Hey Saverio, I'd really like the idea of a tinc-1.1-pre package for OpenWRT. I'm currently using tinc-1.1 with an Ed25519-only network, really like the new features and CLI and want to add some OpenWRT routers into the mix. How do you plan to handle things with OpenSSL? tinc-1.1 from git should be able to compile without it (but will then only support the built-in algorithms). Depending on device restrictions, such a version could also be very interesting. Florian Am 30.01.2015 um 14:46 schrieb Saverio Proto:> Hello Jonathan, > > I will probably make a tinc 1.1 OpenWrt package soon. I am already > maintener for th 1.0 package. > > If you want to read about how to make the package there is this very > good documentation: > > http://wiki.prplfoundation.org/wiki/Creating_an_OpenWrt_package_for_a_web_page > > Saverio > > > > 2015-01-29 19:02 GMT+01:00 Jonathan Clark <tinc-list at heyjonathan.com>: >> On Tue, Jan 27, 2015, Sandy McArthur Jr wrote: >>> I use the Tinc 1.0 series since I don't want to support my >>> own packages. <snip> >>> I wrote most of http://wiki.openwrt.org/doc/howto/vpn.tinc and that is >>> what I still use. Since then . . . >> >> Ok. I think I'll start with the 1.0 series packages that are already >> out there and get them working. >> >> and on Tue, Jan 27, 2015, Lance wrote: >>> The scripts used to create these binaries are here if you'd like to recreate >>> them. >>> https://github.com/lancethepants/tinc-mipsel-static/blob/master/tinc.sh >>> https://github.com/lancethepants/tinc-arm-musl-static >> >> Thanks. I'll start playing with those once I succeed (or otherwise) >> with the pre-packaged stuff. >> >> On Tue, Jan 27, 2015 at 10:12 AM, Sandy McArthur Jr <sandy at mcarthur.org> wrote: >>> Jonathan, >>> I really like OpenWrt. I've deployed Tinc on ~12 routers with OpenWrt >>> installed. I use the Tinc 1.0 series since I don't want to support my >>> own packages. >>> >>> OpenWrt has a nice unified configuration system. Tinc has a nice >>> configuration directory structure. What OpenWrt has done to merge >>> these two concepts over complicates things, and generally sucks. >>> >>> I wrote most of http://wiki.openwrt.org/doc/howto/vpn.tinc and that is >>> what I still use. Since then I wrote the script below to help automate >>> adding of new hosts in a network. >>> >>> A tip I've found when putting tinc on your gateway device is to bind >>> to several ports so you have options with mobile devices when they are >>> behind firewalls that block low ports. I tend to use 655 (tinc), 1194 >>> (openvpn), 65500 (tinc * 100 so it's a high port number) . Be careful >>> how you use this as some older versions of Tinc on OpenWrt crash on >>> startup when the .../NETWORK/hosts/NODENAME file lists multiple >>> "Address = .... : [port]" lines. >>> >>> Also, I like to have a backup method to find and remote to an OpenWrt >>> device (ddns and ssh) but if you allow ssh from the internet to your >>> gateway, it will get slammed on with logins by brute force all the >>> time. This is a good reason to make use of SSH-Keys and disallow >>> password authentication in the Dropbear config (option >>> RootPasswordAuth 'off'). >>> >>> Finally, some of my Tinc deployments are at locations that are not >>> staffed by technical people and would take me 3+ hours to travel to. I >>> now always configure these devices to daily reboot and they often have >>> a second Tinc network configured with a minimal, known good config >>> that doesn't change that I can use to remotely admin and fix the main >>> Tinc network config if I botch it up. >>> >>> >>> #!/bin/sh >>> >>> for network in /etc/tinc/*/ >>> do >>> netname=`basename $network` >>> echo Tinc Network Name: $netname >>> >>> for host in /etc/tinc/$netname/hosts/* >>> do >>> hostname=`basename $host` >>> echo Tinc Network $netname Host: $hostname >>> >>> if [ ! `uci get tinc.$hostname` ] >>> then >>> uci set tinc.$hostname=tinc-host >>> uci set tinc.$hostname.net=$netname >>> uci set tinc.$hostname.enabled=1 >>> uci commit >>> >>> fi >>> >>> done # for host >>> >>> done # for network >>> >>> On Mon, Jan 26, 2015 at 6:39 PM, Jonathan Clark >>> <tinc-list at heyjonathan.com> wrote: >>>> Greetings. >>>> >>>> I'm new to tinc, but have so far managed to get a couple laptops and a >>>> hosted server all connected. They're working as expected, running >>>> Tinc 1.1-pre11, which I compiled from source. >>>> >>>> Next I want to move on to adding my home router into the mix. My >>>> routers run OpenWRT. I don't have experience compiling anything from >>>> source for OpenWRT, but OpenWRT has Tinc 1.0.25 prepackaged. >>>> >>>> With that in mind, which direction should I move next? I think my options are: >>>> >>>> (option a) >>>> Switch my existing/working Tinc setup to using RSA keys (instead of >>>> Ed25519) so they can talk to the 1.0.25 packages available on OpenWRT, >>>> and then go on to figure out how to get the already-packaged Tinc >>>> 1.0.25 working on my router. >>>> >>>> or >>>> (option b) >>>> Take a detour and learn how to cross-compile things for OpenWRT. Use >>>> this new knowledge to install Tinc 1.1pre11 onto my router. Feel >>>> accomplished. >>>> >>>> or something else? >>>> >>>> I'm exploring this mainly for the fun of figuring it out, so there's >>>> no deadline or even a business reason to succeed. Does that suggest I >>>> should tackle option a, and then go ahead and try option b, resulting >>>> in twice the fun and sense of accomplishment? >>>> >>>> And, overall, how difficult are each of these options? >>>> >>>> Thanks, by the way, for all your work. From what I've seen so far, >>>> this project is pretty impressive. >>>> >>>> Jonathan >>>> Kingston, New York, USA >>>> _______________________________________________ >>>> tinc mailing list >>>> tinc at tinc-vpn.org >>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>> >>> >>> >>> -- >>> Sandy McArthur, Jr. >>> >>> "No nation could preserve its freedom in the midst of continual warfare." >>> - Letters and Other Writings of James Madison (1865), Vol. IV, p. 491 >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
I already have a package made, if anyone would like me to I could submit it. On 2015-06-13 17:26, Florian Klink wrote:> Hey Saverio, > > I'd really like the idea of a tinc-1.1-pre package for OpenWRT. I'm > currently using tinc-1.1 with an Ed25519-only network, really like the > new features and CLI and want to add some OpenWRT routers into the mix. > > How do you plan to handle things with OpenSSL? > tinc-1.1 from git should be able to compile without it (but will then > only support the built-in algorithms). Depending on device restrictions, > such a version could also be very interesting. > > Florian > > > > Am 30.01.2015 um 14:46 schrieb Saverio Proto: >> Hello Jonathan, >> >> I will probably make a tinc 1.1 OpenWrt package soon. I am already >> maintener for th 1.0 package. >> >> If you want to read about how to make the package there is this very >> good documentation: >> >> http://wiki.prplfoundation.org/wiki/Creating_an_OpenWrt_package_for_a_web_page >> >> Saverio >> >> >> >> 2015-01-29 19:02 GMT+01:00 Jonathan Clark <tinc-list at heyjonathan.com>: >>> On Tue, Jan 27, 2015, Sandy McArthur Jr wrote: >>>> I use the Tinc 1.0 series since I don't want to support my >>>> own packages. <snip> >>>> I wrote most of http://wiki.openwrt.org/doc/howto/vpn.tinc and that is >>>> what I still use. Since then . . . >>> >>> Ok. I think I'll start with the 1.0 series packages that are already >>> out there and get them working. >>> >>> and on Tue, Jan 27, 2015, Lance wrote: >>>> The scripts used to create these binaries are here if you'd like to >>>> recreate >>>> them. >>>> https://github.com/lancethepants/tinc-mipsel-static/blob/master/tinc.sh >>>> https://github.com/lancethepants/tinc-arm-musl-static >>> >>> Thanks. I'll start playing with those once I succeed (or otherwise) >>> with the pre-packaged stuff. >>> >>> On Tue, Jan 27, 2015 at 10:12 AM, Sandy McArthur Jr <sandy at mcarthur.org> >>> wrote: >>>> Jonathan, >>>> I really like OpenWrt. I've deployed Tinc on ~12 routers with OpenWrt >>>> installed. I use the Tinc 1.0 series since I don't want to support my >>>> own packages. >>>> >>>> OpenWrt has a nice unified configuration system. Tinc has a nice >>>> configuration directory structure. What OpenWrt has done to merge >>>> these two concepts over complicates things, and generally sucks. >>>> >>>> I wrote most of http://wiki.openwrt.org/doc/howto/vpn.tinc and that is >>>> what I still use. Since then I wrote the script below to help automate >>>> adding of new hosts in a network. >>>> >>>> A tip I've found when putting tinc on your gateway device is to bind >>>> to several ports so you have options with mobile devices when they are >>>> behind firewalls that block low ports. I tend to use 655 (tinc), 1194 >>>> (openvpn), 65500 (tinc * 100 so it's a high port number) . Be careful >>>> how you use this as some older versions of Tinc on OpenWrt crash on >>>> startup when the .../NETWORK/hosts/NODENAME file lists multiple >>>> "Address = .... : [port]" lines. >>>> >>>> Also, I like to have a backup method to find and remote to an OpenWrt >>>> device (ddns and ssh) but if you allow ssh from the internet to your >>>> gateway, it will get slammed on with logins by brute force all the >>>> time. This is a good reason to make use of SSH-Keys and disallow >>>> password authentication in the Dropbear config (option >>>> RootPasswordAuth 'off'). >>>> >>>> Finally, some of my Tinc deployments are at locations that are not >>>> staffed by technical people and would take me 3+ hours to travel to. I >>>> now always configure these devices to daily reboot and they often have >>>> a second Tinc network configured with a minimal, known good config >>>> that doesn't change that I can use to remotely admin and fix the main >>>> Tinc network config if I botch it up. >>>> >>>> >>>> #!/bin/sh >>>> >>>> for network in /etc/tinc/*/ >>>> do >>>> netname=`basename $network` >>>> echo Tinc Network Name: $netname >>>> >>>> for host in /etc/tinc/$netname/hosts/* >>>> do >>>> hostname=`basename $host` >>>> echo Tinc Network $netname Host: $hostname >>>> >>>> if [ ! `uci get tinc.$hostname` ] >>>> then >>>> uci set tinc.$hostname=tinc-host >>>> uci set tinc.$hostname.net=$netname >>>> uci set tinc.$hostname.enabled=1 >>>> uci commit >>>> >>>> fi >>>> >>>> done # for host >>>> >>>> done # for network >>>> >>>> On Mon, Jan 26, 2015 at 6:39 PM, Jonathan Clark >>>> <tinc-list at heyjonathan.com> wrote: >>>>> Greetings. >>>>> >>>>> I'm new to tinc, but have so far managed to get a couple laptops and a >>>>> hosted server all connected. They're working as expected, running >>>>> Tinc 1.1-pre11, which I compiled from source. >>>>> >>>>> Next I want to move on to adding my home router into the mix. My >>>>> routers run OpenWRT. I don't have experience compiling anything from >>>>> source for OpenWRT, but OpenWRT has Tinc 1.0.25 prepackaged. >>>>> >>>>> With that in mind, which direction should I move next? I think my >>>>> options are: >>>>> >>>>> (option a) >>>>> Switch my existing/working Tinc setup to using RSA keys (instead of >>>>> Ed25519) so they can talk to the 1.0.25 packages available on OpenWRT, >>>>> and then go on to figure out how to get the already-packaged Tinc >>>>> 1.0.25 working on my router. >>>>> >>>>> or >>>>> (option b) >>>>> Take a detour and learn how to cross-compile things for OpenWRT. Use >>>>> this new knowledge to install Tinc 1.1pre11 onto my router. Feel >>>>> accomplished. >>>>> >>>>> or something else? >>>>> >>>>> I'm exploring this mainly for the fun of figuring it out, so there's >>>>> no deadline or even a business reason to succeed. Does that suggest I >>>>> should tackle option a, and then go ahead and try option b, resulting >>>>> in twice the fun and sense of accomplishment? >>>>> >>>>> And, overall, how difficult are each of these options? >>>>> >>>>> Thanks, by the way, for all your work. From what I've seen so far, >>>>> this project is pretty impressive. >>>>> >>>>> Jonathan >>>>> Kingston, New York, USA >>>>> _______________________________________________ >>>>> tinc mailing list >>>>> tinc at tinc-vpn.org >>>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>> >>>> >>>> >>>> -- >>>> Sandy McArthur, Jr. >>>> >>>> "No nation could preserve its freedom in the midst of continual warfare." >>>> - Letters and Other Writings of James Madison (1865), Vol. IV, p. 491 >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org >>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-- -shikkc
Is your package built with or without OpenSSL? How do you intergrate with UCI? Can I view the makefile somewhere? Florian Am 15.06.2015 um 11:48 schrieb shikkc:> I already have a package made, if anyone would like me to I could submit > it. > > On 2015-06-13 17:26, Florian Klink wrote: >> Hey Saverio, >> >> I'd really like the idea of a tinc-1.1-pre package for OpenWRT. I'm >> currently using tinc-1.1 with an Ed25519-only network, really like the >> new features and CLI and want to add some OpenWRT routers into the mix. >> >> How do you plan to handle things with OpenSSL? >> tinc-1.1 from git should be able to compile without it (but will then >> only support the built-in algorithms). Depending on device restrictions, >> such a version could also be very interesting. >> >> Florian >> >> >> >> Am 30.01.2015 um 14:46 schrieb Saverio Proto: >>> Hello Jonathan, >>> >>> I will probably make a tinc 1.1 OpenWrt package soon. I am already >>> maintener for th 1.0 package. >>> >>> If you want to read about how to make the package there is this very >>> good documentation: >>> >>> http://wiki.prplfoundation.org/wiki/Creating_an_OpenWrt_package_for_a_web_page >>> >>> >>> Saverio >>> >>> >>> >>> 2015-01-29 19:02 GMT+01:00 Jonathan Clark >>> <tinc-list-fc5DsTjUV5eaXpRTH7SBZA at public.gmane.org>: >>>> On Tue, Jan 27, 2015, Sandy McArthur Jr wrote: >>>>> I use the Tinc 1.0 series since I don't want to support my >>>>> own packages. <snip> >>>>> I wrote most of http://wiki.openwrt.org/doc/howto/vpn.tinc and that is >>>>> what I still use. Since then . . . >>>> >>>> Ok. I think I'll start with the 1.0 series packages that are already >>>> out there and get them working. >>>> >>>> and on Tue, Jan 27, 2015, Lance wrote: >>>>> The scripts used to create these binaries are here if you'd like to >>>>> recreate >>>>> them. >>>>> https://github.com/lancethepants/tinc-mipsel-static/blob/master/tinc.sh >>>>> >>>>> https://github.com/lancethepants/tinc-arm-musl-static >>>> >>>> Thanks. I'll start playing with those once I succeed (or otherwise) >>>> with the pre-packaged stuff. >>>> >>>> On Tue, Jan 27, 2015 at 10:12 AM, Sandy McArthur Jr >>>> <sandy-VS8MnoN11Rtg9hUCZPvPmw at public.gmane.org> wrote: >>>>> Jonathan, >>>>> I really like OpenWrt. I've deployed Tinc on ~12 routers with OpenWrt >>>>> installed. I use the Tinc 1.0 series since I don't want to support my >>>>> own packages. >>>>> >>>>> OpenWrt has a nice unified configuration system. Tinc has a nice >>>>> configuration directory structure. What OpenWrt has done to merge >>>>> these two concepts over complicates things, and generally sucks. >>>>> >>>>> I wrote most of http://wiki.openwrt.org/doc/howto/vpn.tinc and that is >>>>> what I still use. Since then I wrote the script below to help automate >>>>> adding of new hosts in a network. >>>>> >>>>> A tip I've found when putting tinc on your gateway device is to bind >>>>> to several ports so you have options with mobile devices when they are >>>>> behind firewalls that block low ports. I tend to use 655 (tinc), 1194 >>>>> (openvpn), 65500 (tinc * 100 so it's a high port number) . Be careful >>>>> how you use this as some older versions of Tinc on OpenWrt crash on >>>>> startup when the .../NETWORK/hosts/NODENAME file lists multiple >>>>> "Address = .... : [port]" lines. >>>>> >>>>> Also, I like to have a backup method to find and remote to an OpenWrt >>>>> device (ddns and ssh) but if you allow ssh from the internet to your >>>>> gateway, it will get slammed on with logins by brute force all the >>>>> time. This is a good reason to make use of SSH-Keys and disallow >>>>> password authentication in the Dropbear config (option >>>>> RootPasswordAuth 'off'). >>>>> >>>>> Finally, some of my Tinc deployments are at locations that are not >>>>> staffed by technical people and would take me 3+ hours to travel to. I >>>>> now always configure these devices to daily reboot and they often have >>>>> a second Tinc network configured with a minimal, known good config >>>>> that doesn't change that I can use to remotely admin and fix the main >>>>> Tinc network config if I botch it up. >>>>> >>>>> >>>>> #!/bin/sh >>>>> >>>>> for network in /etc/tinc/*/ >>>>> do >>>>> netname=`basename $network` >>>>> echo Tinc Network Name: $netname >>>>> >>>>> for host in /etc/tinc/$netname/hosts/* >>>>> do >>>>> hostname=`basename $host` >>>>> echo Tinc Network $netname Host: $hostname >>>>> >>>>> if [ ! `uci get tinc.$hostname` ] >>>>> then >>>>> uci set tinc.$hostname=tinc-host >>>>> uci set tinc.$hostname.net=$netname >>>>> uci set tinc.$hostname.enabled=1 >>>>> uci commit >>>>> >>>>> fi >>>>> >>>>> done # for host >>>>> >>>>> done # for network >>>>> >>>>> On Mon, Jan 26, 2015 at 6:39 PM, Jonathan Clark >>>>> <tinc-list-fc5DsTjUV5eaXpRTH7SBZA at public.gmane.org> wrote: >>>>>> Greetings. >>>>>> >>>>>> I'm new to tinc, but have so far managed to get a couple laptops >>>>>> and a >>>>>> hosted server all connected. They're working as expected, running >>>>>> Tinc 1.1-pre11, which I compiled from source. >>>>>> >>>>>> Next I want to move on to adding my home router into the mix. My >>>>>> routers run OpenWRT. I don't have experience compiling anything from >>>>>> source for OpenWRT, but OpenWRT has Tinc 1.0.25 prepackaged. >>>>>> >>>>>> With that in mind, which direction should I move next? I think my >>>>>> options are: >>>>>> >>>>>> (option a) >>>>>> Switch my existing/working Tinc setup to using RSA keys (instead of >>>>>> Ed25519) so they can talk to the 1.0.25 packages available on >>>>>> OpenWRT, >>>>>> and then go on to figure out how to get the already-packaged Tinc >>>>>> 1.0.25 working on my router. >>>>>> >>>>>> or >>>>>> (option b) >>>>>> Take a detour and learn how to cross-compile things for OpenWRT. Use >>>>>> this new knowledge to install Tinc 1.1pre11 onto my router. Feel >>>>>> accomplished. >>>>>> >>>>>> or something else? >>>>>> >>>>>> I'm exploring this mainly for the fun of figuring it out, so there's >>>>>> no deadline or even a business reason to succeed. Does that >>>>>> suggest I >>>>>> should tackle option a, and then go ahead and try option b, resulting >>>>>> in twice the fun and sense of accomplishment? >>>>>> >>>>>> And, overall, how difficult are each of these options? >>>>>> >>>>>> Thanks, by the way, for all your work. From what I've seen so far, >>>>>> this project is pretty impressive. >>>>>> >>>>>> Jonathan >>>>>> Kingston, New York, USA >>>>>> _______________________________________________ >>>>>> tinc mailing list >>>>>> tinc-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org >>>>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>>> >>>>> >>>>> >>>>> -- >>>>> Sandy McArthur, Jr. >>>>> >>>>> "No nation could preserve its freedom in the midst of continual >>>>> warfare." >>>>> - Letters and Other Writings of James Madison (1865), Vol. IV, p. 491 >>>> _______________________________________________ >>>> tinc mailing list >>>> tinc-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org >>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >> _______________________________________________ >> tinc mailing list >> tinc-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >