Creating a Secure Connection Between Two Debian/Ubuntu Servers Using Tinc
Tinc is a multi-platform VPN daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet.
In this tutorial, we will cover the process if setting up a secure connection between two servers to securely transfer files between them.
Tinc can be installed via
apt on Debian and Ubuntu, which is what we will be doing in this tutorial:
apt-get install tinc
Once installed, you will need to navigate to
/etc/tinc and create a sub directory with any name. The newly created directory will contain all the necessary configuration files for our new private network.
The next step would be to
/etc/tinc/nets.boot and add a new line with the name of the newly created directory.
The next step would be to create a Tinc configuration file in the newly created directory. The configuration file should be named
tinc.conf using your favorite text editor and add the following lines:
Name = Name-of-this-Machine
AddressFamily = any
Mode = switch
Interface = tap0
ConnectTo = Name-of-the-other-Machine
The contents of this file will provide the Tinc daemon with the necessary information to establish the secure VPN connection between the current server and the other server you wish to establish connection with.
The next step would be to create a new file named
tinc-up which assigns the proper address to our VPN Interface:
ifconfig $INTERFACE up
ip addr add 10.100.100.1/31 dev $INTERFACE
Since you need to shut down the interface when stopping Tinc, we need to create a second file named
tinc-down which shuts down the VPN Interface.
ifconfig $INTERFACE down
Note: The private IP address used in this tutorial is only an example, you can use any private subnet/ip you prefer.
Tinc uses a rather secure schema for creating the private and public keys used for authentication. Before we create the keys, we need to create a new directory named
hosts; in this directory, we will be creating a new file named
tinc.conf with the following lines in it.
Address = External IP of our server
Port = Unused Port for connection
Then, we can create the key files:
tincd -n NETWORK_NAME -K4092
NETWORK_NAME with the name of the folder you created in Configuration.
Assuming you configured your other server the same way you configured the one referenced in this tutorial, you will need to copy
host file from the current server to the other/destination server.
Once the key files are present on both server, you can start Tinc using the below command:
tincd -n NETWORKNAME
Tinc is a very secure Layer2 VPN Daemon and performs rather well, especially when it comes to bandwidth throughput, as well as compression. Additionally, it features AES-256 Encryption which is a huge advantage.
This concludes our tutorial. Thank you for reading.