This is an Ansible role for setting up one or many tinc VPN networks (https://www.tinc-vpn.org/).
Add role to your requirements.yml
:
- src: https://github.com/MatthiasLohr/ansible-role-tincvpn
name: matthiaslohr.tincvpn
It's also possible to specify the version to be installed by using the version
parameters.
Please read the Ansible Galaxy Documentation for details.
Set tincvpn_defaul_ip
for your hosts in inventory file:
[all]
node1 tincvpn_default_ip=192.168.255.1
node2 tincvpn_default_ip=192.168.255.2
node3 tincvpn_default_ip=192.168.255.3
Simple playbook example:
- hosts: all
roles:
- matthiaslohr.tincvpn
For examples how to configure multiple tinc networks in parallel, take a look at the documentation.
Variable Name | Default Value | Description |
---|---|---|
tincvpn_{{ tincvpn_network }}_ip |
none |
tinc IP address of this node (should be part of tincvpn_subnet ) |
Variable Name | Default Value | Description |
---|---|---|
tincvpn_network |
"default" |
Name of the tinc network (e.g. tinc configuration folder name). |
tincvpn_interface |
"tincvpn-{{ tincvpn_network }}" |
Name for the network interface used by tinc. |
tincvpn_subnet |
"192.168.255.0/24" |
Subnet used by tinc. |
tincvpn_mode |
"switch" |
Tinc Mode setting. |
tincvpn_port |
655 |
Tinc listening port. |
tincvpn_extra_hosts |
[] |
Additional tinc hosts available (not covered by playbook, read Additional Hosts). |
tincvpn_key_bits |
2048 |
Length of RSA private key. |
tincvpn_connect_to |
[] |
Nodes to connect to by default. You can give a single nodename as string or multiple nodes as list of strings. |
tincvpn_routes |
[] |
Add routes using the tinc VPN network interface. |
tincvpn_local_directory |
"{{ inventory_dir }}/tincvpn-hosts/{{ tincvpn_network }}" |
Where to save host public keys locally. |
tincvpn_custom_config |
{} |
Dictionary with tinc vpn custom config parameters. ex.: PingInterval: "60" |
tincvpn_custom_up_scripts |
[] |
Custom commands set for tinc-up script template. |
tincvpn_custom_down_scripts |
[] |
Custom commands set for tinc-down script template. |
In case you want to connect to a node that is not included in the Ansible inventory (e.g. a central router you want to connect to), it is possible to configure additional hosts via playbook variables:
tincvpn_extra_hosts:
- name: externalnode1
address: externalnode1.example.com
public_key: |
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
- name: externalnode2
address: externalnode2.example.com
public_key: |
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
tincvpn_routes:
- network: "192.168.254.0/24"
gateway: "192.168.255.1"