Did you used any files from post I linked before? There is experimental protocol set to yes and I'm using ed25.... Keys only. Maybe there is a problem?
Posts by Borygo77
-
-
What version you use on other devices? I'm connecting to libreelec from android tinc which is 1.1pre17 and installed same version on Ubuntu on my work machine. Works no hassle since day one and is 4 times faster than openvpn..
-
Have a look here
and read some earlier posts as well. Not sure why Klojum relating own vpn to piracy but that not my interest....This is my tinc.start file in /storage/.kodi/addons/http://service.system.tinc/bin
Bash
Display More#!/bin/sh # SPDX-License-Identifier: GPL-2.0 # Copyright (C) 2016-present Team LibreELEC (https://libreelec.tv) . /etc/profile oe_setup_addon service.system.tinc DIR_LEGACY="$ADDON_HOME/vmnet_htpc" if [ -d "$DIR_LEGACY" ]; then echo "Warning: using legacy configuration $DIR_LEGACY, ignoring Kodi settings" tincd --config "$DIR_LEGACY" --no-detach --net=vmnet_htpc exit $? fi [ -z "$tinc_loglevel" ] && tinc_loglevel="1" NET="vmnet_le" NAME="${tinc_subnet//./_}" CONF_KEYS="/storage/.cache/tinc.$NET" CONF_TINC="/run/tinc/$NET" DATA_LOCAL="$ADDON_HOME/Local" DATA_REMOTES="$ADDON_HOME/Remotes" rm -fr "$CONF_TINC" "$DATA_LOCAL" &> /dev/null if [ ! -d "$CONF_KEYS" ]; then rm -fr "$CONF_KEYS" &> /dev/null mkdir -p "$CONF_KEYS" tinc --batch --config "$CONF_KEYS" generate-ed25519-keys fi if [ ! -d "$DATA_REMOTES" ]; then rm -fr "$DATA_REMOTES" &> /dev/null mkdir -p "$DATA_REMOTES" fi if [ "$tinc_subnet" == "0.0.0.0" ]; then echo "Warning: default subnet $tinc_subnet, aborting" exit fi if [ -e "$DATA_REMOTES/$NAME" ]; then echo "Error: $NAME in $DATA_REMOTES, aborting" exit fi mkdir -p "$CONF_TINC" cp -RT "$ADDON_DIR/config" "$CONF_TINC" chmod +x "$CONF_TINC"/*-* ln -sf "$DATA_REMOTES" "$CONF_TINC/hosts" tee >> "$CONF_TINC/tinc.conf" << EOF Ed25519PrivateKeyFile = $CONF_KEYS/ed25519_key.priv LogLevel = $tinc_loglevel Name = $NAME EOF mkdir -p "$DATA_LOCAL" if [ -n "$tinc_address" ]; then echo "Address = $tinc_address" >> "$DATA_LOCAL/$NAME" fi cat "$CONF_KEYS/ed25519_key.pub" >> "$DATA_LOCAL/$NAME" tee -a "$CONF_TINC/tinc.conf" >> "$DATA_LOCAL/$NAME" << EOF Port = $tinc_port Subnet = $tinc_subnet EOF tincd --net "$NET" --no-detachAfter this you need to create vmnet_htpc folder in addon folder with normal tinc config and addon will start using this and not defaults
-
Delete please ๐
-
Ah got you now. Well I'm using tinc addon and got access to whole home network from my workplace over one tcp port. It's slower than sshfs I was using before but just feeling more comfy with it.
There is plenty of addons you can use. Wireguard is build in to Libre as well. If you can open one udp port it should be blazing fast.
Just don't get what bottleneck you talking about? 40ms to resolve your domain name? ๐
-
If you "only use LibreELEC within my home network" why would you bother about passwords or open ports ?
-
why dont you use samba?
-
Here you have simple sample of working samba share...
192.168.1.111 is my other libreelec machine with 6TB of storage....
This file is placed in /storage/.config/system.d/ folder
Code
Display More[Unit] Description=test cifs mount script Requires=network-online.service After=network-online.service Before=kodi.service [Mount] What=//192.168.1.111/recordings/timeshift Where=/storage/.kodi/userdata/Timeshift Options=username=guest,rw,vers=1.0 Type=cifs [Install] WantedBy=multi-user.target -
I just couldn't resist, didn't want to wait any longer and have settled my mind on the cheapest possible suitable intermediate solution, so I have now ordered a X96 Air with 4 GB RAM / 64 GB eMMC for 41.36 EUR = US $48.70 including express shipping from Germany.
