2/15/13

simple-bridging-with-dhcp-server-side

RecentChanges

Links:
Main screen
Activities
Contact
Contribute
Documentation
Download
Examples
FAQ
Goals
Mailing lists
News
Repository
Search
Security issues
Supported platforms
VPN links
Hosted by:
Tilburg University

# Company:
# Author:
# Note:
# Date:
# License:

PowerCraft Technology
Copyright Jelle de Jong <jelledejong@powercraf
Please send me an email if you enhanced the do
2010-05-24 / 2010-07-04
CC-BY-SA

# This document is free documentation; you can redistribut

# modify it under the terms of the Creative Commons Attrib
# Alike as published by the Creative Commons Foundation; e
# 3.0 of the License, or (at your option) any later versio
#
# This document is distributed in the hope that it will be
# but WITHOUT ANY WARRANTY; without even the implied warra
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
# Creative Commons BY-SA License for more details.
#
# http://creativecommons.org/licenses/by-sa/

#---------------------------------------------------------

# for commercial support contact me, part of the revenue g

#--------------------------------------------------------# http://www.tinc-vpn.org/
# http://www.tinc-vpn.org/examples/bridging
# http://www.tinc-vpn.org/documentation/tinc_toc

#---------------------------------------------------------

# <@guus> Well all the tinc daemons together act like a si

# <@guus> And each node in the VPN is connected to a port
# <@guus> And if you bridge the VPN interface with eth0, t

#--------------------------------------------------------unset LANG LANGUAGE LC_ALL

apt-get update; apt-get dist-upgrade
apt-cache show tinc
apt-get install tinc
apt-get install bridge-utils

#--------------------------------------------------------/etc/init.d/tinc stop

#--------------------------------------------------------# ls -hal /dev/net/tun

www.tinc-vpn.org/examples/simple-bridging-with-dhcp-server-side/

1/7

2/15/13

simple-bridging-with-dhcp-server-side

crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun

# grep tinc /etc/services
tinc
655/tcp
tinc
655/udp

# tinc control port

cat /usr/share/doc/tinc/README.Debian
zcat /usr/share/doc/tinc/README.gz | less
zcat /usr/share/doc/tinc/NEWS.gz | less
cat /usr/share/doc/tinc/examples/tinc-up
w3m /usr/share/doc/tinc/tinc_0.html
cat /etc/default/tinc
less /etc/init.d/tinc

#--------------------------------------------------------vim /etc/default/tinc
EXTRA="-d"
cat /etc/default/tinc

#--------------------------------------------------------cat /etc/tinc/nets.boot
echo 'powercraft01' | tee --append /etc/tinc/nets.boot
cat /etc/tinc/nets.boot

#--------------------------------------------------------ls -hal /etc/tinc/scallab01/

mkdir --verbose /etc/tinc/powercraft01/
mkdir --verbose /etc/tinc/powercraft01/hosts/
touch /etc/tinc/powercraft01/tinc.conf

#--------------------------------------------------------vim /etc/network/interfaces

# tinc-vpn: dhcp bridge

auto br0
iface br0 inet static
address 192.168.3.1
netmask 255.255.255.0
# pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7
# pre-up /sbin/ifconfig eth2 0.0.0.0
# bridge_ports eth2
bridge_ports tun1
bridge_maxwait 1
bridge_fd 2.5
post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/br0/proxy_
cat /etc/network/interfaces

www.tinc-vpn.org/examples/simple-bridging-with-dhcp-server-side/

2/7

2/15/13

simple-bridging-with-dhcp-server-side

#---------------------------------------------------------

echo 'interface "br0" {

request subnet-mask, broadcast-address, time-offset,
host-name, netbios-scope, interface-mtu, ntp-servers;
}' | tee --append /etc/dhcp3/dhclient.conf
cat /etc/dhcp3/dhclient.conf

#--------------------------------------------------------vim /etc/dhcp3/dhcpd.conf
subnet 192.168.3.0 netmask 255.255.255.0 {
range 192.168.3.200 192.168.3.240;
option routers 192.168.3.1;
option domain-name-servers 192.168.3.1;
}

#--------------------------------------------------------ifdown br0
ifup br0

#---------------------------------------------------------

vim /etc/default/dhcp3-server
INTERFACES="vlan2 eth0 br0" # add the br0 to the corre
/etc/init.d/dhcp3-server restart
ps aux | grep dhcp
tail -n 400 -f /var/log/syslog

#--------------------------------------------------------ifconfig br0
route -n
brctl show

#---------------------------------------------------------

# ifconfig br0
br0
Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask
inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:L
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric
RX packets:12 errors:0 dropped:0 overruns:0 fram
TX packets:14 errors:0 dropped:0 overruns:0 carr
collisions:0 txqueuelen:0
RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB)
# route -n
Kernel IP routing table
www.tinc-vpn.org/examples/simple-bridging-with-dhcp-server-side/

3/7

2/15/13

simple-bridging-with-dhcp-server-side

Destination
192.168.3.0
192.168.2.0
192.168.1.0
84.245.3.0
0.0.0.0

Gateway
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
84.245.3.1

# brctl show
bridge name bridge id
br0
8000.000000000000

Genmask
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
0.0.0.0

Flags Metr
U
0
U
0
U
0
U
0
UG
100

STP enabled interfaces

no

#--------------------------------------------------------echo 'AddressFamily = ipv4

Device = /dev/net/tun
Interface = tun1
Mode = switch
Name = server01' | tee /etc/tinc/powercraft01/tinc.conf
cat /etc/tinc/powercraft01/tinc.conf
chmod 640 /etc/tinc/powercraft01/tinc.conf
ls -hal /etc/tinc/powercraft01/tinc.conf

echo '#!/bin/sh
ifconfig $INTERFACE 0.0.0.0
route add -net 192.168.30.0 netmask 255.255.255.0 br0 # op
brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/t
cat /etc/tinc/powercraft01/tinc-up
chmod 750 /etc/tinc/powercraft01/tinc-up
ls -hal /etc/tinc/powercraft01/tinc-up

echo '#!/bin/sh
brctl delif br0 $INTERFACE
route del -net 192.168.30.0 netmask 255.255.255.0 br0 # op
ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tin
cat /etc/tinc/powercraft01/tinc-down
chmod 750 /etc/tinc/powercraft01/tinc-down
ls -hal /etc/tinc/powercraft01/tinc-down

#--------------------------------------------------------rm /etc/tinc/powercraft01/rsa_key.priv
rm /etc/tinc/powercraft01/hosts/server01
tincd -n powercraft01 -K

#--------------------------------------------------------getent services | grep 656

#---------------------------------------------------------

www.tinc-vpn.org/examples/simple-bridging-with-dhcp-server-side/

4/7

2/15/13

simple-bridging-with-dhcp-server-side

vim /etc/tinc/powercraft01/hosts/server01
# add on head of file
Compression = 9
PMTU = 1492
PMTUDiscovery = yes
Port = 656
cat /etc/tinc/powercraft01/hosts/server01

#--------------------------------------------------------/etc/init.d/tinc stop
fg
/usr/sbin/tincd --net powercraft01 --no-detach --debug=5

#--------------------------------------------------------/etc/init.d/tinc restart
tail --line=500 --follow /var/log/syslog

#--------------------------------------------------------ifconfig br0
ifconfig tun1
route -n
brctl show br0
brctl showmacs br0

#---------------------------------------------------------

# ifconfig br0
br0
Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask
inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:L
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric
RX packets:17 errors:0 dropped:0 overruns:0 fram
TX packets:20 errors:0 dropped:0 overruns:0 carr
collisions:0 txqueuelen:0
RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB)

# ifconfig tun1
tun1
Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8
inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Li
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric
RX packets:8 errors:0 dropped:0 overruns:0 frame
TX packets:12 errors:0 dropped:0 overruns:0 carr
collisions:0 txqueuelen:500
RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB)
# route -n
Kernel IP routing table
Destination
Gateway
www.tinc-vpn.org/examples/simple-bridging-with-dhcp-server-side/

Genmask

Flags Metr
5/7

2/15/13

simple-bridging-with-dhcp-server-side

192.168.3.0
192.168.2.0
192.168.1.0
84.245.3.0
0.0.0.0

0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
84.245.3.1

# brctl show br0

bridge name bridge id
br0
8000.1eeb95c304d8
# brctl showmacs br0
port no mac addr
1 1e:eb:95:c3:04:d8
1 86:03:27:21:2e:60

255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
0.0.0.0

U
U
U
U
UG

0
0
0
0
100

STP enabled interfaces

no
tun1

is local? ageing timer

yes
0.00
no
44.19

#--------------------------------------------------------ps aux | grep tincd

tincd -n powercraft01 -kUSR2
tail -n 100 /var/log/syslog

#---------------------------------------------------------

May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistic

May 24 17:29:31 ashley tinc.powercraft01[11557]: total by
May 24 17:29:31 ashley tinc.powercraft01[11557]: total by
May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes:
May 24 17:29:31 ashley tinc.powercraft01[11557]: server01
May 24 17:29:31 ashley tinc.powercraft01[11557]: End of no
May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges:
May 24 17:29:31 ashley tinc.powercraft01[11557]: End of ed
May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet li
May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:
May 24 17:29:31 ashley tinc.powercraft01[11557]: End of su

#--------------------------------------------------------tcpdump -n -i br0 broadcast

tcpdump -n -i tun0 broadcast

#--------------------------------------------------------tcpdump -n -e -i br0 icmp

tcpdump -A -p -n -i br0 port 80
tcpdump -A -p -n -i br0
tcpdump -i br0 host 84.245.3.195 -l

#--------------------------------------------------------cat /var/lib/dhcp3/dhcpd.leases

#--------------------------------------------------------www.tinc-vpn.org/examples/simple-bridging-with-dhcp-server-side/

6/7

2/15/13

simple-bridging-with-dhcp-server-side

# optional
export LAN01=vlan2
export VPN02=br0
# /sbin/iptables --append FORWARD --in-interface br0 --out
/sbin/iptables --append FORWARD --in-interface ${VPN02} --

#---------------------------------------------------------

Powered by ikiwiki

www.tinc-vpn.org/examples/simple-bridging-with-dhcp-server-side/

Last edited November 21st 2010

7/7