FreshTomato Wiki

User Tools

Site Tools

Trace: bwlimit vpn-tinc one_off_reboot status-devices reboot
vpn-tinc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn-tinc [2024/10/18 18:12] – [Tinc] -Condense hogwildvpn-tinc [2024/11/28 23:27] (current) – [Hosts Tab] hogwild
Line 1: Line 1:
 ====== Tinc ====== ====== Tinc ======
  
-Tinc is a newer VPN technology that lets you create partial/full mesh VPN connections without having to define every endpoint, as you'd have to with other VPN protocols. A minimum amount of configuration is still needed for each site. However, it's the quickest way to develop a mesh VPN between network sites.+Tinc is a newer VPN technology. Unlike with other protocols, it lets you create partial/full mesh VPN connections without having to define every endpoint. A minimum of configuration is needed for each site. It's the quickest way to develop a mesh VPN between network sites.
  
 The Tinc Daemon menu is divided into tabbed sections, including Tinc Configuration, and (VPN) Hosts. The Tinc Daemon menu is divided into tabbed sections, including Tinc Configuration, and (VPN) Hosts.
Line 12: Line 12:
  \\  \\
  
-**Start with WAN:** Cause the Tinc daemon to start as part of the wanup (WAN interface initialization) process.+**Start with WAN:** causes the Tinc daemon to start as part of the wanup (WAN interface initialization) process.
  
  \\  \\
  
-**Interface type:** Specifies the communication protocol used within your VPN.+**Interface type:** specifies the communication protocol used within your VPN.
  
-  * TUN - a routed protocol, that runs at the network (IP) layer. +  * TUN - a routed protocol running at the network (IP) layer. 
-  * TAP - a switched protocl, that runs at the datalink layer.+  * TAP - a switched protocol running at the datalink layer.
  
  \\  \\
  
-Generally, you should choose TUN. For more information, see the "Interface Type" section on the [[:vpn-server|OpenVPN Server]] wiki page.+Generally, you should choose TUN. For more details, see "Interface Type" on the [[vpn-server#interface_type|OpenVPN Server]] wiki page.
  
  \\  \\
  
-**VPN Netmask:** Here, specify the (sub)netmask to be used for intra-site communications.+**VPN Netmask:** here, specify the (sub)netmask to be used for intra-site communications.
  
  \\  \\
  
-**Host Name:** This is a unique identifier of the OpenVPN device. This is NOT the same as the device's DHCP/DNS Hostnames.+**Host Name:** a unique identifier of the OpenVPN device. This is NOT the device's DHCP/DNS Hostnames.
  
  \\  \\
  
-**Poll interval:** If set greater than "0", a watchdog polls whether Tinc is running (has not crashed) every n minutes. If it finds Tinc is not running, it restarts the service. If set to "0"the watchdog is disabled.+**Poll interval:** if set greater than "0", a watchdog polls whether Tinc is running (not crashed) every n minutes. If it isn'running, it restarts the Tinc service. Settings this to "0" disables the watchdog.
  
  \\  \\  \\  \\
Line 43: Line 43:
  \\  \\
  
-**Ed25519 Private Key: **Here, enter the private Ed25519 encryption key. This is needed for the encryption process.+**Ed25519 Private Key: **the private Ed25519 encryption key. 
 + 
 +This is needed for the encryption process.
  
  \\  \\
  
-**RSA Private Key: *  **Here, enter the private RSA key. RSA encryption uses much more CPU power than the Ed25519 protocol. \\ This key is optional and needed only for communication with hosts using Tinc 1.0 or lower.+**RSA Private Key: *  **here, enter the private RSA key. 
 + 
 +RSA encryption uses much more CPU power than the Ed25519 protocol. \\ This key is optional and needed only for communication with hosts using Tinc 1.0 or lower.
  
  \\  \\
  
-**Custom: **This field lets you specify any custom Tinc daemon parameters you like.  \\   \\+**Custom: **here you can specify any custom Tinc daemon parameters you wish.  \\   \\
  
  
Line 66: Line 70:
  \\  \\
  
-**ConnectTo:**  This flag can be set "On" or left blank. This tells the local Tinc daemon to try connecting directly to another host (without using a relay).+**ConnectTo:** this can be set "On" or left blank. It tells Tinc to connect directly to another host (without a relay).
  
  \\  \\
  
-**Name:**  As on the Config tab, this is the unique Tinc identifier defined in the Host Name field.+**Name:** as on the Config tab, this is unique Tinc identifier defined in the Host Name field.
  
  \\  \\
  
-**Address:  **This is used only when direct communication is possible. It defines the IP address (or FQDNwhere the host can be found. This means without a relay.+**Address: **this is used only for direct communication. It defines the IP/FQDN where the host can be found (without a relay).
  
  \\  \\
  
-**Port:  **If left blank, this configures the default setting (TCP/UDP, port 655). You might need to tune this for network devices without root/Administrator privileges (but not FreshTomato).+**Port: **if blank, sets the default setting of TCP/UDP(655). 
 + 
 +You might need to tune this for network devices without root/Administrator privileges (but not FreshTomato).
  
  \\  \\
  
-**Compression:**  In some cases, compression may increase VPN speeds. The default of "0" (disabled) can be adjusted as high as "11"All nodes must be configured with the same setting. Since most VPN traffic is already compressed at the application layer, think carefully whether you need this enabled. Enabling compression adds extra workload to the CPU, and may not increase throughput.+**Compression:** lets you set the compression level (between the default of "0" (disabled) and "11"). 
 + 
 +Sometimes, compression can increase VPN speeds. You must configure all nodes with the same setting. Think carefully about whether you need this, as most VPN traffic is already compressed at the application layer. Enabling compression adds extra CPU workload and may not increase throughput.
  
  \\  \\
  
-**Subnet:**  This defines the primary subnet reachable via the host being defined. It'published to the tinc peers so they know which peer hosts the subnet.+**Subnet:** the primary subnet reachable via the host being defined. 
 + 
 +This is published to tinc peers so they know which peer hosts the subnet.
  
  \\  \\
  
-**Ed25519 Public Key:**  Here is where you enter your Ed25519 encryption Public Key.+**Ed25519 Public Key:** here, enter your Ed25519 encryption Public Key.
  
  \\  \\
  
-**RSA Public Key: * ** If you're using RSA encryption, you must define each host's public key here. RSA is optional in Tinc versions 1.0 and later.+**RSA Public Key: * ** if you're using RSA encryption, you must define each host's public key here.
  
-You must provide minimal information for every host defined before you can click OK and go to the next row. Clicking OK **does not** save settings. Only after you've defined all hosts, clicked "OK" for each, and clicked "Save" at the bottom. will all host settings be saved.+RSA is optional in Tinc 1.0 and later. You must provide minimal details for all hosts defined before you can click OK and go to the next row. Clicking OK **does not** save settings. Only after you've defined all hosts, clicked "OK" for each, and clicked "Save" will all host settings be saved.
  
  \\  \\
  
-**Custom:**  In this field, you can define custom settings for each host.+**Custom:** in this field, you can define custom settings for each host.
  
 For example, if a host communicates with with another subnet, you could add: For example, if a host communicates with with another subnet, you could add:
  
 //  Subnet = 10.10.8.0/24// . //  Subnet = 10.10.8.0/24// .
- 
-You must ensure these settings are consistent with the host IP/subnet + config-page "netmask" setting. 
  
  \\  \\
 +
 +These settings must be consistent with the host IP/subnet + config-page "netmask" setting.
 +
 + \\ \\  \\
  
  
vpn-tinc.1729271562.txt.gz · Last modified: 2024/10/18 18:12 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki