tinc-vpn:T766:Initial support for tinc VPN

Author: jack9603301

data/configd-include.json

@@ -26,6 +26,7 @@
 "interfaces-wireguard.py",
 "interfaces-wireless.py",
 "interfaces-wirelessmodem.py",
+"interfaces-tinc.py",
 "ipsec-settings.py",
 "lldp.py",
 "nat.py",
@@ -60,4 +61,4 @@
 "vrf.py",
 "vrrp.py",
 "vyos_cert.py"
-]
+]

data/templates/tinc/hosts_config.tmpl

@@ -0,0 +1,8 @@
+{% for prefix in subnets %}
+Subnet = {{ prefix }}
+{% endfor %}
+{% for addr in local_address %}
+Address = {{ addr }}
+{% endfor %}
+Port = {{ port }}
+

data/templates/tinc/tinc-down.tmpl

@@ -0,0 +1,2 @@
+#!/bin/sh
+ip link set {{ ifname }} down

data/templates/tinc/tinc-up.tmpl

@@ -0,0 +1,5 @@
+#!/bin/sh
+{% for addr in address %}
+ip addr add dev {{ ifname }} local {{ addr }}
+{% endfor %}
+ip link set {{ ifname }} up

data/templates/tinc/tinc.conf.tmpl

@@ -0,0 +1,108 @@
+Name = {{ node_name }}
+Interface = {{ ifname }}
+Mode = {{ device.mode }}
+Compression = {{ compression_level }}
+Cipher  = {{ encryption.cipher }}
+Digest  = {{ encryption.digset }}
+{% if resolve_hostname %}
+Hostnames = yes
+{% else %}
+Hostnames = no
+{% endif %}
+PrivateKeyFile = {{ private_keyfile }}
+Broadcast = {{ broadcast_type }}
+{% if disable_resolve_hostname %}
+DecrementTTL = no
+{% else %}
+DecrementTTL = yes
+{% endif %}
+{% if direct_only %}
+DirectOnly = yes
+{% else %}
+DirectOnly = no
+{% endif %}
+Forwarding = {{ forwarding_option }}
+{% if iff_One_Queue %}
+IffOneQueue = yes
+{% else %}
+IffOneQueue = no
+{% endif %}
+KeyExpire = {{ key_expire }}
+{% if local_discovery %}
+LocalDiscovery = yes
+{% else %}
+LocalDiscovery = no
+{% endif %}
+MACExpire = {{ mac_expire}}
+MaxTimeout = {{ max_timeout }}
+PingInterval = {{ ping_interval }}
+PingTimeout = {{ ping_timeout }}
+{% if priority_inheritance %}
+PriorityInheritance = yes
+{% else %}
+PriorityInheritance = no
+{% endif %}
+ProcessPriority = {{ priority }}
+ReplayWindow = {{ replay_window }}
+{% if strict_subnets %}
+StrictSubnets = yes
+{% else %}
+StrictSubnets = no
+{% endif %}
+{% if tunnel_server %}
+TunnelServer = yes
+{% else %}
+TunnelServer = no
+{% endif %}
+{% if clamp_mss %}
+ClampMSS = yes
+{% else %}
+ClampMSS = no
+{% endif %}
+{% if indirect_data %}
+IndirectData = yes
+{% else %}
+IndirectData = no
+{% endif %}
+MACLength = {{ mac_length }}
+PMTU = {{ mtu }}
+{% if disable_PMTU_Discovery %}
+PMTUDiscovery = no
+{% else %}
+PMTUDiscovery = yes
+{% endif %}
+{% if TCP_Only %}
+TCPonly = yes
+{% else %}
+TCPonly = no
+{% endif %}
+DeviceType = {{ device.type }}
+{% if udp_rcv_buf %}
+UDPRcvBuf = {{ udp_rcv_buf }}
+{% endif %}
+{% if udp_snd_buf %}
+UDPSndBuf = {{ udp_snd_buf }}
+{% endif %}
+{% if proxy and proxy.type %}
+{% if proxy.type == 'socks5' %}
+Proxy = {{ proxy.type }} {{ proxy.address }} {{ proxy.port }} {{ proxy.username }} { proxy.password }}
+{% elif proxy.type == 'socks4' %}
+Proxy = {{ proxy.type }} {{ proxy.address }} {{ proxy.port }}{{ proxy.username }} 
+{% elif proxy.type == 'http' %}
+Proxy = {{ proxy.type }} {{ proxy.address }} {{ proxy.port }}
+{% elif proxy.type == 'exec' %}
+Proxy = {{ proxy.type }} {{ proxy.exec }}
+{% endif %}
+{% endif %}
+{% if connect %}
+ConnectTo = {{ connect }}
+{% endif %}
+{% if bind_address %}
+BindToAddress = {{ bind_address }}
+{% endif %}
+{% if bind_interface %}
+BindToInterface = {{ bind_interface }}
+{% endif %}
+{% if graph_dump_file %}
+GraphDumpFile = {{ graph_dump_file }}
+{% endif %}

debian/control

@@ -112,7 +112,8 @@ Depends:
   wireguard-tools,
   wireguard-modules,
   wireless-regdb,
-  wpasupplicant (>= 0.6.7)
+  wpasupplicant (>= 0.6.7),
+  tinc
 Description: VyOS configuration scripts and data
  VyOS configuration scripts, interface definitions, and everything