Monday, January 21, 2013

Rrjeta private VPN me TINC


Une i kam dy PC ne shtepi me lidhje interneti prej 100 Mbps, nje PC te fuqishem ne pune dhe telefon Samsung Galaxy S2 i9100 me internet pa limit (21 Mbps)

Kam pas nevoje qe krejt kto me i lidh bashke qe me mujt me ba shares, remote control, me ba backup me Crashplan, LAN lojna, voip, etj. Masi une jetoj ne Suedi kam dasht me e lidh edhe familjen ne Kosove ne te njejten rrjete.

Shenim: njohuria ime per rrjeta eshte shum e limitume edhe me e instalu e rregullu TINC kerkon kogja njohuri n'rrjeta. Pershkak ksaj edhe kam pas shum probleme me e rregullu TINC. Por nese keni pytje kam me u mundu me ju ndihmu sa ma shum.

Para se me fillu duheni me pas parasysh qe duheni me pas 1 IP publike dhe duheni me mujt me ba forward porten 655 ne makinen ku TINC ka me punu.

Instalo TINC VPN ne Microsoft Windows


S'pari shkarkone Tinc prej http://www.tinc-vpn.org/download/. I keni dy mundesi Stable dhe Pre-Release, une e kam provu Pre-release mirpo ka pas nje problem qe pas ni kohe Tinc ka hy me nje loop edhe eshte ndal qe gjithashtu ka fillu me marr shum CPU, keshtuqe ju rekomandoj Stable verzionin. Gjithashtu konfigurimi osht pak ma ndryshe prej Stable edhe PreRelease. Ne fund te fundit ju doni mos me mendu per to pasi ta rregulloni.

Ketu i keni disa instrukcione qysh me instalu http://www.tinc-vpn.org/examples/windows-install/ edhe me konfiguru mirpo konfigurimin e bajme ketu.

Pasi ta keni instalu Tinc, instalone kartelen virtuale te rrjetes duke startu addtap.bat si administrator (kliko me tast te djathte dhe zgjedhe Run as Administrator)



Konfiguro TINC VPN ne Microsoft Windows


Shenim: Tinc i run konfigurimet ne te njejtin vend ku osht i instalum qe osht pak problem me punu me to nese e keni UAC te aktivizume (nese nuk e di qka osht ather e ki te aktivizume).

Per me konfiguru kemi me perdor CMD Command Prompt por ju lirisht mundeni me perdor Notepad apo naj text editor tjeter si Notepad++.

Per me startu cmd.exe si administrator kliko ne start menu dhe shkruje direkt "cmd", klikoje me tast t'djathte dhe zgjedhe Run as Administrator (me rendsi).



Ne cmd shkruj komandad qe jan ktu me Italic
Pe llogarisim qe ky kompjuter osht qe ka me pas porten 655 te hapun ne IP adresen publike e tjert kompjutera mbrapa NAT qe kan mu lidh ne kete kompjuter.

cd "c:\Program Files (x86)\tinc"
mkdir base - folderit po ia vnojme emrin e njejt si te konfigurimit
echo Name = base > base\tinc.conf - Kjo osht emri kti vpn
echo Interface = tincvpn >> base\tinc.conf - Nese ke kriju shum kartela virtuale ather ktu e shkrun cilen ka me perdor ky konfigurim (sepse mundesh me pas shum vpn :) )

Tash duhet me kriju edhe ni folder ne "base" me emrin "hosts" ku kemi me i rujt shenimet e ketij kompjuteri edhe tjerve qe kemi mi lidh ma vone.

mkdir base\hosts
echo Subnet = 172.20.1.1/32 > base\hosts\base

echo Address = 1.2.3.4 >> base\hosts\base

ose
echo Address = mybase.dyndns.org >> base\hosts\base

Adresa ktu duhet me u kan IP adresa publike, mos e perdor 1.2.3.4 veq shembull osht. Nese keni IP dinamike dmth qe ndryshon shpesh at'her ju rekomandoj me perdor naj free Dynamic DNS providers qe me perdor hostname ne vend te IP (psh. filani.dyndns.org)


Hapi tjeter osht me i gjeneru celesat per sigurim qe veq atyne qe ju besojm e ja u japim fajlin me celes mujn me u lidh ne rrjeten tone.

tincd.exe -n base -K

pranoj ato qka rekomandon tinc duke shtyp dy here enter

duhet me u dok diqka keshtu:


Nese e hap fajlin base\hosts\base me notepad duhet me u dok diqka kshtu:
Subnet = 172.20.1.1/32 
Address = mybase.dyndns.org 

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA83RaNhLW0YzwpVQ2094qMRCtxRyhSrLmQSxKXox5BjaK8lqz4FSx
RMWbwUjl66YhIczUkV8PvXIlVRXknjsKkwlHyQxWY2lZQjdl7mrKgON64LQDF1SJ
7o8PWMV2a4Pe5vV8EdStEP9Z/17azF4vG0OKcIsKmXrd4eMdlWLb+TZJ1UA9Lp/G
4kxLIE/KJDdXye/cmnp+xX2Rl3Pgid8CAlIlMST3mh8q9reYKwNvH9dzNtzESBwp
R1tO/TrH+1Mx0p66vaZL4WWiwSf20VZFibOMDZlNG29ow4K96OtqoqsTzdY9UOhy
w0tYr75zrhub06yB99+q3Kzrqvpu4nIlbwIDAQAB
-----END RSA PUBLIC KEY-----

Dhe base\tinc.conf diqka kshtu:

Name = base 
Interface = tincvpn 

Ata qe nuk dojn me shkru ne CMD munden me i kriju krejt kto konfigurime tu e perdor Notepad. Fajlat duhet me u kopju ne vende te sakta si ne shembullin tone "C:\Program Files (x86)\tinc\base\". Mirepo, ju duhet prap se prap me perdor CMD per me i kriju celsat, mos u mundoni me perdor ato qka e kom shkru une se osht edhe ni pjese tjeter qe ju nuk e shihni e nuk ka me ju punu pa to.

Tash duhet me konfiguru kartelen e rrjetes qe e kemi kriju n'fillim mas instalimit te Tinc.

Shko ne "Control Panel\Network and Internet\Network Connections" dhe ndrroja emrin karteles "TAP-Win32 Adapter" qe e ka "Local Area Connection x" ne "tincvpn".
Me tast te djathte klikoje edhe zgjedhe properties, Internet Protocol Version 4 (TCP/IPv4) dhe kliko Properties prap
Sheno IP adresen: 172.20.1.1
Subnet: 255.255.255.0

Une e kam perdor ket rrjete 172.20.1.0/24 se ato qe fillojne me 192 edhe 10 m'kane ba shum problem masi i perdori ne shpi edhe ne pune.
OK, kompjuteri jone i pare u kry, tash ta rregullojme kompjuterin e dyte.


Kompjuteri II


Instaloje Tinc edhe startoje CMD

cd "c:\Program Files (x86)\tinc"
mkdir homeserver
echo Name = homeserver > homeserver\tinc.conf
echo ConnectTo = base >> homeserver\tinc.conf
echo Interface = tincvpn >> homeserver\tinc.conf
mkdir homeserver\hosts
echo Subnet = 172.20.1.2/32 > homeserver\hosts\homeserver
tincd.exe -n homeserver -K

Nese pe vereni nuk e kam shkru "Address = mybase.dyndns.org" se kjo adrese osht interesant veq nese ki IP publike e ky kompjuter eshte mbrapa NAT. Mirpo kemi shtu "ConnectTo = base" se qekjo i tregon ku me u lidh.

