diff --git a/tinc/arm/README.md b/tinc/arm/README.md new file mode 100644 index 0000000..995306f --- /dev/null +++ b/tinc/arm/README.md @@ -0,0 +1,88 @@ +tinc-client +=========== + +``` +[root@alarmpi ~]# mkdir -p /etc/tinc/netname/hosts + +[root@alarmpi ~]# cat > /etc/tinc/netname/tinc.conf +Name = alarmpi +Interface = tun0 +ConnectTo = server + +[root@alarmpi ~]# cat > /etc/tinc/netname/hosts/alarmpi +Subnet = 10.0.0.2 + +[root@alarmpi ~]# tincd -n netname -K +Generating 2048 bits keys: +.................................................+++ p +.................................................+++ q +Done. +Please enter a file to save private RSA key to [/etc/tinc/netname/rsa_key.priv]: +Please enter a file to save public RSA key to [/etc/tinc/netname/hosts/alarmpi]: + +[root@alarmpi ~]# cat > /etc/tinc/netname/tinc-up +#!/bin/sh +ip link set $INTERFACE up +ip addr add 10.0.0.2/24 dev $INTERFACE + +[root@alarmpi ~]# cat > /etc/tinc/netname/tinc-down +#!/bin/sh +ip addr del 10.0.0.2/24 dev $INTERFACE +ip link set $INTERFACE down + +[root@alarmpi ~]# cat > /etc/tinc/netname/hosts/server-up +#!/bin/sh +ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3` +ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY +ip route add 0.0.0.0/1 dev $INTERFACE +ip route add 128.0.0.0/1 dev $INTERFACE + +[root@alarmpi ~]# cat > /etc/tinc/netname/hosts/server-down +#!/bin/sh +ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3` +ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY +ip route del 0.0.0.0/1 dev $INTERFACE +ip route del 128.0.0.0/1 dev $INTERFACE + +[root@alarmpi ~]# chmod +x /etc/tinc/netname/tinc-{up,down} +[root@alarmpi ~]# chmod +x /etc/tinc/netname/hosts/server-{up,down} + +[root@alarmpi ~]# scp /etc/tinc/netname/hosts/alarmpi root@remote-server:/etc/tinc/netname/hosts/ +[root@alarmpi ~]# scp root@remote-server:/etc/tinc/netname/hosts/server /etc/tinc/netname/hosts/ + +[root@alarmpi ~]# tree -AF /etc/tinc/ +/etc/tinc/ +└── netname/ + ├── hosts/ + │ ├── alarmpi + │ ├── server + │ ├── server-down + │ └── server-up + ├── rsa_key.priv + ├── tinc-down* + ├── tinc-up* + └── tinc.conf + +[root@alarmpi ~]# cat > /etc/systemd/network/eth0.network +[Match] +Name=eth0 + +[Network] +DHCP=yes +UseDNS=false +DNS=8.8.8.8 +IPMasquerade=yes + +[root@alarmpi ~]# cat > /etc/sysctl.d/99-sysctl.conf +net.ipv4.ip_forward=1 +net.ipv6.conf.all.disable_ipv6=1 +[root@alarmpi ~]# systemctl restart systemd-sysctl + +[root@alarmpi ~]# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE +[root@alarmpi ~]# iptables-save > /etc/iptables/iptables.rules +[root@alarmpi ~]# systemctl enable iptables + +[root@alarmpi ~]# systemctl start tincd@netname +[root@alarmpi ~]# systemctl status tincd@netname +[root@alarmpi ~]# systemctl enable tincd@netname +``` diff --git a/tinc/arm/tinc/netname/hosts/alarmpi b/tinc/arm/tinc/netname/hosts/alarmpi new file mode 100644 index 0000000..c8f3fe5 --- /dev/null +++ b/tinc/arm/tinc/netname/hosts/alarmpi @@ -0,0 +1 @@ +Subnet = 10.0.0.2 diff --git a/tinc/arm/tinc/netname/hosts/server-down b/tinc/arm/tinc/netname/hosts/server-down new file mode 100755 index 0000000..38ec206 --- /dev/null +++ b/tinc/arm/tinc/netname/hosts/server-down @@ -0,0 +1,7 @@ +#!/bin/sh + +ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3` + +ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY +ip route del 0.0.0.0/1 dev $INTERFACE +ip route del 128.0.0.0/1 dev $INTERFACE diff --git a/tinc/arm/tinc/netname/hosts/server-up b/tinc/arm/tinc/netname/hosts/server-up new file mode 100755 index 0000000..73a415e --- /dev/null +++ b/tinc/arm/tinc/netname/hosts/server-up @@ -0,0 +1,7 @@ +#!/bin/sh + +ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3` + +ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY +ip route add 0.0.0.0/1 dev $INTERFACE +ip route add 128.0.0.0/1 dev $INTERFACE diff --git a/tinc/arm/tinc/netname/tinc-down b/tinc/arm/tinc/netname/tinc-down new file mode 100755 index 0000000..1a5c18c --- /dev/null +++ b/tinc/arm/tinc/netname/tinc-down @@ -0,0 +1,4 @@ +#!/bin/sh + +ip addr del 10.0.0.2/24 dev $INTERFACE +ip link set $INTERFACE down diff --git a/tinc/arm/tinc/netname/tinc-up b/tinc/arm/tinc/netname/tinc-up new file mode 100755 index 0000000..dfcb6f0 --- /dev/null +++ b/tinc/arm/tinc/netname/tinc-up @@ -0,0 +1,4 @@ +#!/bin/sh + +ip link set $INTERFACE up +ip addr add 10.0.0.2/24 dev $INTERFACE diff --git a/tinc/arm/tinc/netname/tinc.conf b/tinc/arm/tinc/netname/tinc.conf new file mode 100644 index 0000000..4b8c365 --- /dev/null +++ b/tinc/arm/tinc/netname/tinc.conf @@ -0,0 +1,3 @@ +Name = alarmpi +Interface = tun0 +ConnectTo = server