FreshTomato Wiki

User Tools

Site Tools

Trace: bwlimit vpn-tinc one_off_reboot
vpn-tinc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn-tinc [2023/01/11 11:00] rs232vpn-tinc [2024/11/28 23:27] (current) – [Hosts Tab] hogwild
Line 1: Line 1:
-====== Tinc Daemon ======+====== Tinc ======
  
-Tinc is a newer VPN technology that allows you to create partial/full mesh VPN connections without having to define every endpoint, as you'd have to with other VPN protocols. A minimum amount of configuration is still needed for each site. However, it's the quickest way to develop a mesh VPN between network sites.+Tinc is a newer VPN technology. Unlike with other protocols, it lets you create partial/full mesh VPN connections without having to define every endpoint. A minimum of configuration is needed for each site. It's the quickest way to develop a mesh VPN between network sites.
  
 The Tinc Daemon menu is divided into tabbed sections, including Tinc Configuration, and (VPN) Hosts. The Tinc Daemon menu is divided into tabbed sections, including Tinc Configuration, and (VPN) Hosts.
 +
  
 ===== Config Tab ===== ===== Config Tab =====
Line 11: Line 12:
  \\  \\
  
-**Start with WAN:** Enabling this will cause the Tinc daemon to start as part of the wanup (WAN interface initialization) process.+**Start with WAN:** causes the Tinc daemon to start as part of the wanup (WAN interface initialization) process.
  
-**Interface type:** TUN/TAP: Here, you specify the communication protocol used within your VPN. TUN is routed, and runs at the network (IP) layer. TAP is switched, and runs at the datalink layer. Generally, you should choose TUN. For more information on these protocols, see the "Interface Type" section of the [[:vpn-server|OpenVPN Server]] wiki page.+ \\
  
-**VPN Netmask:** Here, specify the (sub)netmask to be used for intra-site communications.+**Interface type:** specifies the communication protocol used within your VPN.
  
-**Host Name:** This is the unique identifier of the OpenVPN deviceThis is NOT the same as the device's DHCP/DNS Hostnames.+  TUN - a routed protocol running at the network (IP) layer. 
 +  * TAP - a switched protocol running at the datalink layer.
  
-**Poll interval:** If set greater than zero, a watchdog polls whether Tinc is running every n minutes to verify that it has not crashed. If it finds that Tinc is not running, it will restart the Tinc service. If set to zero, the watchdog is disabled.+ \\ 
 + 
 +Generally, you should choose TUN. For more details, see "Interface Type" on the [[vpn-server#interface_type|OpenVPN Server]] wiki page. 
 + 
 + \\ 
 + 
 +**VPN Netmask:** here, specify the (sub)netmask to be used for intra-site communications. 
 + 
 + \\ 
 + 
 +**Host Name:** a unique identifier of the OpenVPN device. This is NOT the device's DHCP/DNS Hostnames. 
 + 
 + \\ 
 + 
 +**Poll interval:** if set greater than "0", a watchdog polls whether Tinc is running (not crashed) every n minutes. If it isn'running, it restarts the Tinc service. Settings this to "0" disables the watchdog.
  
  \\  \\  \\  \\
Line 27: Line 43:
  \\  \\
  
-**Ed25519 Private Key: **In this field, enter your private Ed25519 encryption key. This key is needed for the encryption process.+**Ed25519 Private Key: **the private Ed25519 encryption key.
  
-**RSA Private Key : **Here, enter your private RSA key. The RSA encryption protocol uses much more CPU power than the Ed25519 protocol. The RSA key is optional and is needed only for communication with hosts using Tinc version 1.0 or lower.+This is needed for the encryption process. 
 + 
 + \\ 
 + 
 +**RSA Private Key: *  **here, enter the private RSA key. 
 + 
 +RSA encryption uses much more CPU power than the Ed25519 protocol. \\ This key is optional and needed only for communication with hosts using Tinc 1.0 or lower. 
 + 
 + \\ 
 + 
 +**Custom: **here you can specify any custom Tinc daemon parameters you wish.  \\   \\
  
-**Custom: **This field allows you to specify any custom Tinc daemon parameters you might want.  \\   \\ 
  
 ===== Hosts Tab ===== ===== Hosts Tab =====
  
-Most of the hosts on your network should be defined on this page. Tinc doesn't need all the hosts to be defined. It's able to use a relay to reach secondary hosts if the end devices are not able to communicate. This can be happen for various reasons, such as the presene of NAT devices between hosts. However, you do need to define "yourself" on each Tinc device.+Most hosts on your network should be defined on this page. Tinc doesn't need all hosts to be defined. It can use a relay to reach secondary hosts if the end devices can't (yet) communicate. There are various reasons hosts may not be able to communicate. This includes the presence of NAT devices between them.
  
