一、安装tinc
服务端和客户端都要安装
1.安装epel源
[root@jrgc ~]# rpm -Uvh http://mirrors.kernel.org/fedora-epel/6/i386/epel-release-6-8.noarch.rpm
Retrieving http://mirrors.kernel.org/fedora-epel/6/i386/epel-release-6-8.noarch.rpm
warning: /var/tmp/rpm-tmp.HeFKNN: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
2.修改epel源
将:baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
改成:#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
3.安装tinc
[root@jrgc yum.repos.d]# yum install tinc -y
4.查看安装结果
[root@jrgc yum.repos.d]# which tincd
/usr/sbin/tincd
[root@jrgc yum.repos.d]# rpm -ql tinc
/usr/sbin/tincd
/usr/share/doc/tinc-1.0.24
/usr/share/doc/tinc-1.0.24/AUTHORS
/usr/share/doc/tinc-1.0.24/COPYING
/usr/share/doc/tinc-1.0.24/COPYING.README
/usr/share/doc/tinc-1.0.24/NEWS
/usr/share/doc/tinc-1.0.24/README
/usr/share/doc/tinc-1.0.24/THANKS
/usr/share/doc/tinc-1.0.24/sample-config.tar.gz
/usr/share/doc/tinc-1.0.24/texinfo.tex
/usr/share/info/tinc.info.gz
/usr/share/man/man5/tinc.conf.5.gz
/usr/share/man/man8/tincd.8.gz
二、配置tinc ***
1.在服务端和客户端分别创建配置文件和相关文件夹及脚本
[root@jrgc ~]# cd /etc
[root@jrgc etc]# mkdir -p tinc/***
[root@jrgc etc]# cd tinc/***
[root@jrgc ***]# mkdir hosts
[root@jrgc ***]# touch tinc.conf
[root@jrgc ***]# touch tinc-up
[root@jrgc ***]# touch tinc-down
[root@jrgc ***]# chmod +x tinc-*
[root@jrgc ***]# ll
total 4
drwxr-xr-x 2 root root 4096 Nov 27 09:37 hosts
-rw-r--r-- 1 root root 0 Nov 27 09:37 tinc.conf
-rwxr-xr-x 1 root root 0 Nov 27 09:38 tinc-down
-rwxr-xr-x 1 root root 0 Nov 27 09:38 tinc-up
2.编辑服务端配置文件、脚本
[root@optest ***]# vim tinc.conf
Name=***server
Interface = tun0
Device = /dev/net/tun
Mode=switch
TCPOnly=yes
Port=655
PrivateKeyFile=/etc/tinc/***/rsa_key.priv
[root@optest ***]# vim tinc-up
#!/bin/sh
ifconfig $INTERFACE 10.50.1.1 netmask 255.255.255.0
[root@optest ***]# vim tinc-down
#!/bin/sh
ifconfig $INTERFACE down
3.编辑hosts文件夹中的***client01
[root@optest hosts]# vim ***client01
Compression=9
Subnet=10.50.1.10/24
Address=10.10.240.47
Port=655
4.在服务端生产公钥和密钥:
[root@jrgc tinc]# tincd -n *** -K
Generating 2048 bits keys:
..+++ p
..........+++ q
Done.
Please enter a file to save private RSA key to [/etc/tinc/***/rsa_key.priv]:
Please enter a file to save public RSA key to [/etc/tinc/***/hosts/***server]:
***client01的结果:
[root@optest hosts]# cat ***client01
Compression=9
Subnet=10.50.1.10/24
Address=10.10.240.47
Port=655
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzKmfLw6GnH32kan0KybaME2A1faRlZSpsgu5AThG5GP+CGhOjOh3
1/3f8EE5S5GWxMZishrX2M9PEjkAuEGYSeB7cma41wDwBDYlyt6Y6zAJy8VMexZb
CEoLIpaMlFItNsuhq49M7w6oGV1obnLJAaESPZTxk4BFDNu5FSA1zv3Tpb1rwWs4
+w32NSPTLqVt6Lyor+53DCiNzhVWtJlQwneiZHhcPkuXh1HYh8Ugu+lw3oTqHdHG
s734o6jWulSIRJzi5ptx0HnGeoKR3qjgImhx3HmAvT/50PWPL47+KffDGRj/fPdx
xU+GylMKR2q1yaW2V37i9uyeKXPCPlNcUwIDAQAB
-----END RSA PUBLIC KEY-----
5.编辑客户端配置文件、脚本
[root@jrgc ***]# cat tinc.conf
Name=***client01
ConnectTo=***server
Interface = tun0
Device = /dev/net/tun
Mode=switch
TCPOnly=yes
Port=655
PrivateKeyFile=/etc/tinc/***/rsa_key.priv
[root@jrgc ***]# cat tinc-up
#!/bin/sh
ifconfig $INTERFACE 10.50.1.10 netmask 255.255.255.0
[root@jrgc ***]# cat tinc-down
#!/bin/sh
ifconfig $INTERFACE down
6.在客户端生产公钥和密钥:
[root@jrgc tinc]# tincd -n *** -K
Generating 2048 bits keys:
..+++ p
..........+++ q
Done.
Please enter a file to save private RSA key to [/etc/tinc/***/rsa_key.priv]:
Please enter a file to save public RSA key to [/etc/tinc/***/hosts/***client01]:
7.编辑hosts文件夹中的***server
[root@jrgc hosts]# vim ***server
Compression=9
Subnet=10.50.1.1/24
Address=10.10.100.65
Port=655
***server的结果:
[root@jrgc hosts]# cat ***server
Compression=9
Subnet=10.50.1.1/24
Address=10.10.100.65
Port=655
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAxuDsk/3ZChi3auDLGU9mUzDswG7ZqZuO8zoGZ87pD5dQIozIxC6v
17ePOq1HCiNVA6XjgDnKt2mS3AVOr6tO2HID72FwLy8+hX2SuB2ggsMf8hdXjHBB
B4s0hpm9l3DJCUXlBio36wrqd+90NvkzGbEiwD3u22jzcXFl/Y1PIZEzZTwaRGX0
HmyzVSPjfaV8Q7sxMmchUO32g0gZA0BEj2qsSN8TUWMktCfbWdY5Wipi6ZrtIppC
Bg2tPKG0zjFnevzmpw0OowCTtbJwWQy08BpPJ102RFDjY+R1xmOei7XqvyITATag
vzaQdna+F6/kgoMq0PaDK4mM7qZFJkf6kQIDAQAB
-----END RSA PUBLIC KEY-----
三、交换公钥和私钥
客户端:
[root@jrgc hosts]# scp ***client01 root@10.10.10.65:/etc/tinc/***/hosts
服务器端:
[root@jrgc hosts]# scp ***server root@10.10.240.45:/etc/tinc/***/hosts
四、启动和关闭tinc ***
[root@jrgc ***]# tincd -n *** #启动tinc ***
[root@jrgc ***]# tincd -n *** -k #关闭tinc ***
五、验证tinc ***
[root@jrgc hosts]# ping 10.50.1.1
PING 10.50.1.1 (10.50.1.1) 56(84) bytes of data.
64 bytes from 10.50.1.1: icmp_seq=1 ttl=64 time=4.61 ms
64 bytes from 10.50.1.1: icmp_seq=2 ttl=64 time=1.47 ms
64 bytes from 10.50.1.1: icmp_seq=3 ttl=64 time=1.53 ms
64 bytes from 10.50.1.1: icmp_seq=4 ttl=64 time=1.39 ms
64 bytes from 10.50.1.1: icmp_seq=5 ttl=64 time=1.34 ms
64 bytes from 10.50.1.1: icmp_seq=6 ttl=64 time=1.15 ms
64 bytes from 10.50.1.1: icmp_seq=7 ttl=64 time=3.68 ms
[root@optest hosts]# ping 10.50.1.10
PING 10.50.1.10 (10.50.1.10) 56(84) bytes of data.
64 bytes from 10.50.1.10: icmp_seq=1 ttl=64 time=5.59 ms
64 bytes from 10.50.1.10: icmp_seq=2 ttl=64 time=1.98 ms
64 bytes from 10.50.1.10: icmp_seq=3 ttl=64 time=2.20 ms
64 bytes from 10.50.1.10: icmp_seq=4 ttl=64 time=4.12 ms
64 bytes from 10.50.1.10: icmp_seq=5 ttl=64 time=1.37 ms
64 bytes from 10.50.1.10: icmp_seq=6 ttl=64 time=1.53 ms
转载自原文链接, 如需删除请联系管理员。
原文链接:简单tinc虚拟专用网络的配置过程,转载请注明来源!