Thanks a lot for your guidance!
Can you post a link to vendor or message me prive where did you got it from please.
Need to get something fresh for myself as Im running daily on old s905x from sd card....
-
Good for ya!
Enjoy -
-
-
All sorted! If anyone is looking for help I can provide full support with configs to get full tunel working
Thank you awiouy!
-
So what would be best? I might try do same Subnet as my home Subnet is for vpn and try bridge eth0 with tun0.
I don't think I can add static routes in Fritzbox which I got from my network provider. Again. Would like to have my openwrt as main router but this won't serve 1gbps connection
I'm really thankful that you answering all my question but I'm feeling really dumb speaking about networks, bridges and forwardings.. ๐ณ
edit; I do actually found this just now ๐
Configuring a static IP route in the FRITZ!Box | FRITZ!Box 4040 | AVM International
Might try this first....
-
Everything I was reading always said to not make vpn subnets same as host subnet is or you will get in troubles?
And it actually doesn't work when I change setup to 192.168.1.200 and 192.168.1.0/24 subnet
Got also tp-link 1043v1 but it'll be too weak to serve any files for me I'm afraid
My htpc old machine with x86 arch is working for me as emby server and is quite doing nothing so why not to give it another life ?
It was quite loud in living room so I switched to amlogic as my players connected to htpc....
Think all I miss id some route from network 10.0.0.0/24 to 192.168.1.0/24 but I'm so lost with linux that I got no idea how to add it
This is friend of mine OpenVPN server on strong machine
CodeKernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default _gateway 0.0.0.0 UG 0 0 0 enp1s0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0And this is how mine looks like
CodeKernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default fritz.box 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 * 255.255.255.0 U 0 0 0 tun0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 192.168.1.254 * 255.255.255.255 UH 0 0 0 eth0And my proper iptables
Code
Display More*nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j SNAT --to-source 185.178.71.131 COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] -A FORWARD -i tun0 -s 10.0.0.0/24 -d 0.0.0.0/0 -j ACCEPT -A FORWARD -i eth0 -s 0.0.0.0/0 -d 10.0.0.0/24 -j ACCEPT :OUTPUT ACCEPT [0:0] COMMIT -
awiouy I begging you now for help!
I know you mastered all those things as I've seen your posts from years back about tinc...After couple days ofr esting from it I'm back with new ideas
Managed to get my own config like you said using "$DIR_LEGACY" in your tinc.start
So far so good. I'm connected and vpn ip works (can browse 10.0.0.1
Need to add my home subnet and if possible have my home ip address as main mobile ip.
Here is my tinc.conf
Code
Display MoreName = vpn AutoConnect = yes Interface = tun0 AddressFamily = ipv4 ExperimentalProtocol = yes Ed25519PrivateKeyFile = /storage/.kodi/userdata/addon_data/service.system.tinc/vpn/ed25519_key.priv PrivateKeyFile = /storage/.kodi/userdata/addon_data/service.system.tinc/vpn/rsa_key.priv LocalDiscovery = yes Broadcast = mst LogLevel = 3 Mode = router Port = 5721tinc-up
Bash#!/bin/sh ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0tinc-down
Bash#!/bin/sh ip addr del 10.0.0.1 dev $INTERFACE ip link set $INTERFACE downhosts/server
Code
Display MoreAddress = xxx.xxx.co.uk Subnet = 10.0.0.1/32 Subnet = 192.168.1.0/24 Port = 5721 -----BEGIN RSA PUBLIC KEY----- ================== -----END RSA PUBLIC KEY----- Ed25519PublicKey = ===================hosts/mobile
CodeSubnet = 10.0.0.2/32 Subnet = 192.168.1.0/24 Ed25519PublicKey = ================================= Port = 11443CodeHTPC:~ # ip route default via 192.168.1.254 dev eth0 10.0.0.0/24 dev tun0 scope link src 10.0.0.1 172.17.0.0/16 dev docker0 scope link src 172.17.0.1 172.18.0.0/16 dev br-cb2fc26669fb scope link src 172.18.0.1 192.168.1.0/24 dev eth0 scope link src 192.168.1.111 192.168.1.254 dev eth0 scope link -
Then use the --config flag of the tinc/tincd commands to store your custom configuration in a separate directory, and follow the tinc documentation. It should not be too hard
Awiouy my tinc connection works.. I can browse samba shares on libreelec but nothing else in my home network... Forwarding is enabled but I would probably need to change some routes I think to get it going? Or whole setup need to be changed?
-
I think I'm too stupid for it