-**ConnectTo:** This flag and can be set to "Onor left blank. This tells the local Tinc daemon whether it should attempt a direct connection with another host (not including a relayed connection to another host).+However, you do need to define "yourselfon each Tinc device.
  
-**Name:** As on the Config tab, this is the unique Tinc identifier defined in the Host Name field.+ \\
  
-**Address**This is used only when direct communication is possible and defines the IP address or FQDN (fully qualified domain name) where the host can be found. Direct communication means without relay.+{{:pasted:20230111-110422.png?800}}
  
-**Port: **An empty value configures the default setting (both TCP/UDP on port 655). You might need to tweak this value for devices on the network that do not have root/administrator privileges (not applicable to tomato).+ \\
  
-**Compression:** In some cases, compression may increase VPN speeds. Here, the default of "0" (disabled) can be tweaked to as high as "11"All the nodes must be configured with the same compresssion settting. Since most VPN traffic is already compressed/encrypted at the application layer, think carefully about whether you really need this enabled. Enabling compression will add extra workload to the CPU, and may not increase speed/throughput.+**ConnectTo:** this can be set "Onor left blankIt tells Tinc to connect directly to another host (without a relay). 
 + 
 + \\
  
-**Subnet:** Defines the primary subnet reachable via the host being defined.+**Name:** as on the Config tab, this is a unique Tinc identifier defined in the Host Name field.
  
  \\  \\
  
-{{:pasted:20220204-091844.png}}+**Address**this is used only for direct communication. It defines the IP/FQDN where the host can be found (without a relay).
  
  \\  \\
  
-**Ed25519 Public Key:** This is where you enter your Ed25519 encryption Public Key.+**Port: **if blank, sets the default setting of TCP/UDP(655).
  
-**RSA Public Key *:** If you are using an RSA key, you must define the public key on for each host here. RSA is optional in Tinc 1.0+ .+You might need to tune this for network devices without root/Administrator privileges (but not FreshTomato).
  
-You must provide the minimum information for every host you define before you can click OK and proceed to the next row. Clicking OK does not save the settings. After you've defined all hosts, and clicked "OK" for each, you must then click the "Save" button at the bottom. Only then will all your host settings be saved.+ \\
  
-**Custom:** In this field, you are free to define custom configuration settings for each hostFor exampleif a host is communicating with a second subnet, you could add something like: //Subnet = 10.10.8.0/24// . Please ensure this is consistent with the host IP/subnet + config-page "netmask" setting.+**Compression:** lets you set the compression level (between the default of "0" (disabled) and "11"). 
 + 
 +Sometimescompression can increase VPN speeds. You must configure all nodes with the same setting. Think carefully about whether you need this, as most VPN traffic is already compressed at the application layer. Enabling compression adds extra CPU workload and may not increase throughput.
  
  \\  \\
 +
 +**Subnet:** the primary subnet reachable via the host being defined.
 +
 +This is published to tinc peers so they know which peer hosts the subnet.
 +
 + \\
 +
 +**Ed25519 Public Key:** here, enter your Ed25519 encryption Public Key.
 +
 + \\
 +
 +**RSA Public Key: * ** if you're using RSA encryption, you must define each host's public key here.
 +
 +RSA is optional in Tinc 1.0 and later. You must provide minimal details for all hosts defined before you can click OK and go to the next row. Clicking OK **does not** save settings. Only after you've defined all hosts, clicked "OK" for each, and clicked "Save" will all host settings be saved.
 +
 + \\
 +
 +**Custom:** in this field, you can define custom settings for each host.
 +
 +For example, if a host communicates with with another subnet, you could add:
 +
 +//  Subnet = 10.10.8.0/24// .
 +
 + \\
 +
 +These settings must be consistent with the host IP/subnet + config-page "netmask" setting.
 +
 + \\ \\  \\
  
  
vpn-tinc.1673434839.txt.gz · Last modified: 2023/01/11 11:00 by rs232

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki