tinc VPN 試用心得

選擇用tinc的原因是因為官網的這句話.

Automatic full mesh routingRegardless of how you set up the tinc daemons to connect to each other, VPN traffic is always (if possible) sent directly to the destination, without going through intermediate hops.

不過到我架設起來為止並沒有成功的建立起P2P的連線. 反而是ZeroTier 成功了, 而且ZeroTier不用自己架Server, 滿方便的.

Install

Debian Linux: sudo apt install tinc

Windows: 官網載點

tinc架設方式, 把sun-moon兩台windows 作VPN連線, moon 可以遠端桌面到sun這台PC上.

Server & Client所需的設定檔基本上是一樣的, key 在3台設備都要有

server	client1	client2
tinc.conf	tinc.conf	tinc.conf
tinc-down	rsa_key.priv	rsa_key.priv
tinc-up	hosts/main	hosts/main
rsa_key.priv	hosts/client1	hosts/client1
hosts/main	hosts/client2	hosts/client2
hosts/client1
hosts/client2

設定

linux可參考 使用 Tinc VPN 实现远程办公

Windows可參考 官方教學windows-install

測試

client1(192.168.100.100) ping Server (192.168.100.1), latency 194ms

client2(192.168.100.101) ping server (192.168.100.1), latency  198ms

client2(192.168.100.101) ping client1 (192.168.100.100) , latency 394 ms

基本上就是透過server relay 封包的時間( client1 to server + server to client2). 

雖然client1 可以看到 client2 外部ip 地址 (而非server), 但P2P似乎沒有生效. 

Note1. 實際上client1 & Client2 都是在同一個地區, Server架在美國, 點對點 ping 值應為12ms
Note2. ZeroTier 後來在sun(北部)和moon(中部)試了一下 ,結果也失敗了, ping 值有兩種, 在129ms或327ms 左右. 而且有時會斷斷續續的, 不太穩定.

References

• tinc Example  
• tinc Manual  
• ZeroTier  

syslogd: logging different device's log to different files on windows

Most of the syslog server (syslogd) on Widows cannot change the default listening port number (udp 514). 

If there are may devices remote syslog to a syslog server with dynamic ip address, without correct host name, it may not able to know which log belongs to which device. 

One simple way is to run multiple syslogd with different port number, and log to different log file. So each device has its own log file. 

I found that syslog4j already implement syslog server with configurable port number and log file name:

Usage:

SyslogServer [-h <host>] [-p <port>] [-o <file>] [-a] [-q] <protocol>

-h <host>    host or IP to bind

-p <port>    port to bind

-t <timeout> socket timeout (in milliseconds)

-o <file>    file to write entries (overwrites by default)

-a           append to file (instead of overwrite)

-q           do not write anything to standard out

protocol     Syslog4j protocol implementation (tcp, udp, ...)

Example:

Run sysylogd on port 514 and log to log1.txt

# java -cp syslog4j.jar org.productivity.java.syslog4j.server.SyslogServer -p 514 -o log1.txt -a -q udp

Run sysylogd on port 515 and log to log2.txt

# java -cp syslog4j.jar org.productivity.java.syslog4j.server.SyslogServer -p 515 -o log2.txt -a -q udp

You can run many syslogd as long as port number is different. 

1. http://www.java2s.com/Code/Jar/s/Downloadsyslog4jjar.htm

2. https://github.com/syslog4j/syslog4j