Are you having trouble on creating a mesh network of two different VPN on the same server by means of Tinc? This guide will help you all the way.
Tinc is an free to use and an open-source mesh networking protocol and software specially made for compressed and encrypted virtual private networks. It can be used to build a secure, encrypted VLAN over the internet or insecure LAN or two instances of cloud computers.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to install and configure networking related Software on their Servers.
In this context, we shall look into how to run two or multiple networks instance of Tinc VPN on a single machine.
Lets say we have two tinc VPNs, vpn1 and vpn2 respectively provisioned on a server, we will assign different ports for each VPN. For instance, vpn1 will use port number 600 while vpn2 will use port number 601.
If we have the two vpn in the file "/etc/tinc" on serverA with two different subnets for two VPNs, the we shall follow the steps below to configure them.
Here, the server IP for this instance will be "172.16.5.5/32" for example.
Now, define the port in tinc configuration file "/etc/tinc/vpn0/tinc.conf" as shown below;
Name = serverA
Device = /dev/net/tun
BindToAddress = 192.168.4.5
AddressFamily = ipv4
Port = 600
Next, you must update the files, "/etc/tinc/vpn1/hosts/serverA" and "/etc/tinc/vpn1/hosts/serverB" to include the Port number as seen below;
cat /etc/tinc/vpn1/hosts/serverA
The file will look like this;
Address = 192.168.4.5
Subnet = 172.16.5.5/32
Port = 600
-----BEGIN RSA PUBLIC KEY-----
.....
...
your random key here
....
-----END RSA PUBLIC KEY-----
Next,for ServerB (172.16.6.6/32), you can run the command as shown below;
cat /etc/tinc/vpn2/hosts/serverB
You will get an output such as this;
Subnet = 172.16.6.6/32
Port = 601
-----BEGIN RSA PUBLIC KEY-----
.....
...
your random key here
....
-----END RSA PUBLIC KEY-----
Here, the server IP for this instance will be "172.16.2.2/32" for example.
Now the Port must be defined in tinc configuration file "/etc/tinc/vpn2/tinc.conf" as shown below;
Name = serverA
Device = /dev/net/tun
BindToAddress = 192.168.4.5
AddressFamily = ipv4
Port = 601
Next, update /etc/tinc/vpn2/hosts/serverA and /etc/tinc/vpn2/hosts/serverB files to include Port Number with the following command;
cat /etc/tinc/vpn2/hosts/serverA
The output will look like this;
Address = 192.168.4.5
Subnet = 172.16.2.2/32
Port = 601
-----BEGIN RSA PUBLIC KEY-----
.....
...
your random key here
....
-----END RSA PUBLIC KEY-----
For ServerB, run the following command;
cat /etc/tinc/vpn2/hosts/serverB
You will get the following output;
Subnet = 172.16.2.2/32
Port = 601
-----BEGIN RSA PUBLIC KEY-----
.....
...
your random key here
....
-----END RSA PUBLIC KEY-----
At this point, you need to define port for each new VPN on same server. Once done, update your /etc/tinc/nets.boot to include both vpn1 and vpn2 by running the following command;
cat /etc/tinc/nets.boot
You will get an output such as;
## This file contains all names of the networks to be started on system startup.
vpn1
vpn2
Next, restart tinc on both servers by running the command below;
systemctl restart tinc
To verify it, simply run the commands below;
ip r
ip a
ping ip-of-clientB
ping ip-of-serverA
ping ip-of-clientA
ping ip-of-serverB
Ensure that the firewall rule is updated to allow both port numbers i.e. 600 and 601.