https://github.com/reddec/tinc-boot
Bootstrap your Tinc node quickly and easy
https://github.com/reddec/tinc-boot
admin-toolkit mesh-networks tinc tincd vpn
Last synced: 7 months ago
JSON representation
Bootstrap your Tinc node quickly and easy
- Host: GitHub
- URL: https://github.com/reddec/tinc-boot
- Owner: reddec
- License: mpl-2.0
- Created: 2019-09-20T05:58:43.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2023-02-25T00:50:52.000Z (over 2 years ago)
- Last Synced: 2024-06-20T14:26:12.999Z (12 months ago)
- Topics: admin-toolkit, mesh-networks, tinc, tincd, vpn
- Language: Go
- Size: 137 KB
- Stars: 156
- Watchers: 9
- Forks: 23
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# Tinc-Boot
[](https://github.com/reddec/tinc-boot)
[](http://godoc.org/github.com/reddec/tinc-boot)
[](http://reddec.net/about/#donate)
[](https://bintray.com/reddec/debian/tinc-boot/_latestVersion)Idea to create a easy-to-use wrapper over [tinc vpn](https://www.tinc-vpn.org).
## Quick start (linux only)
[skip to installation](#installation)
### Automatic
**node 1**
sudo tinc-boot run
**node 2**
follow command from previous operation
### Custom token
**node 1**
sudo tinc-boot -t MYSECRET run
**node 2**
sudo tinc-boot run -t MYSECRET --join http://:8665
### Firewall
> Use (--ufw) to open port on ufw-based systems automatically
>
> tinc-boot run --ufw ...
>
> Required opened default ports:
>
> * `/udp,/tcp` - port defined as `--tinc-port` or generated in `tinc.conf`
> * `8665/tcp` - port defined as `-p --port` for boot protocol
> * `18655/tcp (tinc interface)` - internal port for communication. Only for interface defined in `tinc.conf`## Overview
Tinc VPN - is full-mesh, auto-healing, time-proofed VPN system without single point of failure, with high-throughput and
serious cryptography. All nodes in a Tinc network are fully equal. New nodes discovering full topology through any entry
point. Node may interact with each other even if they don't have direct connections.Tinc is a great and have a lot of features. It's ideal for a complicated situations (China, Russia and others). I really
admire the project.
**But...** it's pain to configure and maintain.
Pain to create a new node. Pain to add new node to network.
Minimal configuration for a first public node:
* 2 files (tinc.conf, hostfile),
* 1 script (tinc-up),
* 2 directories (net, hosts),
* 1 command execution (key generation).(let's not count service initialization and other common stuff)
Second node adds key exchange (+1 operation if we will use `rsync`, or +2 operations if manually).

Next new public nodes require increasing number of additional operations (+N operations, where N is a number of public
nodes).
> To be honest, to just to connect to the network an only single key exchange operation required: with any public node.
> Than tincd will discover all other nodes.
>
> **But** after your node disconnect/reboot and in case of death of your entry node you will be no more able to connect
> to other alive nodes (because they don't know your key and your node don't know theirs).**Tinc-boot** - is a all-in-one tool with zero dependency (except `tinc` of course), that aims to achieve:
1. one-line node initialization
2. automatic keys distribution
3. simplified procedure to add new node to existent netWith simple UI (available on your VPN address with port 1655 by default)

Donating always welcome
* ETH: `0xA4eD4fB5805a023816C9B55C52Ae056898b6BdBC`
* BTC: `bc1qlj4v32rg8w0sgmtk8634uc36evj6jn3d5drnqy`## Installation
* (recommended) look at [releases](https://github.com/reddec/tinc-boot/releases) page and download
* one line shell command:```
curl -L https://github.com/reddec/tinc-boot/releases/latest/download/tinc-boot_linux_amd64.tar.gz | sudo tar -xz -C /usr/local/bin/ tinc-boot
```* build from source `go get -v github.com/reddec/tinc-boot/cmd/...`
* [Ansible galaxy](https://galaxy.ansible.com/reddec/tinc_boot): `ansible-galaxy install reddec.tinc_boot`* From bintray repository for most **debian**-based distribution (`trusty`, `xenial`, `bionic`, `buster`, `wheezy`):
```bash
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 379CE192D401AB61
echo "deb https://dl.bintray.com/reddec/debian {distribution} main" | sudo tee -a /etc/apt/sources.list
sudo apt install tinc-boot
```### Independent maintainers
* **Arch Linux** in
AUR [package `tinc-boot-git`](https://aur.archlinux.org/packages/tinc-boot-git/): `yaourt -S tinc-boot-git`### Support
* [Community Discord](https://discord.gg/eBzNeC9)
* [Contact me](https://reddec.net/about/)### Build requirements
* go 1.13+
## Documentation
* Available by `--help` for all commands
* Available in [MANUAL.md](MANUAL.md)## Runtime requirements
* Linux
* `tincd 1.10.xx`
* `bash`
* (recommended) `systemd`## Tested operation systems
* Ubuntu 18.04 x64
* Archlinux (Q1 2019) x64
* Manjaro (Q1 2019) x64Should work on all major linux systems, except generated helpers useful only for systemd-based OS.
# Quick start
Download/build binary to `/usr/local/bin/tinc-boot`.
## First node
```
sudo tinc-boot gen --standalone -a
```and follow recommendations
### Explanation
* `--standalone` means that it's a first node, no need for keys exchange
` sets public address of node (if exists); could be used several times
* `-aWill generate all required files under `/etc/tinc/dnet`.
## Turn node to boot node
```
sudo tinc-boot bootnode --service --token
```and follow recommendations
### Explanation
* `--service` generates systemd file to `/etc/systemd/system/tinc-boot-{net}.service`
* `--dir` location of tinc configuration
* `--token` set's authorization token that will be used by clients## Create another node and join to net
```
sudo tinc-boot gen --token :8655
```> Don't forget add `-a ` if applicable
and follow recommendations
# How it works
* [Обзор (RU)](https://habr.com/ru/post/468213)
* [Overview (EN)](https://dev.to/reddec/tinc-boot-full-mesh-vpn-without-pain-3lg9)
# Windows
Non-primary platform, limited support, but should work
Tested only for x64
[See proof on Youtube](https://youtu.be/w84R66JVEE8)
Requirements:
1. Tinc for Windows: [download on official site](https://www.tinc-vpn.org/)
2. **Install TAP driver**!:* Go to `C:\Program Files(x86)\tinc\tap-win64`
* As administrator run `addtap.bat`3. Rename generated network adapter to the name of the network (`dnet` by-default)
Usage:
1. Launch command line As administrator
2. Navigate to the directory with `tinc-boot.exe`
3. With black-magic, `tinc-boot.exe /help` command and instructions for normal OS (*Nix) generate config