homeserver\tinc.conf
Subnet = 172.20.1.2/32 

-----BEGIN RSA PUBLIC KEY-----
7o8PWMV2a4Pe5vV8EdStEP9Z/17azF4vG0OKcIsKmXrd4eMdlWLb+TZJ1UA9Lp/G
feIBCgKCAQEA83RaNhLW0YzwpVQ2094qMRCtxRyhSrLmQSxKXox5BjaK8lqz4FSx
RMWbwUjl66YhIczUkV8PvXIlVRXknjsKkwlHyQxWY2lZQjdl7mrKgON64LQDF1SJ
4kxLIE/KJDdXye/cmnp+xX2Rl3Pgid8CAlIlMST3mh8q9reYKwNvH9dzNtzESBwp
R1tO/TrH+1Mx0p66vaZL4WWiwSf20VZFibOMDZlNG29ow4K96OtqoqsTzdY9UOhy
w0tYr75zrhub06yB99+q3Kzrqvpu4nIlbwIDAQAB
-----END RSA PUBLIC KEY-----

homeserver\hosts\homeserver
Name = homeserver
ConnectTo = base
Interface = tincvpn 

Konfiguroje kartelen e rrjetes qe e kemi instalu pas Tinc-ut, ndrroja emrin ne "tincvpn" dhe shkruj keto IP:

IP: 172.20.1.2
Subnet: 255.255.255.0


Shkembimi i çelsave


Kopjo host fajlin prej kompjuterit t'pare te kompjuteri dyte njashtu edhe prej kompjuterit t'dyte te i pari.

Kopjo fajlin "C:\Program Files (x86)\tinc\base\hosts\base" prej kompjuteri t'pare te "C:\Program Files (x86)\tinc\homeserver\hosts\" qe osht ne kompjuterin e dyte.
Tani kopjo fajlin "C:\Program Files (x86)\tinc\homesever\hosts\homeserver" prej kompjuterit t'dyte te  "C:\Program Files (x86)\tinc\homeserver\hosts\" kompjuteri pare.
Pra secili kompjuter e ka host fajlin e secilit kompjuter.

Startoje TINCD


Jemi gati, komanda e fundit qe do ta ekzekutojme ne kompjuterin e pare osht:
tincd.exe -n base

Kjo ka me kriju ni service edhe me startu. (Servisi e starton automatikisht VPN kur kompjuteri te starton apo nese keni ba restart)

Edhe gati njejt ne kompjuterin e dyte:
tincd.exe -n homeserver 

U kry!


Nese keni probleme


Perveq nese keni naj firewall qe nuk ju le me pingu, perndryshe Pingu osht mjeti ma i mire per me kontrollu lidhjen e rrjetave. Ndaloje perkosisht firewall ne secilin kompjuter edhe pingoj kompjuterat mes veti per me kontrollu a osht gjithqka ne rregull. Na jemi duke i perdor IP-te 172.20.1.1 dhe 172.20.1.2 pra pingoj prej dy kompjuterave.

Deri sa jeni tu mundu me gjet problemin ju kisha rekomandu qe me startu TINC ne debug mode qe me pa se cka po ndodh. Nale servisin nese osht i startu edhe startoje TINC kshtu:

tincd.exe -n base -d3 -D

Per ma shum informata, dokumentacion, shembuj perdorni dokumentacionin oficial http://www.tinc-vpn.org/documentation/tinc_toc.html#SEC_Contents

Android


Une e kam +CyanogenMod 10.1 ne Galaxy S2 i9100 edhe punon shum mire, nuk jam i sigurt qysh ka me punu ne telefona edhe Rom-a tjere.

Masi osht kogja telashe me i kriju krejt ato konfigurime prej telefonit, na do ta perodim kompjuterin Base per ate pune.

cd "c:\Program Files (x86)\tinc"
mkdir android

echo ScriptsInterpreter = /system/bin/sh > android\tinc.conf

echo Device = /dev/tun >> android\tinc.conf
echo Name = android >> android\tinc.conf
echo ConnectTo = base >> android\tinc.conf

mkdir android\hosts

echo Subnet = 172.20.1.3/32 > android\hosts\android

tincd.exe -n android -K

Per android na vyn nje extra file "tinc-up" per me konfiguru rrjeten

echo #!/bin/sh > android\tinc-up

echo ifconfig $INTERFACE 172.20.1.3 netmask 255.255.255.0 >> android\tinc-up

Kshtu doken fajlat perafersisht nese i lexoni me naj tekst editor:

android\tinc.conf
Subnet = 172.20.1.3/32 

-----BEGIN RSA PUBLIC KEY-----
R1tO/TrH+1Mx0p66vaZL4WWiwSf20VZFibOMDZlNG29ow4K96OtqoqsTzdY9UOhy
feIBCgKCAQEA83RaNhLW0YzwpVQ2094qMRCtxRyhSrLmQSxKXox5BjaK8lqz4FSx
RMWbwUjl66YhIczUkV8PvXIlVRXknjsKkwlHyQxWY2lZQjdl7mrKgON64LQDF1SJ
4kxLIE/KJDdXye/cmnp+xX2Rl3Pgid8CAlIlMST3mh8q9reYKwNvH9dzNtzESBwp
w0tYr75zrhub06yB99+q3Kzrqvpu4nIlbwIDAQAB
-----END RSA PUBLIC KEY-----

android\hosts\android
ScriptsInterpreter = /system/bin/sh
Device = /dev/tun
Name = android
ConnectTo = base

android\tinc-up
#!/bin/sh
ifconfig $INTERFACE 172.20.1.3 netmask 255.255.255.0

VREJTJE mos harroni me i shkemby host fajlat prej ktij "android" edhe "base", tani kopjo krejt "android" folderin prej kompjuteit ne android telefonin tuj.


Merre Tinc GUI prej Google Play Store ne telefon, hape, preke ikonen e vegles, zgjedhe Configuration path dhe zgjedhe folderin ku e ke kopju folderin "android" prej kompjuterit, preke OK, Execute as Super User dhe shko mbrapa.

Preke start edhe kenaqu.

Nese t'del naj error rreth /dev/tun hjeke qat rresht edhe provo apet.


Linux


Kam mujt me provu veq me nje Debian server ku per fat ka edhe IP publike qe na ndihmon me eliminu piken e dobet e veq ni serverit me IP publike ku nese nje prej ktyne del offline tjetri osht online :) Mirpo kam pas shum pak me provu ne linux kshtu qe ka mundesi qe ka nevoje per ma shum perpunim.

apt-get update
apt-get install tinc
press enter
mkdir -p /etc/tinc/debsrv/hosts
cd /etc/tinc/

echo Name = debsrv > debsrv/tinc.conf
echo ConnectTo = base >> debsrv/tinc.conf
echo Interface = tincvpn >> debsrv/tinc.conf

echo Subnet = 172.20.1.6/32 > debsrv/hosts/debsrv
echo Address = nfsserver.dyndns.org >> debsrv/hosts/debsrv

tincd -n debsrv -K

echo debsrv >> /etc/tinc/nets.boot
echo '#!/bin/sh' | tee -a tinc-up tinc-down
echo 'ifconfig $INTERFACE 172.20.1.6 netmask 255.255.255.0' | tee -a tinc-up
echo 'ifconfig $INTERFACE down' | tee -a tinc-down
chmod 755 tinc-up tinc-down

Mos harroni me i shkemby host fajlat mes kti serveri edhe base serverit gjithashtu edhe me kompjuterat tjere.

Nese i kemi dy kompjutera me IP publike mundemi me i pas dy vija ConnectTo ne cdo konfigurim ashtu qe nese naj server bjen kompjuterat lidhen automatikisht te tjetri, ne fakt ata lidhen prej fillimit ne dyjat :)
ConnectTo = base
ConnectTo = debsrv

Shfrytzimi i "Cloud" sherbimeve


Une e du shume +Dropbox qe e kam te instalume ne krejt kompjuterat e paisjet qe i perdori edhe e perdori gati ne cdo hap. Masi e kam ne cdo kompjuter me ka hy ne pune edhe ma shum sa i perket fajlat e konfigurimeve per Tinc.

