Posted: Tue Aug 24, 2010 20:33 Post subject: Mesh VPN support (CloudVPN or Tinc)?
CloudVPN is a modular, advanced mesh networking tool intended to bring great features of decentralized and secure networking to your home
What is CloudVPN good for?
If you need a secure packet transport (just like Ethernet VPN for playing games and downloading stuff) and need a truly decentralized solution.
I'd like to see mesh VPN included but using tinc instead of CloudVPN. I already have tinc running very well in a ~10 node mesh on dd-wrt, but would like to have it built in instead of having to build my own images with the firmware modification kit.
I hadn't seen CloudVPN before. Seems a bit 'young'. One developer, started in May, and he's already re-writing it?
I used to use tinc, but switched to OpenVPN. Often large companies with conservative IT departments refuse to let UDP traffic through their firewall (outbound or inbound), rendering tinc useless.
Yes, I understand the technical arguments for using UDP as the VPN transport. But they're rendered moot if the VPN traffic can't traverse someone else's firewall.
The nice thing about SSL connections is that they tend to get 'lost in the noise' on a corporate network, particularly if you change the destination port number to 443 (HTTPS). That's gotten me a VPN connection back to my home machine from behind the most paranoid of firewalls.
Just to be clear - I'm not criticizing the IT admins for being conservative with firewall policies. I'd do the same if asked to administer a large corporate network with many non-technical users on it.
The whole mesh networking thing is very interesting to me. I'd love to see wireless, wired and VPN mesh technologies all mixed together into a cohesive mesh networking system anyone could use. 'My personal network' extending beyond the walls of my home to include mobile devices and my machine at work. Plus the resilience of being able to borrow a little bandwidth from your neighbor if your internet link is down at home (with their consent, obviously).
I used to use tinc, but switched to OpenVPN. Often large companies with conservative IT departments refuse to let UDP traffic through their firewall (outbound or inbound), rendering tinc useless.
I haven't personally tried it but the man page for tinc says you can have it tunnel over TCP. It even notes that since version 1.0.10 it will auto detect when it can't use UDP.
That said, I agree that OpenVPN is often a better option for that sort of connectivity. I ran it for a long time before moving to tinc. The only reason for the switch was moving to a mesh configuration from the previous star pattern.
I've been using tinc AND monitoring CloudVPN for about a year - it works very well. Not always as fast as OpenVPN but yet stable what's more important to me as i've got multiple "clients" unreachable from outside.
Also, when tinc is introduced to dd-wrt, more and more people will use it and that might help it (tinc) grow faster with more features introduced and more testing done.
I'd like to see mesh VPN included but using tinc instead of CloudVPN. I already have tinc running very well in a ~10 node mesh on dd-wrt, but would like to have it built in instead of having to build my own images with the firmware modification kit.
I've just gotten around to playing with the firmware modification kit, seems pretty straight forward. I was wondering though if you'd be willing to post your bin file you've made with tinc. I'd love to play around with it.
I've just gotten around to playing with the firmware modification kit, seems pretty straight forward. I was wondering though if you'd be willing to post your bin file you've made with tinc. I'd love to play around with it.
No problem. I've attached the compiled version along with some libs used with it.
Any more progress regarding adding this to DD-WRT?
Or perhaps make it available as an Optware Pkg?
I want to confirm some assumptions that I am making after reading about CloudVPN and Tinc.
First, I see two roles to be played
1) CloudVPN nodes(routers/linux boxes) and
2) CloudVPN clients(WinPCs/Laptops, LinuxPCs/Laptops)
NOW....
To create a true mesh vpn you will need:
a) At least two CloudVPN Nodes/Routers or Linux Boxes connected to the Internet, preferably more to create a true mesh.
b) The mesh can be:
1)Private (like a company that has many offices and it's own IT group that manages their WAN / Firewall), or
2)Public (like a community effort ala Tor/Vidalia style but able to offer higher speeds?) I imagine there is a public mesh of routers up and running to test the product?
c) There is no way for the Nodes/Routers to be compromised because they are simply forwarding/routing encrypted packets .. RIGHT?
Now...
Does anyone know how much privacy this offers regarding the end-points, meaning PC-A communicating via the VPN Cloud to PC-B or Server-C. There are many countries that block IP traffic based on source network so how does CloudVPN or Tinc deal with this? Just an open question if someone knows more about it.
I like the concept of Full Mesh VPN ala OSPF, just trying to visualize it's implementation in the real world using generally available hardware like RT-N16 Routers and/or Linux and Windows PCs.
There is
1. Statically built standalone binary that should work on most systems.
2. Binary built to work with Optware.
3. Binary built to work with Entware http://code.google.com/p/wl500g-repo/
Mesh VPN can be very practical when linking several sites. Tinc works very similarly to OpenVPN, there is a routed and bridged option. Routed mode should be sufficient for most situations. If you do use bridged mode, it is possible to block DHCP and other protocols over the bridge, but each router must then support ebtables. Best of all you're not loading one location's bandwidth like you would with a star topology VPN.
Posted: Thu Nov 15, 2012 14:11 Post subject: tinc compilation
Hello!
lancethepants
As I can see you are compiled tinc for mipsel arch. Саn you compile tinc for mips arch? I want to install it on my Linksys WRT160NL.
I tried to compile tinc using dd-wrt toolchains using staging_dir_mips but got an error:
"/usr/etc\" -DLOCALSTATEDIR=\"/dd-wrt/staging_dir_mips/usr/var\" -g -O2 -MT net.o -MD -MP -MF .deps/net.Tpo -c -o net.o net.c
net.c: In function 'main_loop':
net.c:539: error: conflicting types for 'node'
net.c:505: error: previous declaration of 'node' was here
net.c:539: error: 'for' loop initial declaration used outside C99 mode
net.c:550: warning: assignment from incompatible pointer type
net.c:566: warning: assignment from incompatible pointer type
net.c:573: warning: assignment from incompatible pointer type
net.c:573: warning: assignment from incompatible pointer type
net.c:574: warning: assignment from incompatible pointer type
make[2]: *** [net.o] Ошибка 1
make[2]: Leaving directory `/dd-wrt/tinc/tinc-1.0.19/src'
make[1]: *** [all-recursive] Ошибка 1
make[1]: Leaving directory `/dd-wrt/tinc/tinc-1.0.19'
make: *** [all] Ошибка 2 "
Posted: Wed Nov 28, 2012 13:04 Post subject: compiling progress
So, I compiled it, but when try to start it on router something strange happens.
If I pass wrong arg to tincd I got an error message which say me try --help, its ok. But when I try to use even --help - I got nothing, just command line again. If I try to start tincd with known good config, I got 100% load of CPU and nothing else from tincd.
As I understand I am doing something wrong.
For compiling I tried to use:
- staging_dir_mips
- staging_dir_mips_pb42
- toolchain-mips_r2_gcc-linaro_uClibc-0.9.32
With all of them compile process finished sucessfully with no errors.
Env variables I set up like this (last try)
export TOOLCHAIN_PATH=/dd-wrt/toolchain-mips_r2_gcc-linaro_uClibc-0.9.32
export PATH=$PATH:$TOOLCHAIN_PATH/bin/
export AR=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-ar
export AS=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-as
export LD=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-ld
export NM=$TOOLCHAIN_PATH//bin/mips-linux-uclibc-nm
export CC=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-gcc
export CPP=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-cpp
export GCC=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-gcc
export CXX=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-g++
export RANLIB=$TOOLCHAIN_PATH/bin/mips-linux-uclibc-ranlib
export STAGING_DIR=$TOOLCHAIN_PATH
export CFLAGS="-g -O0 -std=gnu99 -static"
then in configure script used --target=mips-linux --host=mips-linux