1) Install tinc on your Linux Distro ( Debian based: apt-get install tinc, Gentoo based: emerge tinc ) MAKE SURE YOU HAVE AT LEAST TINC 1.0.13
2) Create config dir
mkdir /etc/tinc/isole
3) Create config file
/etc/tinc/isole/tinc.conf
Name = yournickname ConnectTo = coppermine ConnectTo = zefiro ConnectTo = RomaVpnIsole ConnectTo = BitArno ConnectTo = heimdall Mode = switch
Mode switch is required because tinc will operate with a tap interface, needed to run babeld on it.
4) Download hosts keys from our git repository
cd /etc/tinc/isole/ git clone git://github.com/ninuxorg/HostsVpnIsole.git hosts
Optionally to ensure your hosts keys are always updated you can add the following line or something similar to your crontab
0 * * * * root cd /etc/tinc/isole/hosts && git pull &> /dev/null
5) Generate a Keypair
tincd -n isole -K
6) Look for a free IP address in the subnet 10.0.5.0/24 and add your self in the table on the GestioneIndirizzi wiki page.
7) Create the file
/etc/tinc/isole/tinc-up
# If your distro supports flexible init networking scripts like Gentoo, you can do it in more elegant way ip link set dev $INTERFACE up ip address add dev $INTERFACE HEREYOURIPADDRESS/24 #Adjust MTU ip link set mtu 1350 dev $INTERFACE iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Where in place of HEREYOURIPADDRESS you must put the IP address choosen at point 6 of this guide
Make the file executable
chmod +x /etc/tinc/isole/tinc-up
8) Send an email to contatti@ninux.org and info@eigenlab.org with your Nickname chosen at point 3 and your generated public key that may look something like.
cat /etc/tinc/isole/hosts/YourHostNickName
Address = Public_Host_Address(not_the_10.0.5.x_one)_If_Available -----BEGIN RSA PUBLIC KEY----- TXKAJun1ffoORTQTqhfop1Bfn8BZjKF4efagDCNdQanl8vVMRIqrFb3anXzbUI2O QVL1lIBom8KgsviE6VywVrF5thYzotqWVKH1K2hwgpZXGVsmimIiFr9hz3pBsOfZ dL2mmLuZXKx1JujdLq2zVYf1peh7ctcqXuXQfJRJIFGhvPndO9dluQUxtZz8StdY sVhQcmiyCnmvKNcbyIHQXCA+5zZYNNmu9wIDAQAB -----END RSA PUBLIC KEY-----
This file has the address ( if available ) and the public key of the VPN node
9) Once you received notification that your public key is authorized you can try to connect
tincd -n isole
If everything worked out you can ping 10.0.5.103. Now configure babeld to use the interface "isole"
It is FUNDAMENTAL to use latest babeld version
11) Configure babeld ( depending on your distro default babeld config file path can be different we will refer to Debian in the example )
edit
/etc/babeld.conf
After editing it should look like this but may vary depending on your setup
## Add interface isole as wired with a fixed cost of 300 interface isole wired true rxcost 300 # Suggested in le 14 ip 0.0.0.0/0 deny in ge 23 ip 10.0.0.0/23 deny in ge 23 ip 10.255.254.0/23 deny in ge 10 ip 100.64.0.0/10 deny in ge 23 ip 172.16.0.0/23 deny in ge 23 ip 172.31.254.0/23 deny in ge 23 ip 192.168.0.0/23 deny in ge 23 ip 192.168.254.0/24 deny # example ## Refuse 131.114.0.0/16 route #in ip 131.114.0.0/16 deny # example ( this is useful if your adsl router have a subnet like this ) ## Refuse route with a prefix lenght great or equal 24 matching with 192.168.2.0/24 # in ge 24 ip 192.168.2.0/24 deny # example ( this is useful if you are using another routing protocol on your island ) ## Redistribute route in the 10/8 subnet from another routing protocol that have proto 157 # redistribute ip 10.0.0.0/8 proto 157 # Mandatory ## Allow announcing route 10.0.5.0/24 redistribute ip 10.0.5.0/24 allow ## Allow here the sharing of route you want share ## for example # redistribute ip 10.0.0.0/8 allow ## Deny announcing all other local route redistribute local deny