E kam kriju ni folder Tinc edhe nenfolderat per secilin kompjuter. Tani kam kriju symlink (shortcut) ne folder tinc ne C:\Program Files (x86)\tinc\ duke perdor komanden "mklink":
Ne kompjuterin e pare: mklink /D C:\Program Files (x86)\tinc\base C:\Users\Ilir\Dropbox\Tinc\base
Kompjuteri dyte: mklink /D C:\Program Files (x86)\tinc\homeserver C:\Users\Ilir\Dropbox\Tinc\homeserver

Tu e perdor ket metode i kam krejt senet e centralizume kshtu qe nese baj naj ndryshim qe prek krejt kompjuterat tjere nuk kam nevoj me shku te secili e me i ba ndryshimet po krejt i baj prej cilit do kompjuter. Si psh me shtu naj kompjuter e me kopju host fajlat ne krejt kompjuterat tjere (:

Ne fakt ju mundeni me perdor cilin do servis si psh +Google Drive, AeroFS, Skydrive, Box...


Per fund


Une nuk jam person shum kompetent n'ket lami, i kam hy rrjetav private veq prej nevojes. TINC me ka impresionu me thjeshtsine edhe punen e tij edhe me ka hy ne pune shum saqe me ka shty me shkru ket tutorial per tjeret me perdor.

E sa per TINC deri tash jam shum i knaqun, ka disa jave qe kam fillu me perdor edhe nuk kam pas naj telashe, mesiguri ka me pas naj problem, konfigurim ma te thjesht e ma te mire a ku ta di.

Kam pa qe ka edhe disa zgjidhje tjera per rrjeta private VPN si kjo edhe kam me i provu, nashta jane edhe ma te mire e ma te thjesht.

Tuesday, January 8, 2013

Allow application to run only when you are connected to VPN with AutoHotKey

I recently started using +AutoHotkey  to automate things and i really like it, and I'm going to post a series of my scripts that i use.

This AHK script is about checking if I'm connected to certain VPN (or one of them if there are many) and start a backup, perform a set of actions,start an application, run uTorrent :) basically anything you can think of.
It will do a check every 10 sec to see if you are connected, if the VPN connection is dropped it will close the application and start it if connection is back.

To get started download and install AutoHotKey from http://www.autohotkey.com/

I also recommend SciTE4AutoHotkey editor http://www.autohotkey.net/~fincs/SciTE4AutoHotkey_3/web/ to create, edit, debug scripts.

Copy the entire code (in blue) and paste it in a new file and save it with extension .ahk.
Tip: If you are using Notepad and want to have different file extension than .txt include the whole filename in quotas like "checkVpn.ahk" when you save the file.

To run it just double click on the file and it will run in background which you can find it in system tray.

To have this run when Windows starts make a shortcut of this file in Startup folder in Startmenu or just move the script there.

For this example i have used uTorrent.exe \m/
And only changes you have to make is your VPN IP list column delimited, e.g.:
I have three different VPN connections whose IPs start with
10.0.1.3
10.0.2.23
10.0.3.132
Since i know the first 10.0.1 won't change i use only those and make it
10.0.1:10.0.2:10.0.3
Applications filename and
Applications full path

Enjoy
VPNIP = 10.0.1:10.0.2:10.0.3 ;Write your VPN IP or part of it, if you have many separate them using column :
app = uTorrent.exe ;Write the file name of the app
appFullPath = "C:\Program Files (x86)\uTorrent\uTorrent.exe" ;Write the full path including filename of the app

Loop ;perform the main action
{
 global Connected, app, appFullPath
 Process, Exist, %app%
 AppRunning = %ErrorLevel%
 Sleep, 10000
 CheckIP()
 If (Connected = 1)
  {
  If (AppRunning = 0) ; If it is not running
   {
   Run, %appFullPath%
   }
  else
  continue
  } 
 else
 {
  If (AppRunning > 0)
  Process, Close, %app%
 }
}

CheckIP() ;checks if we are connected to VPN and set variable Connected to 0|1
{
 global VPNIP
 StringSplit, IPArray, VPNIP, :
 LocalIP = %A_IPAddress1%,%A_IPAddress2%,%A_IPAddress3%,%A_IPAddress4%
 Matches = 0
 Loop, %IPArray0%
 {
  Each := IPArray%A_Index%
  IfInString, LocalIP, %Each%
   Matches++
 }
 If Matches > 0
  Connected = 1
 else
  Connected = 0
}

Sunday, January 6, 2013

Private VPN with TINC

I have two computers at home on 100Mbps broadband internet connection, a very powerful computer at work and a Samsung Galaxy S2 i9100 smartphone on unlimited mobile broadband (21 Mbps).

