This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
vpn-tinc [2022/02/11 00:12] – [Tinc Configuration] hogwild | vpn-tinc [2023/05/26 18:46] – [Hosts Tab] -clarity, condense hogwild | ||
---|---|---|---|
Line 5: | Line 5: | ||
The Tinc Daemon menu is divided into tabbed sections, including Tinc Configuration, | The Tinc Daemon menu is divided into tabbed sections, including Tinc Configuration, | ||
- | + | ===== Config Tab ===== | |
- | ===== Tinc Configuration | + | |
{{: | {{: | ||
- | **Start with WAN:** Enabling this will cause the tinc daemon to start as part of the wanup (WAN interface initialization) process. | + | \\ |
- | **Interface type:** TUN/TAP: Here, you specify | + | **Start with WAN:** Enabling this will cause the Tinc daemon to start as part of the wanup (WAN interface initialization) process. |
- | **VPN Netmask:** Here, specify the (sub)netmask to be used within the intra-site communications. | + | **Interface type:** TUN/TAP: Here, you specify the communication protocol used within your VPN. TUN is routed, and runs at the network (IP) layer. TAP is switched, and runs at the datalink layer. Generally, you should choose TUN. For more information on these protocols, see the " |
+ | |||
+ | **VPN Netmask:** Here, specify the (sub)netmask to be used for intra-site communications. | ||
**Host Name:** This is the unique identifier of the OpenVPN device. This is NOT the same as the device' | **Host Name:** This is the unique identifier of the OpenVPN device. This is NOT the same as the device' | ||
- | **Poll interval: | + | **Poll interval: |
- | \\ | + | |
{{: | {{: | ||
Line 26: | Line 27: | ||
\\ | \\ | ||
- | **Ed25519 Private Key: **In this field, | + | **Ed25519 Private Key: **In this field, enter your private Ed25519 |
- | **RSA Private Key * : **This field is where you enter your private RSA key. The RSA encryption | + | **RSA Private Key: * |
- | **Custom: **This field allows you to specify any custom | + | **Custom: **This field allows you to specify any custom |
- | ===== Hosts ===== | + | ===== Hosts Tab ===== |
- | Most of the hosts in your network should be defined on this page. Tinc doesn' | + | Most of the hosts on your network should be defined on this page. Tinc doesn' |
- | {{: | + | However, you do need to define " |
- | **ConnectTo: | + | \\ |
- | **Name:** As on the Config tab, this is the unique tinc identifier defined under the Host Name field. | + | {{:pasted: |
- | **Address: **This is used only when direct reachability is possible and defines the IP or FQDN (fully qualified domain name) where the host can be found. Direct reachability means without relay. | + | \\ |
- | **Port: **An empty value configures | + | **ConnectTo:** This flag can be set " |
- | **Compression:** Compression can, in some cases, increase VPN speeds. Here, the default of 0 (disabled) can be tweaked to as high as 11. All the nodes must be configured with the same compresssion settting. Since most VPN traffic is already compressed/ | + | **Name:** As on the Config tab, this is the unique Tinc identifier defined in the Host Name field. |
- | **Subnet:** Defines | + | **Address: **This is used only when direct communication is possible and defines |
- | {{:pasted: | + | **Port: **An empty value configures the default setting (TCP/UDP, port 655). You might need to tune this for network devices that don't have root/ |
- | **Ed25519 Public Key:** This is where you enter your Ed25519 encryption Public Key. | + | **Compression:** In some cases, compression may increase VPN speeds. The default of " |
- | **RSA Public Key *:** In case of RSA key you must define | + | **Subnet: |
+ | |||
+ | **Ed25519 | ||
+ | |||
+ | **RSA Public Key: * ** If you're using RSA encryption, | ||
+ | |||
+ | You must provide minimal information for every host defined before you can click OK and proceed to the next row. Clicking OK **does not** save settings. After you've defined all hosts, and clicked " | ||
+ | |||
+ | **Custom: | ||
+ | |||
+ | For example, if a host communicates with with another subnet, you could add: | ||
+ | |||
+ | //Subnet = 10.10.8.0/ | ||
+ | |||
+ | You must ensure these settings are consistent with the host IP/ | ||
+ | |||
+ | \\ | ||
- | For every host you define, you must provide the minimum info before being able to click OK and proceed to the next row. OK doesn' | ||
- | **Custom:** In this field, you are free to define custom configuration settings for each host. For example, if a host is providing reachability to a second subnet you could add something like: //Subnet = 10.10.8.0/ |