Interwebs.life

Setting up a VPN with Tinc

host-from-home cloud raspberry-pi docker tinc

Now that we have a cloud server and a local Raspberry Pi, we need to connect the two together. We can use Tinc VPN to create a private network even over a residential internet connection.

Tinc with docker #

I used this site for reference while setting up my server: Using tinc to access a home server – Jordan Crawford. I didn't like that two different docker images (and tinc versions) were used for the cloud server and the pi though, so I created my own image that will run on both. You can get the source from github at https://github.com/iwbz-life/docker-tinc and pull the x86 and arm images from dockerhub at https://hub.docker.com/r/iwbzlife/tinc. This image includes an init command that will automate much of the setup.

Set up the cloud server #

Pull the image from dockerhub:

docker pull iwbzlife/tinc:x86-latest

Run the image to generate the tinc files. This assumes the cloud server will be named cloud and will have an internal ip address of 10.0.0.1. The config files will end up in the mounted volume, in this case /home/iwbz/tinc.

docker run --rm \
  -v /home/iwbz/tinc:/etc/tinc \
  iwbzlife/tinc:latest init \
  --name cloud \
  --internal 10.0.0.1 \
  --external $(hostname -I | awk '{print $1}')

Copy the generated config file /home/iwbz/tinc/hosts/cloud to the home server, then start up the server:

docker run -d \
  --name tinc \
  --net=host \
  --device=/dev/net/tun \
  --cap-add NET_ADMIN \
  -v /home/iwbz/tinc:/etc/tinc \
  iwbzlife/tinc:latest

Set up the home server #

Pull the image from dockerhub:

docker pull iwbzlife/tinc:arm-latest

Run the image to generate the tinc files. This assumes the home server will be named home and will have an internal ip address of 10.0.0.2. The config files will end up in the mounted volume, in this case /home/pi/tinc.

docker run --rm \
  -v /home/pi/tinc:/etc/tinc \
  tinc init \
  --name home \
  --internal 10.0.0.2 \
  --connect-to cloud

Copy the generated config file /home/pi/tinc/hosts/home to the cloud server, then start up the server:

docker run -d \
  --name tinc \
  --net=host \
  --device=/dev/net/tun \
  --cap-add NET_ADMIN \
  --volume /home/pi/tinc:/etc/tinc \
  tinc:latest

Conclusion #

At this point, the network should be up and running. The next step will be to set up a reverse proxy from the cloud server to the home server to allow traffic to pass through.

← Home