[SOLVED] Tinc available?

Started by HarfTarf, July 05, 2016, 09:53:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 05, 2016, 09:53:48 PM Last Edit: January 06, 2019, 09:03:43 PM by franco
Hi All,

I am considering moving from pfsense to opnsense. In the most recent update, pfsense has removed the "tinc" package, which I use for much of my VPN needs.

Does OPNsense support tinc? and how have been peoples experiences moving from pfsense to OPNsense?
July 06, 2016, 10:13:52 AM #1
Hi HarfTarf,

You can install tinc. We do, however, not offer a GUI plugin at this point so the configuration needs to be done manually. This is an area where user contributions can really make a difference. :)

I'm not the right person to answer your migration question. All I can add is that we have kept things compatible to the point where we forked. If your setup worked in 2.2, it'll work on OPNsense.


Cheers,
Franco
July 07, 2016, 06:46:09 PM #2
GUI plugin for tinc isn't necessary, pfsense didn't have their GUI for tinc working at all, and the configs had to be done in terminal, which is fine.

I'll test out opnsense and see how it works!
July 08, 2016, 09:15:01 AM #3
Neat! In that case, install is like in FreeBSD:

# pkg install tinc

We do have some automatic hooks into /etc/rc.conf that should make services act like they are on FreeBSD (during start) and a separate framework for custom bootup scripts if that doesn't pan out. If you need those things, I can help explain.


Cheers,
Franco
September 01, 2016, 10:11:02 AM #4
I just got around to installing the nano amd64 to a usb, and its working wonderfully!

I installed tinc, but I am fairly new to freebsd, how do I ensure that tinc starts at boot?

Quote from: franco on July 08, 2016, 09:15:01 AM
Neat! In that case, install is like in FreeBSD:

# pkg install tinc

We do have some automatic hooks into /etc/rc.conf that should make services act like they are on FreeBSD (during start) and a separate framework for custom bootup scripts if that doesn't pan out. If you need those things, I can help explain.


Cheers,
Franco
September 01, 2016, 10:20:16 AM #5
Hi there,

Take a look here:

https://github.com/opnsense/ports/blob/master/security/tinc/files/tincd.in#L10-L20

Actual file contents for /etc/rc.conf could be this to autostart for vpn0:

tincd_enable="YES"
tincd_cfg="vpn0"

This is also important to set up a vpn0 NETNAME config:

https://www.tinc-vpn.org/documentation/tinc.conf.5

Someone else will hopefully be able to help with the details as I don't use tinc.


Cheers,
Franco
September 01, 2016, 05:37:31 PM #6
I'm passingly familiar with the tinc docs, as I use it at home, on my phone, and in my VPSs.
But your github link is exactly what I needed!

Thanks!


Quote from: franco on September 01, 2016, 10:20:16 AM
Hi there,

Take a look here:

https://github.com/opnsense/ports/blob/master/security/tinc/files/tincd.in#L10-L20

Actual file contents for /etc/rc.conf could be this to autostart for vpn0:

tincd_enable="YES"
tincd_cfg="vpn0"

This is also important to set up a vpn0 NETNAME config:

https://www.tinc-vpn.org/documentation/tinc.conf.5

Someone else will hopefully be able to help with the details as I don't use tinc.


Cheers,
Franco
September 01, 2016, 11:33:25 PM #7
This has helped a ton.
I have tinc up and running, but not working quite right.
I can ping out to any device on the vpn, but nothing can contact my opnsense box. I have suspision that opnsense is blocking all traffic going to my tun0 interface.

How do I enable rules for my tun0 interface?

Quote from: HarfTarf on September 01, 2016, 05:37:31 PM
I'm passingly familiar with the tinc docs, as I use it at home, on my phone, and in my VPSs.
But your github link is exactly what I needed!

Thanks!


Quote from: franco on September 01, 2016, 10:20:16 AM
Hi there,

Take a look here:

https://github.com/opnsense/ports/blob/master/security/tinc/files/tincd.in#L10-L20

Actual file contents for /etc/rc.conf could be this to autostart for vpn0:

tincd_enable="YES"
tincd_cfg="vpn0"

This is also important to set up a vpn0 NETNAME config:

https://www.tinc-vpn.org/documentation/tinc.conf.5

Someone else will hopefully be able to help with the details as I don't use tinc.


Cheers,
Franco
September 02, 2016, 08:03:55 AM #8
I don't know how other tinc users are doing it, but in the opnsense-devel package there is a way to assign tun0 (named "sixxs-aiccu") as an interface and then you can treat it with firewall rules.

Details on how to switch to the development version is here:

https://forum.opnsense.org/index.php?topic=3479.0

We've had this on -devel for a year, it might be time to make this more easily accessible in the hopes that others will find it useful too. Please keep sharing your thoughts on tinc setup. :)


Cheers,
Franco
January 05, 2019, 04:51:49 PM #9
I know, this is rather old, but is there a Tinc GUI plugin available in the meantime? Would like to test....
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 05, 2019, 05:09:41 PM #10
it has been for quite some time  :)

https://github.com/opnsense/plugins/tree/master/security/tinc

Just search the plugins section under firmware.
January 05, 2019, 05:30:23 PM #11
Yepp, I installed that, but could not find it in the GUI afterwards. Or is it "config-file-only"? :-)
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 05, 2019, 05:34:37 PM #12
It should be in VPN -> Tinc, it is at my end.
January 05, 2019, 05:37:53 PM #13
oops! Maybe needed a logout-login, now it's there! Sorry! :-)
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 05, 2019, 05:40:16 PM #14
probably a page refresh :)
Print
Go Up Pages1
User actions