mirror of
https://github.com/vimagick/dockerfiles.git
synced 2025-01-08 04:04:18 +02:00
168 lines
3.5 KiB
Markdown
168 lines
3.5 KiB
Markdown
tinc
|
|
====
|
|
|
|
![](https://badge.imagelayers.io/vimagick/tinc:latest.svg)
|
|
|
|
[`tinc`][1] is a Virtual Private Network (VPN) daemon that uses tunnelling and
|
|
encryption to create a secure private network between hosts on the Internet.
|
|
|
|
To use this image, you need to:
|
|
|
|
- Have baisc knowledges of tinc
|
|
- Create a directory tree by hand ([tutor][2])
|
|
- Use `docker-compose` to manage
|
|
|
|
## directory tree
|
|
|
|
```
|
|
~/fig/tinc/
|
|
├── docker-compose.yml
|
|
└── tinc/
|
|
└── netname/
|
|
├── hosts/
|
|
│ ├── client
|
|
│ ├── client-down*
|
|
│ ├── client-up*
|
|
│ └── server
|
|
├── rsa_key.priv
|
|
├── tinc.conf
|
|
├── tinc-down*
|
|
└── tinc-up*
|
|
```
|
|
|
|
## docker-compose.yml
|
|
|
|
```yaml
|
|
tinc:
|
|
image: vimagick/tinc
|
|
ports:
|
|
- "655:655/tcp"
|
|
- "655:655/udp"
|
|
volumes:
|
|
- ./tinc:/etc/tinc
|
|
environment:
|
|
- VERBOSE=2
|
|
cap_add:
|
|
- NET_ADMIN
|
|
dns: 8.8.8.8
|
|
restart: always
|
|
```
|
|
|
|
## server
|
|
|
|
```bash
|
|
# config
|
|
$ cd ~/fig/tinc/
|
|
$ mkdir -p tinc/netname/hosts/
|
|
$ docker-compose run --rm tinc sh
|
|
>>> cat > tinc.conf
|
|
Name=server
|
|
Interface=tun0
|
|
>>> cat > hosts/server
|
|
Subnet=10.0.0.1
|
|
Subnet=0.0.0.0/0
|
|
>>> tincd -n netname -K4096 < /dev/null
|
|
>>> cat > tinc-up
|
|
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0
|
|
>>> cat > tinc-down
|
|
ifconfig $INTERFACE down
|
|
>>> chmod +x tinc-up tinc-down
|
|
>>> exit
|
|
|
|
# run
|
|
$ docker-compose up -d
|
|
|
|
# monitor
|
|
$ docker-compose logs
|
|
|
|
# stats
|
|
$ watch docker exec tinc_tinc_1 netstat -an
|
|
```
|
|
|
|
## client
|
|
|
|
```bash
|
|
# start
|
|
$ tincd -d -D -n netname --pidfile /tmp/tinc.pid
|
|
|
|
# stop
|
|
$ tincd -k --pidfile /tmp/tinc.pid
|
|
```
|
|
|
|
## client (openwrt)
|
|
|
|
```bash
|
|
$ opkg install tinc ip
|
|
|
|
$ cat > /etc/config/tinc
|
|
config tinc-net netname
|
|
option enabled 1
|
|
config tinc-host linkit
|
|
option enabled 1
|
|
option net netname
|
|
config tinc-host server
|
|
option enabled 1
|
|
option net netname
|
|
|
|
$ mkdir -p /etc/tinc/netname/hosts
|
|
|
|
$ cat > /etc/tinc/netname/tinc.conf
|
|
Name = linkit
|
|
Interface = tun0
|
|
ConnectTo = server
|
|
|
|
$ cat > /etc/tinc/netname/hosts/linkit
|
|
Subnet = 10.0.0.125
|
|
|
|
$ tincd -n netname -K < /dev/null
|
|
Generating 2048 bits keys:
|
|
......+++ p
|
|
.....+++ q
|
|
Done.
|
|
|
|
$ cat > /etc/tinc/netname/tinc-up
|
|
#!/bin/sh
|
|
ip link set $INTERFACE up
|
|
ip addr add 10.0.0.125/24 dev $INTERFACE
|
|
|
|
$ cat > /etc/tinc/netname/tinc-down
|
|
#!/bin/sh
|
|
ip addr del 10.0.0.125/24 dev $INTERFACE
|
|
ip link set $INTERFACE down
|
|
|
|
$ cat > /etc/tinc/netname/hosts/server-up
|
|
#!/bin/sh
|
|
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
|
|
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
|
|
ip route add 0.0.0.0/1 dev $INTERFACE
|
|
ip route add 128.0.0.0/1 dev $INTERFACE
|
|
|
|
$ cat > /etc/tinc/netname/hosts/server-down
|
|
#!/bin/sh
|
|
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
|
|
ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY
|
|
ip route del 0.0.0.0/1 dev $INTERFACE
|
|
ip route del 128.0.0.0/1 dev $INTERFACE
|
|
|
|
$ chmod +x /etc/tinc/netname/tinc-*
|
|
$ chmod +x /etc/tinc/netname/hosts/server-*
|
|
|
|
$ scp /etc/tinc/netname/hosts/linkit root@remote-server:/etc/tinc/netname/hosts/
|
|
$ scp root@remote-server:/etc/tinc/netname/hosts/server /etc/tinc/netname/hosts/
|
|
|
|
$ /etc/init.d/tinc start
|
|
$ /etc/init.d/tinc enable
|
|
|
|
$ ifconfig tun0
|
|
|
|
$ firefox http://192.168.1.125/cgi-bin/luci/
|
|
|
|
# Firewall:
|
|
# | lan => wan, vpn | ooo | xx |
|
|
# | wan => | oox | oo |
|
|
# | vpn => wan | ooo | ox |
|
|
```
|
|
|
|
[1]: http://tinc-vpn.org/
|
|
[2]: https://www.digitalocean.com/community/tutorials/how-to-install-tinc-and-set-up-a-basic-vpn-on-ubuntu-14-04
|