The Config tab in tinc in pfSense.
tinc is a Virtual Private Network (VPN) daemon that uses VPN tunneling and encryption to create a secure private network between hosts on the Internet. Because the tunnel appears to the IP level network code as a normal network device, there is no need to adapt any existing software. The encrypted tunnels allow VPN sites to share information with each other over the Internet without exposing any information to others. tinc is free software and is licensed under the GNU General Public License (GPL). tinc incorporates the following features:
- Encryption, authentication and compression
- Automatic full mesh routing
- Easy to add nodes to your VPN
- Ability to bridge ethernet segments to work like a single segment
- VPN tunneling that runs on many operating systems (Linux, FreeBSD, OpenBSD, NetBSD, MacOS X, Solaris, Windows 2000, Windows XP, Windows Vista and Windows 7/8 supported)
VPN Tunneling with tinc: Installation and Configuration
If you choose to install tinc on any of these platforms, binaries are available on the tinc website, as well as documentation. If you choose to install it under pfSense, installation is as easy as finding the tinc package on the package list after navigating to System -> Packages. Once you have found it, click on the “plus” button to install the package, and on the next screen, press the “Confirm” button to confirm installation. The installation should complete within a few minutes.
Once tinc is installed, there will be a new entry under the “VPN” menu called “tinc”. Before you start to configure tinc for VPN tunneling, it might be a good idea to consider how you want to organize your VPN. For example, what are the nodes running tinc? What IP addresses and subnets do they have? What is the network mask of the entire VPN? Do you need special firewall rules, and do you have do set up masquerading or forwarding rules? Do you want to run tinc in router mode or switch mode? It also helps to have a good general understanding of networks.
The Hosts tab in tinc.
If you navigate to VPN -> tinc, there are two tabs: “Config” and “Hosts”. Under the “Config” tab, there are several configuation paramters. The “Name” field allows you to enter a name to identify the tinc daemon, which must be unique for the VPN to which this daemon will connect. The “Local IP” field allows you to enter the IP address of the local tunnel interface (often the same IP as your router’s LAN address). “Local Subnet” allows you to specify the subnet behind the router that should be advertised to the mesh, and “VPN Netmask” defines what traffic is the router to the VPN’s tunnel interface. The “AddressFamily” dropdown allows you to select whether listening and outgoing sockets, are IPv4, IPv6, or whether it depends on the operating system. In the “RSA private key” and “RSA public key” fields, you can specify an RSA private/public key pair. You can also check the “Generate RSA key pair” checkbox to generate a new RSA key pair.
On the “Hosts” tab, you can add new hosts by clicking on the “plus” button. The “Name” field allows you to specify a name, while “Address” is for the IP address and “Subnet” is for the subnet behind the host. The “Connect at startup” check box specifies whether tinc should try to connect to the host when it starts. There is also a field for an RSA public key. There are also several advanced settings in both the “Config” and “Hosts” tab; however, if you configure these basic parameters, you should be ready to use tinc VPN tunneling.
External Links:
Tinc on Wikipedia (just a stub)
The post VPN Tunneling with tinc appeared first on pfSense Setup HQ.