tinc是一个组建虚拟专用网络(VPN)的工具,通过隧道及加密技术在互联网上点与点之间创建专有网络。tinc 在网络层工作,因此无需对现有软件进行修改和配置。其数据通讯经过加密和压缩,能避免敏感数据和隐私的泄露。
vps主机安装设置tinc
- debian系统
- 公网ip 12.23.34.45
- vpn名称 bbq
- vpn主机名 tcb
- vpn ip 10.0.0.11
安装tinc
使用apt install tinc -y安装tinc
➜ ~ apt install tinc -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
liblzo2-2
The following NEW packages will be installed:
liblzo2-2 tinc
0 upgraded, 2 newly installed, 0 to remove and 6 not upgraded.
Need to get 261 kB of archives.
After this operation, 831 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 liblzo2-2 amd64 2.10-2 [56.9 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 tinc amd64 1.0.36-2+b2 [204 kB]
Fetched 261 kB in 0s (2,189 kB/s)
Selecting previously unselected package liblzo2-2:amd64.
(Reading database ... 56790 files and directories currently installed.)
Preparing to unpack .../liblzo2-2_2.10-2_amd64.deb ...
Unpacking liblzo2-2:amd64 (2.10-2) ...
Selecting previously unselected package tinc.
Preparing to unpack .../tinc_1.0.36-2+b2_amd64.deb ...
Unpacking tinc (1.0.36-2+b2) ...
Setting up liblzo2-2:amd64 (2.10-2) ...
Setting up tinc (1.0.36-2+b2) ...
Created symlink /etc/systemd/system/multi-user.target.wants/tinc.service → /lib/systemd/system/tinc.service.
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for libc-bin (2.36-9+deb12u9) ...
新建vpn配置目录
以vpn名称新建配置目录
mkdir -p /etc/tinc/bbq/
mkdir -p /etc/tinc/bbq/hosts
tinc vpn配置文件
新建配置文件
vi /etc/tinc/bbq/tinc.conf
内容如下:
# vpn主机名
Name = tcb
# 网卡接口名
Interface = tinc
tinc启动脚本
创建启动脚本vi /etc/tinc/bbq/tinc-up,内容如下:
#!/bin/sh
ifconfig $INTERFACE 10.0.0.11 netmask 255.255.255.0
创建关闭脚本vi /etc/tinc/bbq/tinc-down,内容如下:
#!/bin/sh
ifconfig $INTERFACE down
修改脚本权限
chmod +x /etc/tinc/bbq/tinc-up
chmod +x /etc/tinc/bbq/tinc-down
tinc主机配置文件
创建主机配置文件 vi /etc/tinc/bbq/hosts/tcb,内容如下:
## 公网ip
Address = 12.23.34.45
## vpn subnet
Subnet = 10.0.0.11/32
tinc密钥管理
使用tincd生成密钥tincd -n bbq -K 4096
➜tincd -n bbq -K 4096
Generating 4096 bits keys:
.+....+..+....+............+..+..................+...+....+......+..+....+.....+....+.....+..........+..+...+......+.+..+...+..........+.....+........................+..........+.....+.......+...+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ p
Done.
Please enter a file to save private RSA key to [/etc/tinc/bbq/rsa_key.priv]:
Please enter a file to save public RSA key to [/etc/tinc/bbq/hosts/tcb]:
tinc服务管理
使用systemd服务区系统
systemd配置启动tinc服务
systemctl enable tinc@bbq
systemctl start tinc@bbq
检查虚拟网卡和服务状态
➜ systemctl status [email protected]
● [email protected] - Tinc net bbq
Loaded: loaded (/lib/systemd/system/[email protected]; enabled; preset: enabled)
Active: active (running) since Wed 2025-02-12 22:35:16 PST; 10s ago
Docs: info:tinc
man:tinc(8)
man:tinc.conf(5)
http://tinc-vpn.org/docs/
Main PID: 1452 (tincd)
Tasks: 1 (limit: 815)
Memory: 860.0K
CPU: 15ms
CGroup: /system.slice/system-tinc.slice/[email protected]
└─1452 /usr/sbin/tincd -n bbq -D
Feb 12 22:35:16 bwg systemd[1]: Started [email protected] - Tinc net bbq.
Feb 12 22:35:16 bwg tincd[1452]: tincd 1.0.36 starting, debug level 0
Feb 12 22:35:16 bwg tincd[1452]: /dev/net/tun is a Linux tun/tap device (tun mode)
Feb 12 22:35:16 bwg tincd[1452]: Ready
➜ ip a
9: tinc: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 500
link/none
inet 10.0.0.11/24 scope global tinc
valid_lft forever preferred_lft forever
inet6 fe80::cf33:a7c9:2d4e:e5b3/64 scope link stable-privacy
valid_lft forever preferred_lft forever
使用sysvinit服务管理系统
如果你使用的是sysvinit管理服务,那么就需要将bbq添加进/etc/tinc/nets.boot文件
本地PC安装设置tinc
- vpn名称 bbq
- vpn主机名 tcd
- vpn ip 10.0.0.22
安装tinc apt install tinc -y
以vpn名称新建配置目录 mkdir -p /etc/tinc/bbq/hosts
新建vpn配置文件 vi /etc/tinc/bbq/tinc.conf内容如下:
# vpn主机名
Name = tcd
# vpn服务主机名
ConnectTo = tcb
# 网卡接口名
Interface = tinc
创建启动脚本vi /etc/tinc/bbq/tinc-up,内容如下:
#!/bin/sh
ifconfig $INTERFACE 10.0.0.22 netmask 255.255.255.0
创建关闭脚本vi /etc/tinc/bbq/tinc-down,内容如下:
#!/bin/sh
ifconfig $INTERFACE down
修改脚本权限
chmod +x /etc/tinc/bbq/tinc-up
chmod +x /etc/tinc/bbq/tinc-down
创建主机配置文件 vi /etc/tinc/bbq/hosts/tcd,内容如下:
# vpn subnet
Subnet = 10.0.0.22/32
使用tincd生成密钥tincd -n bbq -K 4096
➜ ~ tincd -n bbq -K 4096
Generating 4096 bits keys:
...+.....+............+.........+.+........+......+....+..+.........+......+....+...........+....+...+......+.....+..............+.....+.........+.............+...........+....+...+..+......+.+...............+...+..+......+...+..........+..+...+.......+............+..+.............+...+...+.....+......+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ p
Done.
Please enter a file to save private RSA key to [/etc/tinc/bbq/rsa_key.priv]:
Please enter a file to save public RSA key to [/etc/tinc/bbq/hosts/tcd]:
将pc配置上传至vps主机同目录
scp /etc/tinc/bbq/hosts/tcd root@vpsip:/etc/tinc/bbq/hosts/tcd
tcdp 100% 799 3.6KB/s 00:00
将vps配置下载至pc同目录
➜ ~ scp root@vpsip:/etc/tinc/bbq/hosts/tcb /etc/tinc/bbq/hosts/tcb
tcbwg 100% 59 0.1KB/s 00:00
systemd配置启动tinc服务
systemctl enable tinc@bbq
systemctl start tinc@bbq
systemctl status tinc@bbq
检查虚拟网卡和服务状态
➜ hosts systemctl status [email protected]
● [email protected] - Tinc net bbq
Loaded: loaded (/lib/systemd/system/[email protected]; enabled; preset: enabled)
Active: active (running) since Thu 2025-02-13 14:54:48 CST; 42s ago
Docs: info:tinc
man:tinc(8)
man:tinc.conf(5)
http://tinc-vpn.org/docs/
Main PID: 1651 (tincd)
Tasks: 1 (limit: 1020)
Memory: 1.0M
CPU: 59ms
CGroup: /system.slice/system-tinc.slice/[email protected]
└─1651 /usr/sbin/tincd -n bbq -D
2月 13 14:54:48 dietpi systemd[1]: Started [email protected] - Tinc net bbq.
2月 13 14:54:48 dietpi tincd[1651]: tincd 1.0.36 starting, debug level 0
2月 13 14:54:48 dietpi tincd[1651]: /dev/net/tun is a Linux tun/tap device (tun mode)
2月 13 14:54:48 dietpi tincd[1651]: Ready
➜ hosts ip a
5: tinc: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 10.0.0.22/24 scope global tinc
valid_lft forever preferred_lft forever
inet6 fe80::37e5:c3f2:d09:131d/64 scope link stable-privacy
valid_lft forever preferred_lft forever
测试互通效果
ping测试
# 本地pc ping服务器
➜ ~ ping -c 5 10.0.0.11
PING 10.0.0.11 (10.0.0.11) 56(84) bytes of data.
