How to run two or multiple networks instance of Tinc VPN on same box

Posted on in Categories , , last updated June 20, 2017

How do I use Tinc to create a mesh network of two different VPN on the same server? Is it possible to create multiple VPN tunnels between two hosts using tinc VPN software?

Tinc is a fabulous, mesh based VPN. It can be used to build a secure, encrypted VLAN over the internet or insecure LAN or two instances of cloud computers.

From the official docs:

In order to allow you to run more than one tinc daemon on one computer, for instance if your computer is part of more than one VPN, you can assign a netname to your VPN. It is not required if you only run one tinc daemon, it doesn’t even have to be the same on all the sites of your VPN, but it is recommended that you choose one anyway.

We will assume you use a netname throughout this document. This means that you call tincd with the -n argument, which will assign a netname to this daemon. The effect of this is that the daemon will set its configuration root to /etc/tinc/netname/, where netname is your argument to the -n option. You’ll notice that it appears in syslog as tinc.netname.

However, it is not strictly necessary that you call tinc with the -n option. In this case, the network name would just be empty, and it will be used as such. tinc now looks for files in /etc/tinc/, instead of /etc/tinc/netname/; the configuration file should be /etc/tinc/tinc.conf, and the host configuration files are now expected to be in /etc/tinc/hosts/.

But it is highly recommended that you use this feature of tinc, because it will be so much clearer whom your daemon talks to. Hence, we will assume that you use it.

Follow my tinc configuration instruction, provision two separate tinc VPNs named vpn0 and vpn1. Let us say you have two vpn as follows in /etc/tinc on serverA with two different subnets for two VPNs. The only difference is you need to define port for each VPN. For example vpn0 will use port 655 and vpn1 will use 656 port numbers.

VPN #1: /etc/tinc/vpn0/ – 172.16.1.1/32

First you must define Port in /etc/tinc/vpn0/tinc.conf

Name = serverA
Device = /dev/net/tun
BindToAddress = 192.168.4.5
AddressFamily = ipv4
Port = 655

Next you must update /etc/tinc/vpn0/hosts/serverA and /etc/tinc/vpn0/hosts/serverB files to include Port Number:
$ cat /etc/tinc/vpn0/hosts/serverA
Sample outputs:

Address = 192.168.4.5
Subnet = 172.16.1.1/32
Port = 655

-----BEGIN RSA PUBLIC KEY-----
.....
...
your random key here
....
-----END RSA PUBLIC KEY-----

$ cat /etc/tinc/vpn0/hosts/serverB
Sample outputs:

Subnet = 172.16.1.2/32
Port = 655

-----BEGIN RSA PUBLIC KEY-----
.....
...
your random key here
....
-----END RSA PUBLIC KEY-----

VPN #2: /etc/tinc/vpn1/ – 172.16.2.1/32

First you must define Port in /etc/tinc/vpn1/tinc.conf

Name = serverA
Device = /dev/net/tun
BindToAddress = 192.168.4.5
AddressFamily = ipv4
Port = 656

Next you must update /etc/tinc/vpn1/hosts/serverA and /etc/tinc/vpn1/hosts/serverB files to include Port Number:
$ cat /etc/tinc/vpn1/hosts/serverA
Sample outputs:

Address = 192.168.4.5
Subnet = 172.16.1.1/32
Port = 656

-----BEGIN RSA PUBLIC KEY-----
.....
...
your random key here
....
-----END RSA PUBLIC KEY-----

$ cat /etc/tinc/vpn1/hosts/serverB
Sample outputs:

Subnet = 172.16.1.2/32
Port = 656

-----BEGIN RSA PUBLIC KEY-----
.....
...
your random key here
....
-----END RSA PUBLIC KEY-----

Basically you need to define port for each new VPN on same server. Once done, update your /etc/tinc/nets.boot to include both vpn0 and vpn1:
$ cat /etc/tinc/nets.boot
Sample outputs:

## This file contains all names of the networks to be started on system startup.
vpn0
vpn1

Restart the tinc on servers:
$ systemctl restart tinc
Verify it:
$ ip r
$ ip a
$ ping ip-of-clientB
$ ping ip-of-serverA
$ ping ip-of-clientA
$ ping ip-of-serverB

Make sure you update firewall rule set to allow both port numbers i.e. 655 and 656.

This entry is 3 of 3 in the Open Source Virtual Private Network (VPN) series. Keep reading the rest of the series:
  1. How To Setup OpenVPN Server In 5 Minutes on Ubuntu Server
  2. How to install tinc VPN on Ubuntu Linux 16.04 to secure traffic
  3. Run two or multiple networks instance of Tinc VPN

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Leave a Comment