Tinc is a revolutionary VPN technology that allows you to create partial/full mesh VPN connections without having to go through the pain to define each and every end point as you would do in OpenVPN per se. A minimum level of configuration is still need on each site but it's the quickest way to develop a mesh VPN between your sites.
Start with WAN: Will bring up the tinc deamon as part of the wanup process
Interface type: TUN/TAP: Set up the tipe of communication within your VPN, TUN is routed where TAP is switched. Most likely you will want TUN
VPN Netmask: Defines the netmask to be used within the intra-site communication
Host Name: The unique identifier of the device, note this is independent from the device hostname
Poll interval: Enables hello packets on the VPN
Ed25519 Private Key: You would place your private Ed25519 key in this fiels
RSA Private Key * : Likewise this is where the private RSA key goes. Note RSA is much heavier in term of CPU utilisation. The RSA key can be considered optional and is only needed for communication towards tinc version 1.0 or lower
Custom: This fiels allows you to specify any custom deamon parameter
“Most” of the hosts in your network needs to be defined in this page. NOTE: tinc doesn't need all the hosts to be defined and it's able to use relay to reach secondry hosts if the end devices are not able to talk to each other e.g. because NAT implications. You need to define “yourself” on each tinc device, this is expected.
ConnectTo: It's a flag and can be set to On or empty. Essentially this instructs the local tinc to attempt a direct connectio towards the host or not (not meaning relaying on other hosts to reach the end point)
Name: as per Config page this is the unique tinc identifier defined under Host Name
Address: THis is used only in case of direct reachability and defines the IP or FQDN where th host can be found.
Port: An empty value means default (both TCP/UDP 655). You might want to tweak this value if you include direclty windows devices in your tinc communication
Compression: default to 0 (disabled) can be tweaked to 11. All the nodes must be defined the same way. NOTE: usually most of the traffic is already compressed/encripted at application layer so consider carefully if you need this enabled or not. Enabling compression will also add extra workload on the CPU.
Subnet: Defines the primary subnet reachable via the host we're defining.
Ed25519 Public Key: Thiis is where you Ed25519 Public Key goes
RSA Public Key *: In case of RSA key you must define the public on on a host basis here. RSA is optional in tinc 1.0+
Every host you define you need to provide the minimum info before being able to click OK and proceed with the next line. OK doesn't mean Save. So after all the hosts are defined (each with the own OK) you must operate the Save button at the end of the page.
Custom: is where you define the custom config on a host basis. Example say a host is providing reachability to a second subnet you could add something like: Subnet = 10.10.8.0/24 just make sure this satisfies the host IP/subnet + config-page “netmask” setting.