/server01-up +> +> echo '#!/bin/sh +> ifconfig $INTERFACE down' | sudo tee /etc/tinc/powercraft01/tinc-down +> +> sudo cat /etc/tinc/powercraft01/tinc-down +> sudo chmod 755 /etc/tinc/powercraft01/tinc-down +> ls -hal /etc/tinc/powercraft01/tinc-down +> +> echo '#!/bin/sh +> ifdown $INTERFACE' | sudo tee /etc/tinc/powercraft01/hosts/server01-down +> +> sudo cat /etc/tinc/powercraft01/hosts/server01-down +> sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-down +> ls -hal /etc/tinc/powercraft01/hosts/server01-down +> +> #----------------------------------------------------------------------- +> +> sudo rm /etc/tinc/powercraft01/rsa_key.priv +> sudo rm /etc/tinc/powercraft01/hosts/client10 +> sudo tincd -n powercraft01 -K +> +> #----------------------------------------------------------------------- +> +> # on client add on head of file +> sudo vim /etc/tinc/powercraft01/hosts/client01 +> Compression = 9 +> PMTU = 1492 +> PMTUDiscovery = yes +> Port = 656 +> # Cipher = aes-128-cbc +> +> # on client +> sudo cat /etc/tinc/powercraft01/hosts/client01 +> +> # on server, copy cert data of client to server +> vim /etc/tinc/powercraft01/hosts/client01 +> +> #----------------------------------------------------------------------- +> +> echo 'interface "tun1" { +> request subnet-mask, broadcast-address, time-offset, +> host-name, netbios-scope, interface-mtu, ntp-servers; +> }' | tee --append /etc/dhcp3/dhclient.conf +> +> cat /etc/dhcp3/dhclient.conf +> +> #----------------------------------------------------------------------- +> +> vim /etc/network/interfaces +> +> iface tun1 inet dhcp +> pre-up ifconfig tun1 down || true +> pre-up ifconfig tun1 hw ether 9a:f6:50:3b:c0:48 || true +> post-up route del default dev tun1 || true +> # pre-down /etc/init.d/munin-node stop || true +> # post-up /etc/init.d/munin-node restart || true +> +> #----------------------------------------------------------------------- +> +> ifdown tun1; ifdown tun1 +> +> #----------------------------------------------------------------------- +> +> sudo /etc/init.d/tinc stop +> fg +> sudo /usr/sbin/tincd --net powercraft01 --no-detach --debug=5 +> +> #----------------------------------------------------------------------- +> +> sudo /etc/init.d/tinc start +> +> #----------------------------------------------------------------------- +> +> # tincd --version +> tinc version 1.0.13 (built Apr 13 2010 10:27:56, protocol 17) +> +> #----------------------------------------------------------------------- +> +> tincd -n powercraft01 -kUSR2 +> tail -n 100 /var/log/syslog +> +> #----------------------------------------------------------------------- +> +> May 24 19:43:59 roxy tinc.powercraft01[5104]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: +> May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes in: 830 +> May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes out: 914 +> May 24 19:43:59 roxy tinc.powercraft01[5104]: Nodes: +> May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options c status 0018 nexthop client01 via client01 pmtu 1518 (min 0 max 1518) +> May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 at 84.245.3.195 port 656 cipher 91 digest 64 maclength 4 compression 9 options c status 001a nexthop server01 via server01 pmtu 1416 (min 1416 max 1416) +> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of nodes. +> May 24 19:43:59 roxy tinc.powercraft01[5104]: Edges: +> May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 to server01 at 84.245.3.195 port 656 options c weight 413 +> May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 to client01 at 84.245.9.246 port 655 options c weight 413 +> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of edges. +> May 24 19:43:59 roxy tinc.powercraft01[5104]: Subnet list: +> May 24 19:43:59 roxy tinc.powercraft01[5104]: 0:1b:21:61:af:d7#10 owner server01 +> May 24 19:43:59 roxy tinc.powercraft01[5104]: 56:fc:c2:fd:69:10#10 owner server01 +> May 24 19:43:59 roxy tinc.powercraft01[5104]: ea:3:e7:3d:46:20#10 owner client01 +> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of subnet list. +> +> #----------------------------------------------------------------------- +> +> # ifconfig -a +> ifconfig tun1 +> route -n +> +> #----------------------------------------------------------------------- +> +> # ifconfig tun1 +> tun1 Link encap:Ethernet HWaddr ea:03:e7:3d:46:20 +> inet addr:192.168.3.201 Bcast:192.168.3.255 Mask:255.255.255.0 +> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 +> RX packets:27 errors:0 dropped:0 overruns:0 frame:0 +> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 +> collisions:0 txqueuelen:500 +> RX bytes:9342 (9.1 KiB) TX bytes:9088 (8.8 KiB) +> +> # route -n +> Kernel IP routing table +> Destination Gateway Genmask Flags Metric Ref Use Iface +> 84.245.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 +> 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tun1 +> 0.0.0.0 84.245.9.1 0.0.0.0 UG 0 0 0 eth0 +> +> #----------------------------------------------------------------------- +> +> ping -c 2 192.168.3.1 +> ping -c 2 -M dont -s 1500 192.168.3.1 +> +> #----------------------------------------------------------------------- +> +> lsof -i :655 +> lsof -i :656 +> +> #-----------------------------------------------------------------------