Mesh VPN support (CloudVPN or Tinc)?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking

Is there a need for a Mesh VPN solution like CloudVPN or Tinc?
yes, for commercial use
9%
 9%  [ 6 ]
yes, for private use
81%
 81%  [ 52 ]
no
9%
 9%  [ 6 ]
Total Votes : 64

Author Message
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Tue Aug 24, 2010 20:33    Post subject: Mesh VPN support (CloudVPN or Tinc)? Reply with quote
CloudVPN is a modular, advanced mesh networking tool intended to bring great features of decentralized and secure networking to your home

What is CloudVPN good for?
If you need a secure packet transport (just like Ethernet VPN for playing games and downloading stuff) and need a truly decentralized solution.

http://freecode.com/projects/cloudvpn

http://www.tinc-vpn.org

opennhrp.sf.net

http://svn.dd-wrt.com:8000/dd-wrt/ticket/1696

_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!


Last edited by Sash on Mon Jan 20, 2014 15:09; edited 4 times in total
Sponsor
apnar
DD-WRT Novice


Joined: 21 Jul 2010
Posts: 7

PostPosted: Wed Nov 17, 2010 16:48    Post subject: Reply with quote
I'd like to see mesh VPN included but using tinc instead of CloudVPN. I already have tinc running very well in a ~10 node mesh on dd-wrt, but would like to have it built in instead of having to build my own images with the firmware modification kit.

tinc URL: http://www.tinc-vpn.org/
Paul.C
DD-WRT Novice


Joined: 01 Dec 2010
Posts: 2

PostPosted: Wed Dec 01, 2010 1:29    Post subject: Reply with quote
I hadn't seen CloudVPN before. Seems a bit 'young'. One developer, started in May, and he's already re-writing it?

I used to use tinc, but switched to OpenVPN. Often large companies with conservative IT departments refuse to let UDP traffic through their firewall (outbound or inbound), rendering tinc useless.

Yes, I understand the technical arguments for using UDP as the VPN transport. But they're rendered moot if the VPN traffic can't traverse someone else's firewall.

The nice thing about SSL connections is that they tend to get 'lost in the noise' on a corporate network, particularly if you change the destination port number to 443 (HTTPS). That's gotten me a VPN connection back to my home machine from behind the most paranoid of firewalls.

Just to be clear - I'm not criticizing the IT admins for being conservative with firewall policies. I'd do the same if asked to administer a large corporate network with many non-technical users on it.

The whole mesh networking thing is very interesting to me. I'd love to see wireless, wired and VPN mesh technologies all mixed together into a cohesive mesh networking system anyone could use. 'My personal network' extending beyond the walls of my home to include mobile devices and my machine at work. Plus the resilience of being able to borrow a little bandwidth from your neighbor if your internet link is down at home (with their consent, obviously).

We can dream, can't we? :)

-- Paul
apnar
DD-WRT Novice


Joined: 21 Jul 2010
Posts: 7

PostPosted: Wed Dec 01, 2010 2:08    Post subject: Reply with quote
Paul.C wrote:
I used to use tinc, but switched to OpenVPN. Often large companies with conservative IT departments refuse to let UDP traffic through their firewall (outbound or inbound), rendering tinc useless.


I haven't personally tried it but the man page for tinc says you can have it tunnel over TCP. It even notes that since version 1.0.10 it will auto detect when it can't use UDP.

That said, I agree that OpenVPN is often a better option for that sort of connectivity. I ran it for a long time before moving to tinc. The only reason for the switch was moving to a mesh configuration from the previous star pattern.

-apnar
dvlad666
DD-WRT Novice


Joined: 03 Feb 2009
Posts: 47

PostPosted: Sat Jan 01, 2011 20:29    Post subject: Reply with quote
I also do support including tinc in dd-wrt!

I've been using tinc AND monitoring CloudVPN for about a year - it works very well. Not always as fast as OpenVPN but yet stable what's more important to me as i've got multiple "clients" unreachable from outside.

Also, when tinc is introduced to dd-wrt, more and more people will use it and that might help it (tinc) grow faster with more features introduced and more testing done.
lancethepants
DD-WRT Novice


Joined: 24 Feb 2011
Posts: 34

PostPosted: Wed Mar 02, 2011 3:31    Post subject: Reply with quote
apnar wrote:
I'd like to see mesh VPN included but using tinc instead of CloudVPN. I already have tinc running very well in a ~10 node mesh on dd-wrt, but would like to have it built in instead of having to build my own images with the firmware modification kit.

tinc URL: http://www.tinc-vpn.org/


I've just gotten around to playing with the firmware modification kit, seems pretty straight forward. I was wondering though if you'd be willing to post your bin file you've made with tinc. I'd love to play around with it.
apnar
DD-WRT Novice


Joined: 21 Jul 2010
Posts: 7

PostPosted: Wed Mar 02, 2011 22:41    Post subject: Reply with quote
lancethepants wrote:

I've just gotten around to playing with the firmware modification kit, seems pretty straight forward. I was wondering though if you'd be willing to post your bin file you've made with tinc. I'd love to play around with it.


No problem. I've attached the compiled version along with some libs used with it.
zoomlink
DD-WRT User


Joined: 08 May 2011
Posts: 221

PostPosted: Mon Sep 26, 2011 14:53    Post subject: Reply with quote
Any more progress regarding adding this to DD-WRT?

Or perhaps make it available as an Optware Pkg?

I want to confirm some assumptions that I am making after reading about CloudVPN and Tinc.

First, I see two roles to be played
1) CloudVPN nodes(routers/linux boxes) and
2) CloudVPN clients(WinPCs/Laptops, LinuxPCs/Laptops)

NOW....
To create a true mesh vpn you will need:

a) At least two CloudVPN Nodes/Routers or Linux Boxes connected to the Internet, preferably more to create a true mesh.

b) The mesh can be:
1)Private (like a company that has many offices and it's own IT group that manages their WAN / Firewall), or
2)Public (like a community effort ala Tor/Vidalia style but able to offer higher speeds?) I imagine there is a public mesh of routers up and running to test the product?

c) There is no way for the Nodes/Routers to be compromised because they are simply forwarding/routing encrypted packets .. RIGHT?

Now...

Does anyone know how much privacy this offers regarding the end-points, meaning PC-A communicating via the VPN Cloud to PC-B or Server-C. There are many countries that block IP traffic based on source network so how does CloudVPN or Tinc deal with this? Just an open question if someone knows more about it.

I like the concept of Full Mesh VPN ala OSPF, just trying to visualize it's implementation in the real world using generally available hardware like RT-N16 Routers and/or Linux and Windows PCs.
lancethepants
DD-WRT Novice


Joined: 24 Feb 2011
Posts: 34

PostPosted: Sat Jun 02, 2012 8:05    Post subject: Reply with quote
I've compiled several tinc binaries and have made them available at my site http://lancethepants.com/files

There is
1. Statically built standalone binary that should work on most systems.
2. Binary built to work with Optware.
3. Binary built to work with Entware http://code.google.com/p/wl500g-repo/

Mesh VPN can be very practical when linking several sites. Tinc works very similarly to OpenVPN, there is a routed and bridged option. Routed mode should be sufficient for most situations. If you do use bridged mode, it is possible to block DHCP and other protocols over the bridge, but each router must then support ebtables. Best of all you're not loading one location's bandwidth like you would with a star topology VPN.
MrFidget
DD-WRT User


Joined: 15 Jul 2010
Posts: 378

PostPosted: Tue Oct 09, 2012 8:39    Post subject: Reply with quote
Cool with the tinc binaries.

If I want to compile from source, do I need anything special with make file or is it all pretty straight forward ??

Cheers
Chris
d-r-o-n
DD-WRT Novice


Joined: 15 Nov 2012
Posts: 8

PostPosted: Thu Nov 15, 2012 14:11    Post subject: tinc compilation Reply with quote
Hello!
lancethepants
As I can see you are compiled tinc for mipsel arch. Саn you compile tinc for mips arch? I want to install it on my Linksys WRT160NL.
I tried to compile tinc using dd-wrt toolchains using staging_dir_mips but got an error:

"/usr/etc\" -DLOCALSTATEDIR=\"/dd-wrt/staging_dir_mips/usr/var\" -g -O2 -MT net.o -MD -MP -MF .deps/net.Tpo -c -o net.o net.c
net.c: In function 'main_loop':
net.c:539: error: conflicting types for 'node'
net.c:505: error: previous declaration of 'node' was here
net.c:539: error: 'for' loop initial declaration used outside C99 mode
net.c:550: warning: assignment from incompatible pointer type
net.c:566: warning: assignment from incompatible pointer type
net.c:573: warning: assignment from incompatible pointer type
net.c:573: warning: assignment from incompatible pointer type
net.c:574: warning: assignment from incompatible pointer type
make[2]: *** [net.o] Ошибка 1
make[2]: Leaving directory `/dd-wrt/tinc/tinc-1.0.19/src'
make[1]: *** [all-recursive] Ошибка 1
make[1]: Leaving directory `/dd-wrt/tinc/tinc-1.0.19'
make: *** [all] Ошибка 2 "


I tried to compile 1.0.19 version of tinc.
d-r-o-n
DD-WRT Novice


Joined: 15 Nov 2012
Posts: 8

PostPosted: Wed Nov 28, 2012 13:04    Post subject: compiling progress Reply with quote
So, I compiled it, but when try to start it on router something strange happens.
If I pass wrong arg to tincd I got an error message which say me try --help, its ok. But when I try to use even --help - I got nothing, just command line again. If I try to start tincd with known good config, I got 100% load of CPU and nothing else from tincd.
As I understand I am doing something wrong.
For compiling I tried to use:
- staging_dir_mips
- staging_dir_mips_pb42
- toolchain-mips_r2_gcc-linaro_uClibc-0.9.32
With all of them compile process finished sucessfully with no errors.
Env variables I set up like this (last try)
export TOOLCHAIN_PATH=/dd-wrt/toolchain-mips_r2_gcc-linaro_uClibc-0.9.32
export PATH=$PATH:$TOOLCHAIN_PATH/bin/
export AR=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-ar
export AS=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-as
export LD=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-ld
export NM=$TOOLCHAIN_PATH//bin/mips-linux-uclibc-nm
export CC=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-gcc
export CPP=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-cpp
export GCC=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-gcc
export CXX=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-g++
export RANLIB=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-ranlib
export STAGING_DIR=$TOOLCHAIN_PATH
export CFLAGS="-g -O0 -std=gnu99 -static"

then in configure script used --target=mips-linux --host=mips-linux

What I am doing wrong?
lancethepants
DD-WRT Novice


Joined: 24 Feb 2011
Posts: 34

PostPosted: Thu Dec 27, 2012 17:53    Post subject: Reply with quote
Check out my new mips test build and let me know.
xam_max
DD-WRT User


Joined: 27 Mar 2008
Posts: 156

PostPosted: Mon Jun 09, 2014 9:14    Post subject: Reply with quote
Hi, any news?
lancethepants
DD-WRT Novice


Joined: 24 Feb 2011
Posts: 34

PostPosted: Tue Jul 29, 2014 13:44    Post subject: Reply with quote
You can give this a try.
http://www.linksysinfo.org/index.php?threads/tinc-mesh-vpn-beta-testing.70257/
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum