Linux: Install Tinc VPN mesh networking on systemd, Ubuntu, Arch, and Manjaro Linux

This is the quick-and-dirty guide to installing the Tinc virtual private network (VPN) on your systemd Linux machine. Before you start, you will need to decide the name of your VPN and the IP's to allocate to it.For our example, let's assume the VPN is called example with two machines on it named foo (IP=10.1.1.10) and bar (IP=10.1.1.20).

Take care of some housekeeping

Some directories need to exist

sudo mkdir -p /usr/local/etc/tinc/example/hosts
sudo mkdir -p /usr/local/var/run

Install compiling and building tools on foo

sudo apt install build-essential automake libssl-dev liblzo2-dev libbz2-dev zlib1g-dev libncurses5-dev libncursesw5-dev libreadline-dev
mkdir tinc
cd tinc

Build tinc

wget https://www.tinc-vpn.org/packages/tinc-1.1pre18.tar.gz
tar -xf tinc-1.1pre18.tar.gz
cd tinc-1.1pre18
./configure
make
sudo make install
cd /usr/local/etc/tinc/example

Set up Tinc

generate this machine's keys

sudo tinc -n example generate-keys 4096

create a permanent tun/tap interface

ip tuntap add dev example mode tun pi

put host information into hosts directory

create tinc-up and tinc-down scripts and make them executable

tinc-up

#!/bin/sh
echo setting up $INTERFACE
ip addr add [IP address]/24 dev $INTERFACE
ip link set $INTERFACE up

tinc-down

#!/bin/bash
ip route del [IP range]/24 dev $INTERFACE
ip addr del [IP address]/32 dev $INTERFACE
ip link set $INTERFACE down

Enable services

create service files in /lib/systemd/system

tinc.service

[Unit]
Description=Tinc VPN
After=network.target
Wants=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true
WorkingDirectory=/usr/local/etc/tinc

[Install]
WantedBy=multi-user.target

[email protected]

[Unit]
Description=Tinc net %i
Documentation=info:tinc
Documentation=man:tinc(8) man:tinc.conf(5)
Documentation=http://tinc-vpn.org/docs/
PartOf=tinc.service
ReloadPropagatedFrom=tinc.service

[Service]
Type=simple
WorkingDirectory=/usr/local/etc/tinc/%i
ExecStart=/usr/local/sbin/tincd -n %i -D
ExecReload=/usr/local/sbin/tinc -n %i reload
KillMode=mixed
Restart=on-failure
RestartSec=5
TimeoutStopSec=5

[Install]
WantedBy=tinc.service

enable tinc and tinc@example services

systemctl enable tinc
systemctl enable tinc@example

start the tinc@example service

systemctl start tinc@example

set routing to direct traffic on VPN through the tinc interface

ip route add 10.1.1.0/24 dev example via 10.1.1.10

How to debug problems and test

tincd -n example -D -d4
12 / 2020
tinctincdmesh VPNVPNtinc-1.1pre17tinc-1.1pre18peer-to-peer networkingopenVPN alternativeUbuntulinux mintvirtual private networkhow-tohow-to-install