64 bytes from 10.0.0.11: icmp_seq=1 ttl=64 time=202 ms
64 bytes from 10.0.0.11: icmp_seq=2 ttl=64 time=212 ms
64 bytes from 10.0.0.11: icmp_seq=3 ttl=64 time=198 ms
64 bytes from 10.0.0.11: icmp_seq=4 ttl=64 time=201 ms
64 bytes from 10.0.0.11: icmp_seq=5 ttl=64 time=203 ms
--- 10.0.0.11 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4009ms
rtt min/avg/max/mdev = 197.765/203.114/211.705/4.642 ms
# 服务器ping本地pc
➜ ~ ping -c 5 10.0.0.22
PING 10.0.0.22 (10.0.0.22) 56(84) bytes of data.
64 bytes from 10.0.0.22: icmp_seq=1 ttl=64 time=200 ms
64 bytes from 10.0.0.22: icmp_seq=2 ttl=64 time=198 ms
64 bytes from 10.0.0.22: icmp_seq=3 ttl=64 time=203 ms
64 bytes from 10.0.0.22: icmp_seq=4 ttl=64 time=217 ms
64 bytes from 10.0.0.22: icmp_seq=5 ttl=64 time=208 ms
--- 10.0.0.22 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 198.229/205.123/216.801/6.694 ms
iperf3测试
➜ ~ iperf3 -s
-----------------------------------------------------------
Server listening on 5201 (test #1)
-----------------------------------------------------------
Accepted connection from 10.0.0.22, port 56980
[ 5] local 10.0.0.11 port 5201 connected to 10.0.0.22 port 56986
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 203 KBytes 1.66 Mbits/sec
[ 5] 1.00-2.00 sec 881 KBytes 7.21 Mbits/sec
[ 5] 2.00-3.00 sec 1.06 MBytes 8.90 Mbits/sec
[ 5] 3.00-4.00 sec 1.35 MBytes 11.3 Mbits/sec
[ 5] 4.00-5.00 sec 1.53 MBytes 12.8 Mbits/sec
[ 5] 5.00-6.00 sec 1.48 MBytes 12.5 Mbits/sec
[ 5] 6.00-7.00 sec 1.73 MBytes 14.5 Mbits/sec
[ 5] 7.00-8.00 sec 1.79 MBytes 15.0 Mbits/sec
[ 5] 8.00-9.00 sec 1.61 MBytes 13.5 Mbits/sec
[ 5] 9.00-10.00 sec 925 KBytes 7.58 Mbits/sec
[ 5] 10.00-10.36 sec 1.27 MBytes 29.3 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.36 sec 13.8 MBytes 11.2 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201 (test #2)
-----------------------------------------------------------
^Ciperf3: interrupt - the server has terminated
➜ ~ iperf3 -c 10.0.0.11
Connecting to host 10.0.0.11, port 5201
[ 5] local 10.0.0.22 port 56986 connected to 10.0.0.11 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 755 KBytes 6.18 Mbits/sec 0 185 KBytes
[ 5] 1.00-2.00 sec 763 KBytes 6.25 Mbits/sec 0 229 KBytes
[ 5] 2.00-3.00 sec 1.18 MBytes 9.90 Mbits/sec 0 283 KBytes
[ 5] 3.00-4.00 sec 1.43 MBytes 12.0 Mbits/sec 0 352 KBytes
[ 5] 4.00-5.00 sec 1.80 MBytes 15.1 Mbits/sec 0 427 KBytes
[ 5] 5.00-6.00 sec 1.55 MBytes 13.0 Mbits/sec 0 504 KBytes
[ 5] 6.00-7.00 sec 1.80 MBytes 15.1 Mbits/sec 0 594 KBytes
[ 5] 7.00-8.00 sec 2.11 MBytes 17.7 Mbits/sec 0 683 KBytes
[ 5] 8.00-9.00 sec 1.55 MBytes 13.0 Mbits/sec 0 761 KBytes
[ 5] 9.00-10.00 sec 1.74 MBytes 14.6 Mbits/sec 23 571 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 14.6 MBytes 12.3 Mbits/sec 23 sender
[ 5] 0.00-10.36 sec 13.8 MBytes 11.2 Mbits/sec receiver
iperf Done.