tgwnet is a peer-to-peer VPN based on the excellent tincd.

Tier 1 nodes

Tier 2 nodes

(may not always be up-to-date)

How to add a new tier 1 node

These instructions are not yet complete, such as, they don’t reflect the following sentence. Suppose you are setting up a host called host and your IP block assignment is 172.19.44.0 and you want to use 172.19.44.1 as your tier 1 node’s IP address (you can use anything in your pool).

Information

Contact Sean to get an IP pool allocation, which will be of the form 172.19.4X.X (makes them easier to remember if we just go up 43, 44, 45…—and no-one gets 42, to prevent arguments :P). The idea is one class B(?) per tier 1 node admin i.e. TGW member. Choose an IP address for your tier 1 node, from your IP pool. E-mail this information to Sean so the table above can be updated.

It’s possible to use tinc to bridge your local LAN into tgwnet with only one machine (generally your router) running tinc. If you want to do this, the easiest thing to do is get a second class B(?) for your LAN’s computers which your router’s DHCP server can be setup to hand out.

GNU/Linux

Install the tincd package however your distribution does that. Also install avahi-daemon to get automagic distributed DNS. Now mkdir /etc/tinc/tgwnet/hosts (throughout you can use some other word instead of tgwnet; it’s a purely local identifier) and then edit /etc/tinc/tgwnet/tinc.conf:

Name = hestia
Interface = tap1
AddressFamily = ipv4
LocalDiscovery = yes
ConnectTo = hestia
Mode = switch

You can add the following lines to bind on more than one port, for example if you need access to your tier 1 node from within Balliol’s ridiculous LAN.

BindToAddress = * 655
BindToAddress = * 1194

Replacing the IP address in the below with your tier 1 node’s IP address that you selected earlier, create /etc/tinc/tgwnet/tinc-up

#!/bin/sh
ifconfig $INTERFACE 172.19.43.122 netmask 255.255.0.0

and chmod this file to 755. Now create /etc/tinc/tgwnet/hosts/hestia where hestia is your tier 1 host’s name (yes, the machine you are creating the file on):

Subnet = 172.19.43.122/32

where the IP address here is your chosen IP for your tier 1 node. Now execute, as root, tincd -n tgwnet -K4096 to generate a keypair for your host. Accept the default location to save the public key. E-mail this public key /etc/tinc/tgwnet/host, PGP signed and encrypted, to Sean. He will send you back a file to be put as /etc/tinc/tgwnet/hestia; this is hestia’s public key, so that you can connect in to the rest of the network.

If you like you could establish similar relationships with other tier 1 hosts but this isn’t strictly necessary as tinc will automatically build the tunnels. If you do establish such relationships, though, notify Sean so he can update the above table.

The node is now operational and you can go ahead and add tier 2 nodes using the instructions below. Test by pinging things like zephyr.local and watch to see if the ping times drop as tunnels are built, assuming Sean has his computer on.

Windows

Very similar to the above, just different config file locations etc.

How to add a new tier 2 node

These instructions are not yet complete.

GNU/Linux

Very similar to adding a tier 1 node, except you need to supply the tier 1 node’s public key file, obviously, and the ConnectTo statement in /etc/tinc/tgwnet/tinc.conf should point to your tier 1 node.

Windows

Very similar to the above, just different config file locations etc.