You sound very excited. I'm pleased you were able to get Tinc working for you.
My friends and I attempted to configure a secret Tinc network, but were never really able to get it to work. I guess it was a lot more complicated than we thought. I wonder if Tinc works on IPv6? (both tunnel-over IPv6 and route-in-tunnel IPv6) It would be a lot easier to use teredo tunnels to tunnel over, and configure IPv6 private networks, but I guess I'll find out after my nap. So, does Tinc tunnel layer-2 VPNs or can netsukuku route over IPv4 within Tinc? Let me know if you are able to resolve problems with the Tinc internet sharing capability. On 09/04/2013 07:33 AM, Miss Valeska wrote: > Alright everyone! So, My friend and I were able, After much work, To > connect our netsukuku nodes through tinc! What we did, Was, We > installed tinc, We went to /etc/tinc, And we created the myvpn folder. > Then, We created, Inside of that folder, A hosts folder. We, Then, > Created a tinc.conf file in the myvpn folder. This is the tinc.conf > file for me. This is probably case sensitive, So please be careful. > > Name=MissValeska > ConnectTo=TincDaemon > > My name on tinc is just MissValeska, And my friend's name is > TincDaemon. So, That is simple enough. We, Then, Ran sudo tincd -n > myvpn --generate-keys -K. This generated the keys we needed to connect > to each other, And killed tincd afterwards. You'll have to press enter > a few times to confirm the things it will ask you though. > > In the hosts folder, A MissValeska file was created for me, Which > contained my RSA Public key. > > -----BEGIN RSA PUBLIC KEY----- > MIIBCgKCAQEAxVOGFZbTC13IOT8R48B++LfNOlwiCE3H7AVns44ANyYOaVoq6fRl > Z07ryNqRARvoEy/VcoqK9/uJ988/lgIuSayy50FFH8AiVFn8tMISVKpk1T6zyCqZ > m5G4E3h2gwbYZkuc6rWu0Agq1cI0QRKpLLad6X3lD3fWp7sfMawCss018HV3gNHA > 2v1Vo4hyiXXLqN2MQ80Exwk8irpWUnMYFQ3HEdo1BDORBVXBClxtn4avApVnemrJ > y+lQ58ZhlKB2g9F7+5HiYW2adQSdJydKfnjw6MpVvHztHL7Z2AW3+KowW7JkdCmg > kp2S+Ogs4yJ65c+lJ+MZcf3sY+oGjpm7gwIDAQAB > -----END RSA PUBLIC KEY----- > > This is all mine is, Feel free to use it, You'll need my IP address > though, I'll PM you that if you want to connect to me. This is just > used for verifying that the RSA key the other person is saying is > mine, Actually is mine. > > Next, You'll need their RSA key, So copy it, And put it into a file of > their username, This is probably case sensitive, So be careful, Both > here, And in tinc.conf. > > -----BEGIN RSA PUBLIC KEY----- > MIIBCgKCAQEAvADTePAqnqkoit19Np2NfcBDhFd9Hnet5KHFFdBJ5RCUacBVhIWB > fqkcmv9aIApiHI4mYbKHhK8PqJ3HXGS96f/qXqPEvdDTwShLKPjxlBXtV+zmLReA > CjR4sPDK0cSKC0CunYnm7JI8ey8GX/QE12yslDHwZPNcHG2jxnXjbRkXN9GLxG1V > kcYv07TGwpF5130zSSXEF6EIhNx241xxiaSROuk6xcP75zqEJPfTB8GjNcPnDISS > bzdi+FRSC+/VCS9RE196mmanlX4HiE/TFpnH9EEqgTsLnkPedVT3cuQtVRvDOGXA > b2DdKcwUhBly6b/6C5qVYXuD08pswj6zlQIDAQAB > -----END RSA PUBLIC KEY----- > Address=friendIPhere > > This is my friend's RSA key, Obviously with his IP replaced by > friendIPhere. In this case, We both used the no-ip service. > https://www.noip.com/ Which you must sign up for, And has a linux .deb > file you can download here. > http://launchpadlibrarian.net/26258014/noip2_2.1.9-3_amd64.deb > > After setting all of that up, Just use the host name you set for > yourself in the sign up process for the Address, And it should work > fine. You MUST download and install that .deb file though! It will > have configuration options as it is installing, This is crucial to > registering your actual computer's IP address and such to the hostname > you will be using from your no-ip account. > > Now, After this, You can just run sudo service tinc start, And then > sudo tincd -n myvpn > > This should start tinc, However! You will NOT have tinc as an > interface (in this case we just called it tinc, Instead of something > like tinc0, Though, That would be best for minimum confusion.) until > you set that up in your /etc/network, I modified my > /etc/network/interfaces with this at the bottom of the file. Remember, > The netmask and address are changable, I'm not sure what the netmask > will entail in changing, But the address is just the IP address of the > interface tinc. P.S, You can change the name of the tinc interface > here, But changing tinc to what ever you'd like, However, It might > require changes to the following files, I'm not certain though. > > iface tinc inet static > address 10.0.0.41 > netmask 255.0.0.0 > tinc-net myvpn > tinc-debug 1 > tinc-mlock yes > tinc-user nobody > tinc-pidfile /tmp/tinc.pid > tinc-logfile /var/log/tinc.log > > I think the tinc files are created by default in the folders like > /etc/network/if-up.d and /etc/network/if-pre-up.d, But, I'm not sure. > This is what is in my if-up.d folder as a file called tinc. > > #!/bin/sh > > set -e > > [ "$METHOD" = loopback ] && exit 0 > [ -n "$IF_TINC_NET" ] && exit 0 > > invoke-rc.d tinc alarm || exit 0 > > This was in my if-pre-up.d folder as a file called tinc. > > #!/bin/sh > > set -x > > [ -z "$IF_TINC_NET" ] && exit 0 > > # Read options from /etc/default > > . /etc/default/tinc > > # Read options from /etc/network/interfaces > > [ -n "$IF_TINC_CONFIG" ] && EXTRA="$EXTRA -c $IF_TINC_CONFIG" > [ -n "$IF_TINC_DEBUG" ] && EXTRA="$EXTRA -d$IF_TINC_DEBUG" > [ -n "$IF_TINC_MLOCK" ] && EXTRA="$EXTRA --mlock" > [ -n "$IF_TINC_LOGFILE" ] && EXTRA="$EXTRA > --logfile=$IF_TINC_LOGFILE" > [ -n "$IF_TINC_PIDFILE" ] && EXTRA="$EXTRA > --pidfile=$IF_TINC_PIDFILE" || > IF_TINC_PIDFILE=/var/run/tinc.$IF_TINC_NET.pid > [ -n "$IF_TINC_CHROOT" ] && EXTRA="$EXTRA --chroot" > [ -n "$IF_TINC_USER" ] && EXTRA="$EXTRA --user=$IF_TINC_USER" > > set -e > > # Start tinc daemon > > /usr/sbin/tincd -n "$IF_TINC_NET" -o "Interface=$IFACE" $EXTRA > > # Wait for it to come up properly > > sleep 0.1 > i=0; > while [ ! -f "$IF_TINC_PIDFILE" ] ; do > if [ $i = '30' ] ; then > echo 'Failed to start tinc daemon!' > exit 1 > fi > sleep 0.1 > i=$(($i+1)) > done > > exit 0 > > > So, We just ran netsukuku by running sudo ntkd -i tinc -v 2 at this > point, Which worked fine. However, We couldn't work out how to ping > each other, Pinging myself (10.0.0.41) worked. However, Pinging him > through the tinc interface, Resulted in > > ping: bad timing interval. > > Which, Also, Occured for me when I tried to ping myself through that > interface, Though that makes more sense for me. However, I don't know > what this command means entirely, Anyway, Here is the terminal log of > that. > > missvaleska@missvaleska-GA-970A-D3:~$ ping -i tinc 10.0.0.42 > ping: bad timing interval. > missvaleska@missvaleska-GA-970A-D3:~$ ping -i tinc 10.0.0.41 > ping: bad timing interval. > missvaleska@missvaleska-GA-970A-D3:~$ ping 10.0.0.41 > PING 10.0.0.41 (10.0.0.41) 56(84) bytes of data. > 64 bytes from 10.0.0.41: icmp_req=1 ttl=64 time=0.032 ms > 64 bytes from 10.0.0.41: icmp_req=2 ttl=64 time=0.030 ms > 64 bytes from 10.0.0.41: icmp_req=3 ttl=64 time=0.024 ms > 64 bytes from 10.0.0.41: icmp_req=4 ttl=64 time=0.030 ms > ^C > --- 10.0.0.41 ping statistics --- > 4 packets transmitted, 4 received, 0% packet loss, time 2997ms > rtt min/avg/max/mdev = 0.024/0.029/0.032/0.003 ms > missvaleska@missvaleska-GA-970A-D3:~$ ping 10.0.0.42 > connect: Network is unreachable > missvaleska@missvaleska-GA-970A-D3:~$ ping 10.0.0.41 > PING 10.0.0.41 (10.0.0.41) 56(84) bytes of data. > 64 bytes from 10.0.0.41: icmp_req=1 ttl=64 time=0.044 ms > 64 bytes from 10.0.0.41: icmp_req=2 ttl=64 time=0.031 ms > ^C > --- 10.0.0.41 ping statistics --- > 2 packets transmitted, 2 received, 0% packet loss, time 999ms > rtt min/avg/max/mdev = 0.031/0.037/0.044/0.008 ms > missvaleska@missvaleska-GA-970A-D3:~$ > > > We tried pinging google through tinc using the internet sharing > feature, It just universally said, Destination network unknown, > However google.com.inet (Which I thought would tell netsukuku, This is > an internet address, And how to resolve it.) just said ping: unknown > host google.com.inet > > Which is great, I think! Because, Then it means it is connected to the > internet, It just doesn't know how to connect to google.com. (I tried > pinging 8.8.8.8, Thinking it might be a DNS issue. It resulted in the > same error, Though, Ping never told me it couldn't find it, I could > only figure it out using wireshark.) Anyway, Here are the wireshark > logs too, I hope this was helpful! _______________________________________________ Netsukuku mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/netsukuku
