当前位置:网站首页>Pfsense configuring tinc site to site tunneling tutorial

Pfsense configuring tinc site to site tunneling tutorial

2022-06-21 20:32:00 51CTO

 ​tinc​​ Is a virtual private network (VPN) A daemon , It uses encrypted tunnels in Internet Establish a secure private network between hosts on .tinc It's free software , according to GNU General public license No 2 Version or later is licensed . because VPN stay IP Level network code is represented as a common network device , There is no need to adapt any existing software , allow VPN Site through Internet Share information with each other , Without exposing any information to others .tinc It has the following characteristics :

  • encryption 、 Authentication and compression : All flows are optional zlib or LZO Compress , Use LibreSSL or OpenSSL Encrypted traffic .
  • Automatic full mesh routing : Set it up anyway tinc To connect with each other ,VPN Flow always ( If possible ) Send directly to the destination , Without having to go through an intermediate hop .
  • NAT through : as long as VPN A node in allows public IP Incoming connections on addresses ( Even if it's dynamic IP Address ),tinc Then we can do NAT through , This allows direct communication between peers .
  • Easily expand : When you need to add a new node , Just add an additional configuration file .
  • You can bridge Ethernet segments : Multiple Ethernet segments can be linked together , Work like a single network segment .
  • Support IPv6: Support... On various mainstream platforms IPv6 Application .

pfSense Provide for the right to tinc Good support for , You can install tinc Plug-in method to configure and use , Let's say pfSense plus 22.01 For example , Introduce how to pass between two firewalls tinc establish VPN The process of tunneling .

The network configuration

A firewall A( Dark screenshot ):                              A firewall B( Light color screenshot ):

WAN IP:202.10X.XX.XX                      117.4X.XX.XX

LAN IP:192.168.11.1/24                      192.168.12.1/24

install tinc

First, install... On two firewalls tinc plug-in unit . Navigate to the system separately > Plug-in management , On the available plug ins tab , Search for tinc, After finding , Click the Install button on the right to install . After installation , Just go ahead tinc Tunnel configuration .

On the firewall tinc Tunnel configuration is divided into tunnel settings 、 Remote host settings and firewall rules are added in three parts .

Tunnel setup

Navigate to VPN>tinc, On the Settings tab , Enter the following parameters :

SITEA:

  • Enable TInc VPN: Choose
  • name :SITEA
  • Local IP:192.168.11.1
  • Local subnet :192.168.11.0/24
  • VPN Mask :255.255.0.0
  • Address family :IPv4
  • Generate RSA Key pair : Choose

pfSense To configure TINC Site to site tunneling tutorial _tinc

Click to display advanced options , In addition Tinc Parameter bar , Enter the following options :

      
      
Node=router
Cipher=blowfish
Digest=sha1
  • 1.
  • 2.
  • 3.

pfSense To configure TINC Site to site tunneling tutorial _tinc_02

SITEB:

  • Enable TInc VPN: Choose
  • name :SITEB
  • Local IP:192.168.12.1
  • Local subnet :192.168.12.0/24
  • VPN Mask :255.255.0.0
  • Address family :IPv4
  • Generate RSA Key pair : Choose

pfSense To configure TINC Site to site tunneling tutorial _tinc_03

Additional... At advanced options Tinc Parameter bar , And SITEA Agreement .

Add host

Navigate to VPN>tinc, Hosts tab , Add each other as a remote host .

SITEA:

  • name :SITEB
  • Address :SITEB Of WAN Address , Here for 117.4X.XX.XX
  • subnet :SITEB Of LAN subnet , Here for 192.168.12.0/24
  • Connect on startup : No election , Just select at one end
  • RSA The public key : from SITEB Of tinc vpn Copy on the tunnel

pfSense To configure TINC Site to site tunneling tutorial _tinc_04 ​​

Click save and the list is as follows :

pfSense To configure TINC Site to site tunneling tutorial _tinc_05

SITEB:

  • name :SITEA
  • Address :SITEA Of WAN Address , Here for 202.1X.XX.XX
  • subnet :SITEA Of LAN subnet , Here for 192.168.11.0/24
  • Connect on startup : Choose
  • RSA The public key : from SITEA Of tinc vpn Copy on the tunnel

pfSense To configure TINC Site to site tunneling tutorial _tinc_06

Click save and the list is as follows :

pfSense To configure TINC Site to site tunneling tutorial _tinc_07

Add firewall rules

Add two firewall rules , One is to allow the tunnel to access any network , One is in wan Release on the interface tinc Default communication port for 655.

stay pkg_tinc On the tab , Add one any to any The rules , Allow access to any network through a tunnel .

pfSense To configure TINC Site to site tunneling tutorial _tinc_08

stay wan On the tab , Add a release tcp agreement 655 Port rules , And put it at the top of the rules .

pfSense To configure TINC Site to site tunneling tutorial _tinc_09

The rules of the two firewalls are the same , Here is just SITEA Example .

Connect the test

After the above settings are correct , Now it should be able to connect normally .

Navigate to status >Tinc VPN, You can view the connection information of the tunnel :

pfSense To configure TINC Site to site tunneling tutorial _tinc_10

Use on the firewall PING To test , normal Ping Through remote gateway .

pfSense To configure TINC Site to site tunneling tutorial _tinc_11

On the client computer , function Ping command , normal ping Through remote gateway :

pfSense To configure TINC Site to site tunneling tutorial _tinc_12

Use iperf Speed measurement ,300M Uplink and downlink peer-to-peer private lines , Measured VPN The tunnel speed is as follows :

pfSense To configure TINC Site to site tunneling tutorial _tinc_13

thus ,pfSense Upper Tinc VPN Site to site tunnel configuration is complete .

原网站

版权声明
本文为[51CTO]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/172/202206211836364114.html