首页 » 技术分享 » 简单tinc虚拟专用网络的配置过程

简单tinc虚拟专用网络的配置过程

 

一、安装tinc

服务端和客户端都要安装

1.安装epel源

[root@jrgc ~]# rpm -Uvh http://mirrors.kernel.org/fedora-epel/6/i386/epel-release-6-8.noarch.rpm

Retrieving http://mirrors.kernel.org/fedora-epel/6/i386/epel-release-6-8.noarch.rpm

warning: /var/tmp/rpm-tmp.HeFKNN: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY

Preparing...                ########################################### [100%]

   1:epel-release           ########################################### [100%]

2.修改epel源

将:baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug

    #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch

改成:#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug

      mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch

3.安装tinc

[root@jrgc yum.repos.d]# yum install tinc -y 

4.查看安装结果

[root@jrgc yum.repos.d]# which tincd

/usr/sbin/tincd

[root@jrgc yum.repos.d]# rpm -ql tinc

/usr/sbin/tincd

/usr/share/doc/tinc-1.0.24

/usr/share/doc/tinc-1.0.24/AUTHORS

/usr/share/doc/tinc-1.0.24/COPYING

/usr/share/doc/tinc-1.0.24/COPYING.README

/usr/share/doc/tinc-1.0.24/NEWS

/usr/share/doc/tinc-1.0.24/README

/usr/share/doc/tinc-1.0.24/THANKS

/usr/share/doc/tinc-1.0.24/sample-config.tar.gz

/usr/share/doc/tinc-1.0.24/texinfo.tex

/usr/share/info/tinc.info.gz

/usr/share/man/man5/tinc.conf.5.gz

/usr/share/man/man8/tincd.8.gz

二、配置tinc ***

1.在服务端和客户端分别创建配置文件和相关文件夹及脚本

[root@jrgc ~]# cd /etc

[root@jrgc etc]# mkdir -p tinc/*** 

[root@jrgc etc]# cd tinc/***

[root@jrgc ***]# mkdir hosts

[root@jrgc ***]# touch tinc.conf

[root@jrgc ***]# touch tinc-up

[root@jrgc ***]# touch tinc-down

[root@jrgc ***]# chmod +x tinc-*

[root@jrgc ***]# ll

total 4

drwxr-xr-x 2 root root 4096 Nov 27 09:37 hosts

-rw-r--r-- 1 root root    0 Nov 27 09:37 tinc.conf

-rwxr-xr-x 1 root root    0 Nov 27 09:38 tinc-down

-rwxr-xr-x 1 root root    0 Nov 27 09:38 tinc-up

2.编辑服务端配置文件、脚本

[root@optest ***]# vim tinc.conf 

Name=***server

Interface = tun0

Device = /dev/net/tun

Mode=switch

TCPOnly=yes

Port=655

PrivateKeyFile=/etc/tinc/***/rsa_key.priv

[root@optest ***]# vim tinc-up

#!/bin/sh

ifconfig $INTERFACE 10.50.1.1 netmask 255.255.255.0

[root@optest ***]# vim tinc-down

#!/bin/sh 

ifconfig $INTERFACE down

3.编辑hosts文件夹中的***client01

[root@optest hosts]# vim ***client01 

Compression=9

Subnet=10.50.1.10/24

Address=10.10.240.47

Port=655

4.在服务端生产公钥和密钥:

[root@jrgc tinc]# tincd -n *** -K

Generating 2048 bits keys:

..+++ p

..........+++ q

Done.

Please enter a file to save private RSA key to [/etc/tinc/***/rsa_key.priv]: 

Please enter a file to save public RSA key to [/etc/tinc/***/hosts/***server]:

***client01的结果:

[root@optest hosts]# cat ***client01 

Compression=9

Subnet=10.50.1.10/24

Address=10.10.240.47

Port=655

-----BEGIN RSA PUBLIC KEY-----

MIIBCgKCAQEAzKmfLw6GnH32kan0KybaME2A1faRlZSpsgu5AThG5GP+CGhOjOh3

1/3f8EE5S5GWxMZishrX2M9PEjkAuEGYSeB7cma41wDwBDYlyt6Y6zAJy8VMexZb

CEoLIpaMlFItNsuhq49M7w6oGV1obnLJAaESPZTxk4BFDNu5FSA1zv3Tpb1rwWs4

+w32NSPTLqVt6Lyor+53DCiNzhVWtJlQwneiZHhcPkuXh1HYh8Ugu+lw3oTqHdHG

s734o6jWulSIRJzi5ptx0HnGeoKR3qjgImhx3HmAvT/50PWPL47+KffDGRj/fPdx

xU+GylMKR2q1yaW2V37i9uyeKXPCPlNcUwIDAQAB

-----END RSA PUBLIC KEY-----

5.编辑客户端配置文件、脚本

[root@jrgc ***]# cat tinc.conf

Name=***client01

ConnectTo=***server

Interface = tun0

Device = /dev/net/tun

Mode=switch

TCPOnly=yes

Port=655

PrivateKeyFile=/etc/tinc/***/rsa_key.priv

[root@jrgc ***]# cat tinc-up

#!/bin/sh

ifconfig $INTERFACE 10.50.1.10 netmask 255.255.255.0

[root@jrgc ***]# cat tinc-down 

#!/bin/sh 

ifconfig $INTERFACE down

6.在客户端生产公钥和密钥:

[root@jrgc tinc]# tincd -n *** -K

Generating 2048 bits keys:

..+++ p

..........+++ q

Done.

Please enter a file to save private RSA key to [/etc/tinc/***/rsa_key.priv]: 

Please enter a file to save public RSA key to [/etc/tinc/***/hosts/***client01]: 

7.编辑hosts文件夹中的***server

[root@jrgc hosts]# vim ***server 

Compression=9

Subnet=10.50.1.1/24

Address=10.10.100.65

Port=655

***server的结果:

[root@jrgc hosts]# cat ***server 

Compression=9

Subnet=10.50.1.1/24

Address=10.10.100.65

Port=655

-----BEGIN RSA PUBLIC KEY-----

MIIBCgKCAQEAxuDsk/3ZChi3auDLGU9mUzDswG7ZqZuO8zoGZ87pD5dQIozIxC6v

17ePOq1HCiNVA6XjgDnKt2mS3AVOr6tO2HID72FwLy8+hX2SuB2ggsMf8hdXjHBB

B4s0hpm9l3DJCUXlBio36wrqd+90NvkzGbEiwD3u22jzcXFl/Y1PIZEzZTwaRGX0

HmyzVSPjfaV8Q7sxMmchUO32g0gZA0BEj2qsSN8TUWMktCfbWdY5Wipi6ZrtIppC

Bg2tPKG0zjFnevzmpw0OowCTtbJwWQy08BpPJ102RFDjY+R1xmOei7XqvyITATag

vzaQdna+F6/kgoMq0PaDK4mM7qZFJkf6kQIDAQAB

-----END RSA PUBLIC KEY-----

三、交换公钥和私钥

客户端:

[root@jrgc hosts]# scp ***client01 root@10.10.10.65:/etc/tinc/***/hosts

服务器端:

[root@jrgc hosts]# scp ***server root@10.10.240.45:/etc/tinc/***/hosts

四、启动和关闭tinc *** 

[root@jrgc ***]# tincd -n ***        #启动tinc *** 

[root@jrgc ***]# tincd -n *** -k     #关闭tinc ***

五、验证tinc *** 

[root@jrgc hosts]# ping 10.50.1.1

PING 10.50.1.1 (10.50.1.1) 56(84) bytes of data.

64 bytes from 10.50.1.1: icmp_seq=1 ttl=64 time=4.61 ms

64 bytes from 10.50.1.1: icmp_seq=2 ttl=64 time=1.47 ms

64 bytes from 10.50.1.1: icmp_seq=3 ttl=64 time=1.53 ms

64 bytes from 10.50.1.1: icmp_seq=4 ttl=64 time=1.39 ms

64 bytes from 10.50.1.1: icmp_seq=5 ttl=64 time=1.34 ms

64 bytes from 10.50.1.1: icmp_seq=6 ttl=64 time=1.15 ms

64 bytes from 10.50.1.1: icmp_seq=7 ttl=64 time=3.68 ms

[root@optest hosts]# ping 10.50.1.10

PING 10.50.1.10 (10.50.1.10) 56(84) bytes of data.

64 bytes from 10.50.1.10: icmp_seq=1 ttl=64 time=5.59 ms

64 bytes from 10.50.1.10: icmp_seq=2 ttl=64 time=1.98 ms

64 bytes from 10.50.1.10: icmp_seq=3 ttl=64 time=2.20 ms

64 bytes from 10.50.1.10: icmp_seq=4 ttl=64 time=4.12 ms

64 bytes from 10.50.1.10: icmp_seq=5 ttl=64 time=1.37 ms

64 bytes from 10.50.1.10: icmp_seq=6 ttl=64 time=1.53 ms

转载自原文链接, 如需删除请联系管理员。

原文链接:简单tinc虚拟专用网络的配置过程,转载请注明来源!

2
相关推荐