Experiment – Mesh VPN setup with Tinc
This is super short post on my experiment with setting up a mesh VPN using tinc.
Why?
- It’s used in creating a VPN out of many small networks that are geographically distributed
- There is no concept of server or client in tinc, so nodes try to talk to each other directly or through other nodes
Actors in the mesh
<name> – name for each actor
- Digital Ocean droplet <externalnyc> – to which all below actors connect to
- Digital Ocean droplet <externalblr>
- Laptop <fedora> (Home LAN)
- RaspberryPi <pi> (Home LAN)
How Actors are connected ?
- externalblr ===> externalnyc
- fedora ===> externalnyc
- pi ===> fedora
Assumption is that except externalnyc all others are behind a NAT/Firewall
IP for each actor in VPN
- externalnyc – 10.0.0.1
- externalblr – 10.0.0.3
- fedora – 10.0.0.2
- pi – 10.0.0.4
Results
- Every actor is able to talk to every other actor
- Access services that are allowed in firewall
Sources
tinc – https://www.tinc-vpn.org/documentation-1.1/Concept-Index.html
Tutorial – https://www.digitalocean.com/community/tutorials/how-to-install-tinc-and-set-up-a-basic-vpn-on-ubuntu-14-04