generate public/private keypairs with
# tincd --net=chaos --generate-keys=2048
press Enter 2 times and backup the files on an extern device.
Devise a network-nick and a unique IP range you will be using
This network-nick or sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running, not necessarily the name of the user, there may even be more than one gateway per user.
Used below where <nodename> is.
Please use only characters a-z, 0-9 and _ in it.
Second please select an unused IPv4 range out of IPRanges, and write yourself down in that wiki page to mark your future range as in-use. Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.
Repeat: Please do not forget to add yourself to the list at IPRanges to mark your range as used.
Used below where <ipv4 subnet in the vpn> is.
The usage of IPv6 networks is also possible, but we do not have a central range for this (yet), you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN, or a private IPv6 ULA (Unique Local Address) network described in RFC4193. For more info about ULA and a network-range generator please also see http://www.sixxs.net/tools/grh/ula/ .
Used below where <ipv6 subnet in the vpn> is.
The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.
Better supply a hostname than a raw IP address even if it is static, so you can change it youself and do not need to contact us when needed. (Perhaps something linke chaosvpn.yourdomain.example)
Used below where <clienthost> is.
Mail us your Infos
- send via email to firstname.lastname@example.org
We need the following info - but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn - or at least make us laugh. :)
(Please remove all lines starting with # from the email, they are just descriptions)
[<nodename>] gatewayhost=<clienthost> # This should be the external hostname or ip address of the client host, not a VPN address. # If the client is not reachable over the internet leave it out and set hidden=1 below. # If possible supply a hostname (even dyndns) and not an ip address for easier changing # from your side without touching the central config. network=<ipv4 subnet in the vpn> network6=<ipv6 subnet in the vpn> # (mandatory, must include) # this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional # # These subnets must be unique in our vpn, # simply renumber your home network (or use something like NETMAP) with a network block that is still free. # # Please use the list of assigned networks on [[ChaosVPN::IPRanges]], and add yourself there. owner= # (mandatory, must include) # Admin of the VPN gateway, with email address - a way to contact the responsible # person in case of problems with your network link. port=4712 # (optional) # if not specified tinc works on tcp+udp port 655 # it is better if everyone chooses a random port for this. # either this specified port or port 655 needs to accept TCP and UDP traffic from outside. hidden=0 # (optional) # "I cannot accept inbound tunnel connections, I can only connect out." # (e.g. behind a NAT) silent=0 # (optional) # "I cannot connect out, but you can connect to me." # Only ONE of hidden=1 or silent=1 is possible. -----BEGIN RSA PUBLIC KEY----- .... -----END RSA PUBLIC KEY----- # (mandatory, must include) # rsa-public-key - contents of your /etc/tinc/chaos/rsa_key.pub