What i wanted to have is a secure and seamless connection between these devices to share things, RDP, Crashplan backup, LAN gaming, etc. Also option to connect my home in Kosovo where my parents live into this network.

DISCLAIMER: My knowledge in networking is very very limited and setting up TINC requires quite a knowledge in networking and this was my biggest struggle getting it up and running. While if you have questions I'll try to help you as much as i can but the help might be limited.

To make this work you will need to have at least one public IP address and able to forward a port 655 to machine running the TINC.

Okay let's start.

Install TINC VPN on Microsoft Windows

First download Tinc http://www.tinc-vpn.org/download/. You have two options, Stable and Pre-Release. I started with Pre-Release but there was one bug that after a while the tinc went into a loop and stopped working (also consuming CPU) so i suggest you go with Stable, also they are slightly differently configured. After all, you want to set this up and forget it.

Install TINC, http://www.tinc-vpn.org/examples/windows-install/ there you'll find instructions how to install and even configure but the part at configuring we'll handle here.

After you have installed Tinc, install virtual network device by running addtap.bat as administrator (right click and choose Run as Administrator), depending on you operating system you can find it in C:\Program Files (x86)\tinc\tap-win64 or C:\Program Files (x86)\tinc\tap-win32 or if you have 32 bit OS C:\Program Files\tinc\tap-win32.


Configure TINC VPN on Microsoft Windows

Note: the Tinc uses configuration files in same location as it's installed making a little bit harder to work with configuration files if you have UAC on.

In this post we will use CMD to make most of the configuration but feel free to use plain old Notepad or your text editor of your choice (probably Notepad++).

To Run CMD.exe as Administrator click start menu (win key) and type cmd then right click and choose Run as Administrator (important)



Now begin by typing only the commands in Italic
I assume that this will be the computer which will have port 655 open on public IP and other computers/devices behind NAT will connect to it.

cd "c:\Program Files (x86)\tinc"
mkdir base - i will call this 1st computer "base"
echo Name = base > base\tinc.conf - This will give the name to this vpn
echo Interface = tincvpn >> base\tinc.conf - If you have created multiple network devices then you write here which one will this configuration use (because you can have multiple vpns :) )

Now we need to create a folder in "base" called "hosts" where we will put information about this computer and other we will connect latter.
mkdir base\hosts
echo Subnet = 172.20.1.1/32 > base\hosts\base

echo Address = 1.2.3.4 >> base\hosts\base

or
echo Address = mybase.dyndns.org >> base\hosts\base

Address here should be your public IP address, don't use 1.2.3.4. If you don't have static IP then i really recommend using one of many free dynamic dns providers and add that instead of IP.


Next step is to generate keypair for security so that only to the ones we trust and give host file with key will be able to connect to our network.

tincd.exe -n base -K

and accept the defaults by pressing enter twice.


It should look something like this:


If you open base\hosts\base with text editor it will look something like this:

Subnet = 172.20.1.1/32 
Address = mybase.dyndns.org 

-----BEGIN RSA PUBLIC KEY-----

MIIBCgKCAQEA83RaNhLW0YzwpVQ2094qMRCtxRyhSrLmQSxKXox5BjaK8lqz4FSx
RMWbwUjl66YhIczUkV8PvXIlVRXknjsKkwlHyQxWY2lZQjdl7mrKgON64LQDF1SJ
7o8PWMV2a4Pe5vV8EdStEP9Z/17azF4vG0OKcIsKmXrd4eMdlWLb+TZJ1UA9Lp/G
4kxLIE/KJDdXye/cmnp+xX2Rl3Pgid8CAlIlMST3mh8q9reYKwNvH9dzNtzESBwp
R1tO/TrH+1Mx0p66vaZL4WWiwSf20VZFibOMDZlNG29ow4K96OtqoqsTzdY9UOhy
w0tYr75zrhub06yB99+q3Kzrqvpu4nIlbwIDAQAB
-----END RSA PUBLIC KEY-----


And base\tinc.conf something like this:

Name = base 
Interface = tincvpn 

Those who don't want to type into CMD you can create all these configurations using a notepad then copy into correct location (our example "C:\Program Files (x86)\tinc\base\"). Thou, you will still need to generate keypair because using my Public Key won't work if you don't have the Private Key.

Now we have to configure the network interface which we created at the very beginning after we installed Tinc.
Go to Control Panel\Network and Internet\Network Connections and rename the device TAP-Win32 Adapter with name Local Area Connection x to "tincvpn".
Right click it and choose properties, select Internet Protocol Version 4 (TCP/IPv4) and click Properties
Enter IP: 172.20.1.1
Subnet: 255.255.255.0

I have used this subnet 172.20.1.0/24 because 192 and 10 was causing all kind of trouble due to being used at work and home.
OK our first machine is done. Lets install and configure the second machine.

Second Machine

Install Tinc and fire up CMD

cd "c:\Program Files (x86)\tinc"
mkdir homeserver
echo Name = homeserver > homeserver\tinc.conf
echo ConnectTo = base >> homeserver\tinc.conf
echo Interface = tincvpn >> homeserver\tinc.conf
mkdir homeserver\hosts
echo Subnet = 172.20.1.2/32 > homeserver\hosts\homeserver
tincd.exe -n homeserver -K

If you observed well we omitted the last command echo Address = mybase.dyndns.org >> base\hosts\base because this option "Address" defines the public IP and this computer is behind NAT. And, added a new one "ConnectTo = base" so that this will connect to our base vpn.


Configure the Networking device you created after installation by first renaming it to "tincvpn" then use the following IP:

IP: 172.20.1.2
Subnet: 255.255.255.0

Exchange

Copy hosts from base computer to homeserver and vice versa.
Copy the file "C:\Program Files (x86)\tinc\base\hosts\base" from 1st computer to "C:\Program Files (x86)\tinc\homeserver\hosts\" in 2nd computer
And copy the file "C:\Program Files (x86)\tinc\homesever\hosts\homeserver" from 2nd computer to "C:\Program Files (x86)\tinc\homeserver\hosts\" in 1st computer.
So each computer has both hosts file.

Run the TINCD

We are done, the last command we will run on 1st computer is
tincd.exe -n base

This will create the service and start it. (It will automatically start vpn when computer is started or rebooted) :)


And the ~same in 2nd computer
tincd.exe -n homeserver 

Voila! you should be up and running.

Troubleshooting

Ping, unless your firewall is blocking ICMP packets (ping) it's the best tool to check the connection. Temporary disable firewall on each computer and ping each computers to check if everything is OK. We are using IPs 172.20.1.1 and 172.20.1.2 so ping both IP from both computers.

While troubleshooting i strongly suggest you run tinc in debug mode so you can see whats going on.
Stop the service if it's running and run tinc like this:

tincd.exe -n base -d3 -D

You will find how to troubleshoot, configure, documentation, examples and much more straight from TINC-VPN's documentation http://www.tinc-vpn.org/documentation/tinc_toc.html#SEC_Contents

Android

I'm running +CyanogenMod 10 on my Galaxy S2 i9100 and it works very well, I'm not sure how it will work on other devices/roms.

Since it'll be cumbersome to create all the configurations in the Android device itself we will use our "base" machine to do that.

cd "c:\Program Files (x86)\tinc"
mkdir android

echo ScriptsInterpreter = /system/bin/sh > android\tinc.conf

echo Device = /dev/tun >> android\tinc.conf
echo Name = android >> android\tinc.conf
echo ConnectTo = base >> android\tinc.conf

mkdir android\hosts

echo Subnet = 172.20.1.3/32 > android\hosts\android

tincd.exe -n android -K

Create tinc-up file (android's network device configuration)

echo #!/bin/sh > android\tinc-up

echo ifconfig $INTERFACE 172.20.1.3 netmask 255.255.255.0 >> android\tinc-up

Important exchange host files between this one "android" and "base" then copy the whole "android" folder from computer to your android phone.


Get Tinc GUI from Google Play Store on you device, open it, press the Wrench icon (settings), select Configuration path and select the folder where you copied the "C:\Program Files (x86)\tinc\android" folder, press OK, Execute as Super User and go back.

Press Start enjoy the new world.

If you get error about the device /dev/tun remove that line and try again.

Linux

I could test on a Debian server which luckily happens to have a public IP which will help us increase redundancy if one of the hosts is down. However, i barely tested it and cannot say the configuration is foolproof.

apt-get update
apt-get install tinc
press enter
mkdir -p /etc/tinc/debsrv/hosts
cd /etc/tinc/

echo Name = debsrv > debsrv/tinc.conf
echo ConnectTo = base >> debsrv/tinc.conf
echo Interface = tincvpn >> debsrv/tinc.conf

echo Subnet = 172.20.1.6/32 > debsrv/hosts/debsrv
echo Address = nfsserver.dyndns.org >> debsrv/hosts/debsrv

tincd -n debsrv -K

echo debsrv >> /etc/tinc/nets.boot
echo '#!/bin/sh' | tee -a tinc-up tinc-down
echo 'ifconfig $INTERFACE 172.20.1.6 netmask 255.255.255.0' | tee -a tinc-up
echo 'ifconfig $INTERFACE down' | tee -a tinc-down
chmod 755 tinc-up tinc-down

Don't forget to exchange hosts file between this server and base and actually with any of the other device.

If we have two hosts with public IP we can have two ConnectTo lines on each nodes so that if one goes down they will still be connected to the other one.
ConnectTo = base
ConnectTo = debsrv

Taking advantage of the Cloud

I love +Dropbox and have it installed on all my computers and use it everywhere. Since i have it on all my computers it has really come to use when it came to Tinc configuration files.

I have created a folder Tinc and sub folders for each computer's tinc configurations. Then i created symlink (shortcut) to tinc folder in C:\Program Files (x86)\tinc\ using command:
1st computer: mklink /D C:\Program Files (x86)\tinc\base C:\Users\Ilir\Dropbox\Tinc\base
2nd computer: mklink /D C:\Program Files (x86)\tinc\homeserver C:\Users\Ilir\Dropbox\Tinc\homeserver

Using this i have everything centralized so if i make a change that affects many hosts i don't have to go to each computer and do that i do everything from one computer. Efficiency!

You can use any of the cloud storage actually, like +Google Drive, AeroFS, Skydrive, Box...

Final thoughts

I'm far far from a competent person in this area, i just got into private networks. TINC impressed me so much that i thought if i can do it anyone can, so let's write a tutorial.
Regarding Tinc itself, so far so good, but remember I've been running it only couple of days in time of writing this, there could be problems, better, easier configurations and what not. I'm looking forward to having more time to experiment with Tinc and why not experiment with other solutions either.

Until next article or tutorial.

Friday, January 4, 2013

Back???

It's been a long time since i wrote anything on my blog and the plan was always to write things continuously but i stopped for a moment without any reason :( maybe i'm just a bad writer and my english kind of sucks...

However i'm writing few things now and will post it/them soon.

My first post will be about TINC VPN (more info http://www.tinc-vpn.org/) how i set up to connect my 2 computers at home, computer at work and my android phone.

-------------

Ka kalu nje kohe e gjate prej sa kam shkru diqka ne blogun tim edhe pse plani ka qen gjithmone me shkru n'kontinuitet mirpo pa ndonje arsye nuk e kam bere.

Por, jam duke i shkru disa gjera dhe do ti postoj shpejt.

Postimi i pare qe do ta bej eshte per TINC VPN (ma shum info ne http://www.tinc-vpn.org/), qysh e kam rregullu qe me i lidh 2 kompjuterat qe i kam ne shpi, kompjuterin ne pune edhe telefonin android.