OPNsense Forum
English Forums => General Discussion => Topic started by: HarfTarf on July 05, 2016, 09:53:48 pm
-
Hi All,
I am considering moving from pfsense to opnsense. In the most recent update, pfsense has removed the "tinc" package, which I use for much of my VPN needs.
Does OPNsense support tinc? and how have been peoples experiences moving from pfsense to OPNsense?
-
Hi HarfTarf,
You can install tinc. We do, however, not offer a GUI plugin at this point so the configuration needs to be done manually. This is an area where user contributions can really make a difference. :)
I'm not the right person to answer your migration question. All I can add is that we have kept things compatible to the point where we forked. If your setup worked in 2.2, it'll work on OPNsense.
Cheers,
Franco
-
GUI plugin for tinc isn't necessary, pfsense didn't have their GUI for tinc working at all, and the configs had to be done in terminal, which is fine.
I'll test out opnsense and see how it works!
-
Neat! In that case, install is like in FreeBSD:
# pkg install tinc
We do have some automatic hooks into /etc/rc.conf that should make services act like they are on FreeBSD (during start) and a separate framework for custom bootup scripts if that doesn't pan out. If you need those things, I can help explain.
Cheers,
Franco
-
I just got around to installing the nano amd64 to a usb, and its working wonderfully!
I installed tinc, but I am fairly new to freebsd, how do I ensure that tinc starts at boot?
Neat! In that case, install is like in FreeBSD:
# pkg install tinc
We do have some automatic hooks into /etc/rc.conf that should make services act like they are on FreeBSD (during start) and a separate framework for custom bootup scripts if that doesn't pan out. If you need those things, I can help explain.
Cheers,
Franco
-
Hi there,
Take a look here:
https://github.com/opnsense/ports/blob/master/security/tinc/files/tincd.in#L10-L20
Actual file contents for /etc/rc.conf could be this to autostart for vpn0:
tincd_enable="YES"
tincd_cfg="vpn0"
This is also important to set up a vpn0 NETNAME config:
https://www.tinc-vpn.org/documentation/tinc.conf.5
Someone else will hopefully be able to help with the details as I don't use tinc.
Cheers,
Franco
-
I'm passingly familiar with the tinc docs, as I use it at home, on my phone, and in my VPSs.
But your github link is exactly what I needed!
Thanks!
Hi there,
Take a look here:
https://github.com/opnsense/ports/blob/master/security/tinc/files/tincd.in#L10-L20
Actual file contents for /etc/rc.conf could be this to autostart for vpn0:
tincd_enable="YES"
tincd_cfg="vpn0"
This is also important to set up a vpn0 NETNAME config:
https://www.tinc-vpn.org/documentation/tinc.conf.5
Someone else will hopefully be able to help with the details as I don't use tinc.
Cheers,
Franco
-
This has helped a ton.
I have tinc up and running, but not working quite right.
I can ping out to any device on the vpn, but nothing can contact my opnsense box. I have suspision that opnsense is blocking all traffic going to my tun0 interface.
How do I enable rules for my tun0 interface?
I'm passingly familiar with the tinc docs, as I use it at home, on my phone, and in my VPSs.
But your github link is exactly what I needed!
Thanks!
Hi there,
Take a look here:
https://github.com/opnsense/ports/blob/master/security/tinc/files/tincd.in#L10-L20
Actual file contents for /etc/rc.conf could be this to autostart for vpn0:
tincd_enable="YES"
tincd_cfg="vpn0"
This is also important to set up a vpn0 NETNAME config:
https://www.tinc-vpn.org/documentation/tinc.conf.5
Someone else will hopefully be able to help with the details as I don't use tinc.
Cheers,
Franco
-
I don't know how other tinc users are doing it, but in the opnsense-devel package there is a way to assign tun0 (named "sixxs-aiccu") as an interface and then you can treat it with firewall rules.
Details on how to switch to the development version is here:
https://forum.opnsense.org/index.php?topic=3479.0
We've had this on -devel for a year, it might be time to make this more easily accessible in the hopes that others will find it useful too. Please keep sharing your thoughts on tinc setup. :)
Cheers,
Franco
-
I know, this is rather old, but is there a Tinc GUI plugin available in the meantime? Would like to test....
-
it has been for quite some time :)
https://github.com/opnsense/plugins/tree/master/security/tinc
Just search the plugins section under firmware.
-
Yepp, I installed that, but could not find it in the GUI afterwards. Or is it "config-file-only"? :-)
-
It should be in VPN -> Tinc, it is at my end.
-
oops! Maybe needed a logout-login, now it's there! Sorry! :-)
-
probably a page refresh :)