![]() This will create a skeleton setup in /etc/tinc. ![]() We’re going to create a VPN between two local machines called star and moon, so starting on machine star (I’m working as root, if you want to do this as a user, insert sudo’s as required) This example is using Ubuntu, it will be the same or similar on other distros. ![]() Whereas this can be scripted, I’m doing this in detail from first principles to hopefully demonstrate how it all fits together. So for example if you’re running a remote system upgrade over a VPN and you’ve forgotten to start it with screen, OpenVPN is a bit of a worry. With tinc this typically doesn’t happen unless you suffer a prelonged outage or try to put lots of data over your paused ssh session. People familiar with OpenVPN will be aware that if your OpenVPN connection drops for any reason, by the time it’s reconnected your SSH sessions may well have expired or decided to drop. (which is rather better than point-to-point in terms of resilience) Again in terms of resilience, fail-over / reconnects tend to be transparent. There is no effective difference between clients and servers, you become a node and are able to connect to any other node. Why “tinc” tinc implements a mesh protocol, which means you’re not just connected to one server. (caveat I’ve not used OpenVPN for some time, so if any of this has changed, please update me!) Con’s however, I can think of many, but the fundamental issue is that it’s a point-to-point protocol, which is to say the least limiting. But then given it’s all about security, one might ask what’s the point if you’re going to install it on certain other Operating Systems. OpenVPN has a number of Pro’s, one for example is that it’s fairly cross-platform. There are many options when it comes to VPN software, the one you may have come across is called OpenVPN, the one I’m going to cover is the one that I use which is called tinc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |