Is your package built with or without OpenSSL? How do you intergrate
with UCI?
Can I view the makefile somewhere?
Florian
Am 15.06.2015 um 11:48 schrieb shikkc:> I already have a package made, if anyone would like me to I could submit
> it.
>
> On 2015-06-13 17:26, Florian Klink wrote:
>> Hey Saverio,
>>
>> I'd really like the idea of a tinc-1.1-pre package for OpenWRT.
I'm
>> currently using tinc-1.1 with an Ed25519-only network, really like the
>> new features and CLI and want to add some OpenWRT routers into the mix.
>>
>> How do you plan to handle things with OpenSSL?
>> tinc-1.1 from git should be able to compile without it (but will then
>> only support the built-in algorithms). Depending on device
restrictions,
>> such a version could also be very interesting.
>>
>> Florian
>>
>>
>>
>> Am 30.01.2015 um 14:46 schrieb Saverio Proto:
>>> Hello Jonathan,
>>>
>>> I will probably make a tinc 1.1 OpenWrt package soon. I am already
>>> maintener for th 1.0 package.
>>>
>>> If you want to read about how to make the package there is this
very
>>> good documentation:
>>>
>>>
http://wiki.prplfoundation.org/wiki/Creating_an_OpenWrt_package_for_a_web_page
>>>
>>>
>>> Saverio
>>>
>>>
>>>
>>> 2015-01-29 19:02 GMT+01:00 Jonathan Clark
>>> <tinc-list-fc5DsTjUV5eaXpRTH7SBZA at public.gmane.org>:
>>>> On Tue, Jan 27, 2015, Sandy McArthur Jr wrote:
>>>>> I use the Tinc 1.0 series since I don't want to support
my
>>>>> own packages. <snip>
>>>>> I wrote most of http://wiki.openwrt.org/doc/howto/vpn.tinc
and that is
>>>>> what I still use. Since then . . .
>>>>
>>>> Ok. I think I'll start with the 1.0 series packages that
are already
>>>> out there and get them working.
>>>>
>>>> and on Tue, Jan 27, 2015, Lance wrote:
>>>>> The scripts used to create these binaries are here if
you'd like to
>>>>> recreate
>>>>> them.
>>>>>
https://github.com/lancethepants/tinc-mipsel-static/blob/master/tinc.sh
>>>>>
>>>>> https://github.com/lancethepants/tinc-arm-musl-static
>>>>
>>>> Thanks. I'll start playing with those once I succeed (or
otherwise)
>>>> with the pre-packaged stuff.
>>>>
>>>> On Tue, Jan 27, 2015 at 10:12 AM, Sandy McArthur Jr
>>>> <sandy-VS8MnoN11Rtg9hUCZPvPmw at public.gmane.org> wrote:
>>>>> Jonathan,
>>>>> I really like OpenWrt. I've deployed Tinc on ~12
routers with OpenWrt
>>>>> installed. I use the Tinc 1.0 series since I don't want
to support my
>>>>> own packages.
>>>>>
>>>>> OpenWrt has a nice unified configuration system. Tinc has a
nice
>>>>> configuration directory structure. What OpenWrt has done to
merge
>>>>> these two concepts over complicates things, and generally
sucks.
>>>>>
>>>>> I wrote most of http://wiki.openwrt.org/doc/howto/vpn.tinc
and that is
>>>>> what I still use. Since then I wrote the script below to
help automate
>>>>> adding of new hosts in a network.
>>>>>
>>>>> A tip I've found when putting tinc on your gateway
device is to bind
>>>>> to several ports so you have options with mobile devices
when they are
>>>>> behind firewalls that block low ports. I tend to use 655
(tinc), 1194
>>>>> (openvpn), 65500 (tinc * 100 so it's a high port
number) . Be careful
>>>>> how you use this as some older versions of Tinc on OpenWrt
crash on
>>>>> startup when the .../NETWORK/hosts/NODENAME file lists
multiple
>>>>> "Address = .... : [port]" lines.
>>>>>
>>>>> Also, I like to have a backup method to find and remote to
an OpenWrt
>>>>> device (ddns and ssh) but if you allow ssh from the
internet to your
>>>>> gateway, it will get slammed on with logins by brute force
all the
>>>>> time. This is a good reason to make use of SSH-Keys and
disallow
>>>>> password authentication in the Dropbear config (option
>>>>> RootPasswordAuth 'off').
>>>>>
>>>>> Finally, some of my Tinc deployments are at locations that
are not
>>>>> staffed by technical people and would take me 3+ hours to
travel to. I
>>>>> now always configure these devices to daily reboot and they
often have
>>>>> a second Tinc network configured with a minimal, known good
config
>>>>> that doesn't change that I can use to remotely admin
and fix the main
>>>>> Tinc network config if I botch it up.
>>>>>
>>>>>
>>>>> #!/bin/sh
>>>>>
>>>>> for network in /etc/tinc/*/
>>>>> do
>>>>> netname=`basename $network`
>>>>> echo Tinc Network Name: $netname
>>>>>
>>>>> for host in /etc/tinc/$netname/hosts/*
>>>>> do
>>>>> hostname=`basename $host`
>>>>> echo Tinc Network $netname Host: $hostname
>>>>>
>>>>> if [ ! `uci get tinc.$hostname` ]
>>>>> then
>>>>> uci set tinc.$hostname=tinc-host
>>>>> uci set tinc.$hostname.net=$netname
>>>>> uci set tinc.$hostname.enabled=1
>>>>> uci commit
>>>>>
>>>>> fi
>>>>>
>>>>> done # for host
>>>>>
>>>>> done # for network
>>>>>
>>>>> On Mon, Jan 26, 2015 at 6:39 PM, Jonathan Clark
>>>>> <tinc-list-fc5DsTjUV5eaXpRTH7SBZA at
public.gmane.org> wrote:
>>>>>> Greetings.
>>>>>>
>>>>>> I'm new to tinc, but have so far managed to get a
couple laptops
>>>>>> and a
>>>>>> hosted server all connected. They're working as
expected, running
>>>>>> Tinc 1.1-pre11, which I compiled from source.
>>>>>>
>>>>>> Next I want to move on to adding my home router into
the mix. My
>>>>>> routers run OpenWRT. I don't have experience
compiling anything from
>>>>>> source for OpenWRT, but OpenWRT has Tinc 1.0.25
prepackaged.
>>>>>>
>>>>>> With that in mind, which direction should I move next?
I think my
>>>>>> options are:
>>>>>>
>>>>>> (option a)
>>>>>> Switch my existing/working Tinc setup to using RSA keys
(instead of
>>>>>> Ed25519) so they can talk to the 1.0.25 packages
available on
>>>>>> OpenWRT,
>>>>>> and then go on to figure out how to get the
already-packaged Tinc
>>>>>> 1.0.25 working on my router.
>>>>>>
>>>>>> or
>>>>>> (option b)
>>>>>> Take a detour and learn how to cross-compile things for
OpenWRT. Use
>>>>>> this new knowledge to install Tinc 1.1pre11 onto my
router. Feel
>>>>>> accomplished.
>>>>>>
>>>>>> or something else?
>>>>>>
>>>>>> I'm exploring this mainly for the fun of figuring
it out, so there's
>>>>>> no deadline or even a business reason to succeed. Does
that
>>>>>> suggest I
>>>>>> should tackle option a, and then go ahead and try
option b, resulting
>>>>>> in twice the fun and sense of accomplishment?
>>>>>>
>>>>>> And, overall, how difficult are each of these options?
>>>>>>
>>>>>> Thanks, by the way, for all your work. From what
I've seen so far,
>>>>>> this project is pretty impressive.
>>>>>>
>>>>>> Jonathan
>>>>>> Kingston, New York, USA
>>>>>> _______________________________________________
>>>>>> tinc mailing list
>>>>>> tinc-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org
>>>>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Sandy McArthur, Jr.
>>>>>
>>>>> "No nation could preserve its freedom in the midst of
continual
>>>>> warfare."
>>>>> - Letters and Other Writings of James Madison (1865), Vol.
IV, p. 491
>>>> _______________________________________________
>>>> tinc mailing list
>>>> tinc-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org
>>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>> _______________________________________________
>> tinc mailing list
>> tinc-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>