This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
vpn-tinc [2022/02/11 00:01] – [Config] hogwild | vpn-tinc [2023/06/27 20:19] – [Hosts Tab] -explain Subnet purpose, condense hogwild | ||
---|---|---|---|
Line 5: | Line 5: | ||
The Tinc Daemon menu is divided into tabbed sections, including Tinc Configuration, | The Tinc Daemon menu is divided into tabbed sections, including Tinc Configuration, | ||
+ | ===== Config Tab ===== | ||
- | ===== Tinc Configuration ===== | + | {{: |
\\ | \\ | ||
- | {{:pasted: | + | **Start with WAN:** Enabling this will cause the Tinc daemon to start as part of the wanup (WAN interface initialization) process. |
- | \\ | + | **Interface type:** TUN/TAP: Here, you specify the communication protocol used within your VPN. TUN is routed, and runs at the network (IP) layer. TAP is switched, and runs at the datalink layer. Generally, you should choose TUN. For more information on these protocols, see the " |
- | **Start with WAN:** Enabling this will cause the tinc daemon to start as part of the wanup (WAN interface initialization) process. | + | **VPN Netmask:** Here, specify |
- | **Interface type:** TUN/TAP: Here, you specify the communication protocol used within your VPN. TUN is routed, and runs at the network (IP) layer. TAP is switched, and runs at the datalink layer. You should generally choose TUN. For more information on these protocols, see the " | + | **Host Name:** This is the unique identifier of the OpenVPN device. This is NOT the same as the device' |
- | **VPN Netmask:** Here, specify | + | **Poll interval:** If set greater than zero, a watchdog polls whether Tinc is running every n minutes to verify that it has not crashed. If it finds that Tinc is not running, it will restart |
- | **Host Name:** This is the unique identifier of the device. This is NOT the same as the device' | + | |
- | **Poll interval:** This enables hello packets on the VPN. Hello packets are sent back and forth periodically between routers to establish adjacency. | + | {{:pasted: |
\\ | \\ | ||
- | {{:pasted:20220204-091557.png}} | + | **Ed25519 Private Key: **In this field, enter your private Ed25519 encryption key. This key is needed for the encryption process. |
+ | |||
+ | **RSA Private Key: * **Here, enter the private RSA key. RSA encryption uses much more CPU power than the Ed25519 protocol. \\ The RSA key is optional and is needed only for communication with hosts using Tinc version 1.0 or lower. | ||
+ | |||
+ | **Custom: **This field allows you to specify any custom Tinc daemon parameters you might want. \\ \\ | ||
+ | |||
+ | |||
+ | ===== Hosts Tab ===== | ||
+ | |||
+ | Most of the hosts on your network should be defined on this page. Tinc doesn' | ||
+ | |||
+ | However, you do need to define " | ||
\\ | \\ | ||
- | **Ed25519 Private Key: **In this field, you enter your private Ed25519 key. This is necessary for the encryption process. | + | {{:pasted: |
- | **RSA Private Key * : **This field is where you enter your private RSA key. Note that RSA uses much more CPU power than Ed25519. The RSA key is optional and is only needed for communication with hosts using tinc version 1.0 or lower. | + | \\ |
- | **Custom: **This | + | **ConnectTo:** This flag can be set " |
+ | **Name: | ||
- | ===== Hosts ===== | + | **Address: |
- | Most of the hosts in your network should be defined on this page. Tinc doesn' | + | **Port: |
- | {{:pasted: | + | **Compression:** In some cases, compression may increase VPN speeds. The default of " |
- | **ConnectTo:** This is a flag and can be set to On or left blank. This tells the local tinc daemon whether or not it should attempt a direct connection with another | + | **Subnet:** This defines the primary subnet reachable via the host being defined. It's published |
- | **Name:** As on the Config tab, this is the unique tinc identifier defined under the Host Name field. | + | **Ed25519 Public Key:** |
- | **Address: **This is used only when direct reachability is possible and defines the IP or FQDN (fully qualified domain name) where the host can be found. Direct reachability means without relay. | + | **RSA Public Key: * ** If you're using RSA encryption, you must define each host's public key here. RSA is optional in Tinc versions 1.0 and later. |
- | **Port: **An empty value configures the default setting (both TCP/UDP port 655). You might need to tweak this value if you include direclty windows devices in your tinc communication. <Fix Me!> Needs clarification. | + | You must provide minimal information for every host defined before you can click OK and go to the next row. Clicking OK **does not** save settings. Only after you've defined all hosts, clicked " |
- | **Compression:** Compression can, in some cases, increase VPN speeds. Here, the default of 0 (disabled) | + | **Custom:** In this field, you can define custom settings for each host. |
- | **Subnet:** Defines the primary subnet reachable via the host being defined. | + | For example, if a host communicates with with another subnet, you could add: |
- | {{: | + | // Subnet = 10.10.8.0/ |
- | **Ed25519 Public Key:** This is where you enter your Ed25519 encryption Public Key. | + | You must ensure these settings are consistent with the host IP/subnet + config-page " |
- | **RSA Public Key *:** In case of RSA key you must define the public on on a host basis here. RSA is optional in tinc 1.0+ | + | \\ |
- | For every host you define, you must provide the minimum info before being able to click OK and proceed to the next row. OK doesn' | ||
- | **Custom:** In this field, you are free to define custom configuration settings for each host. For example, if a host is providing reachability to a second subnet you could add something like: //Subnet = 10.10.8.0/ |