December 9, 2015 | Article | No Comments
There are cases where we want to create more than one VPN tunnels between a pair of hosts. Well this is possible and this is what we want to discuss in this article.
Why Multiple Tunnels?
As the question goes, why?
With multiple tunnels, you could use each tunnel for a different purpose, achieving full isolation among traffic belonging to different tunnels. Depending on which tunnel traffic goes through, you could even apply different QoS or security policies to the underlying traffic.
In this example, we will create two VPN tunnels between hosts Alice and Bob. Assuming that Alice serves as a tinc VPN bootstrapping point, while Bob initiates a connection to Alice. Two VPNs created between Alice and bob are named vpn1 and vpn2.
In tinc, one tinc daemon can only manage one VPN. This means that if you want to create multiple tunnels between two hosts, you need to run as many tinc daemons on each host.
To a basic set up, you can follow this article in the configuration section.
Create VPN Configuration
Using the guide above, create two separate tinc VPNs named vpn1 and vpn2. If you follow the tinc configuration instruction, two sets of tinc configuration files will be stored in /etc/tinc/vpn1 and /etc/tinc/vpn2. Make sure to use two distinct tinc interface names (e.g., tun0, tun1) as well as two different subnets for these two VPNs.
By default, listens on port 655 for incoming connections. Thus we cannot run more than one tinc daemons with the default port setting. For two VPNs vpn1 and vpn2, you can use the default port for one VPN (e.g., vpn1), but need to use another port for the other VPN (e.g., vpn2). Therefore, we need to configure a port number to use for vpn2 (in our scenario).
On both hosts alice and bob, append the following in /etc/tinc/vpn2/hosts/alice and /etc/tinc/vpn2/hosts/bob. The port number can be anything other than tinc’s default port number 655.
Port = 700
Make sure the port is available.
Once tinc configurations are done, start two tinc daemons on each host as follows (using root privileges):
tincd --net=vpn1 tincd --net=vpn2