Integrate Tinc into LibreMesh #99
Comments
|
This sounds like the GSoC idea of implementing LibreNet6 in LiMe. |
|
tinc can be great for connecting otherwise unconnected mesh segments, mainly in order to allow management and monitoring. I wouldn't route user traffic through tinc, the performance on those small MIPS CPUs is way to bad. If it's only about having a gateway VPN, I'd rather use tunneldigger which offers near-to wirespeed performance. See also openwrt/packages#4420 |
ilario
changed the title
|
any update about this? I need integrated vpn for private lan and share private services... |
|
No update. |
|
On 08/12/17 17:55, Nicolás Pace wrote:
No update.
There is a way to deal with this using OpenVPN, but you need to do it
manually.
Also, the approach here was not to route internet through it, but
actually to allow someone from outside to get into the network... so
it is not the case.
I would say it is the same approach. So the private vpn can be used for
accesing to the mesh network or to encrypt the outgoing traffic of the
mesh to the Internet.
… —
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#99 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABBo9qDdr_UXPiz_ari17u93MIMkP8deks5sXcrdgaJpZM4MvGRb>.
|
ilario
changed the title
|
added Wireguard to the issue title, which should be very efficient |
|
I'd vote for wireguard. Now that lime uses 17.01.4 it's supported by the kernel and should be useable. |
|
@nicoechaniz suggests to consider LibreNet6 integration in LibreMesh as a priority, this will need also babel routing protocol, as described here. Reason being the possibility to share services inside the community with other users outside the community network using the public IPv6. Another usage (maybe the most important) is to provide user support allowing direct ssh connection via IPv6. @nicoechaniz can you explain the scenario? Anyway, as @aparcar tested, Wireguard is faster and smaller than Tinc, so if the LibreNet6 Topu maintainers are ok with adding Wireguard on the side of Tinc, we could go directly for Wireguard. |
ilario
changed the title
ilario
changed the title
|
A problem of Wireguard is that is not yet considered stable but it's receiving a lot of interest, so it could reach stability quite soon. Moreover it's already packaged for LEDE 17.01.4 (see base/wireguard, base/wireguard-tools, luci/luci-app-wireguard, luci/luci-proto-wireguard). |
|
AFAIK wireguard tunnels are L3 only aka can't be used for routing protocols that needs L2 to send hello messages |
|
Regarding the size of various packages and their dependencies (measured compiling the armvirt image and comparing with plain lede-17.01.4-lime-default-armvirt-root.squashfs.gz image dimension): |
|
+1 for wireguard. In addition what people said: is extremely easy to configure and its lines are very clear (I configured years ago a tinc site-to-site, I was not very happy what configuration looks like). Tinc is user-space tunnel, wireguard is kernel-space. Interesting comparison biased to tinc: http://www.tinc-vpn.org/pipermail/tinc/2017-February/004755.html Some people did tests to encapsulate L2 traffic inside wireguard https://lists.zx2c4.com/pipermail/wireguard/2017-March/001156.html a partner did tests with wireguard + olsr for tunnel broker. He chose olsr as a simple/easy mesh protocol. I would like to know why babel. |
|
+1 for wireguard. It is extremely resource-efficient, tinc is (as already mentioned) difficult to configure for users, etc. Attempting, however, to establish a wireguard link to outside provider does not seem to route correctly, in LiMe 17.06 built on chef server. Documentation is scarce, and that which does exist does not correct the routing issues. |
|
I'm also interested in having Wireguard as a possible VPN backbone protocol when site-to-site wifi links are not feasible. I already tried to set it up manually, but there is no traffic going to the VPN even with a static route. What should be done to integrate it into LiMe? |
|
@aparcar I saw this Tinc package... should we consider this fixed? |
|
Check out #579 |
ilario
changed the title
Implement integration with Tinc VPN: http://tinc-vpn.org/
The text was updated successfully, but these errors were encountered: